In Visma Addo our first priority is security. People choose digital signatures for being the most secure type of electronic signature, thus digital signatures differ from a normal signature because digital signatures provide you with the highest level of assurance about the signers’ identity and the authenticity of the documents they sign.

User and Permission Management

With Visma Addo, it is possible to control permissions connected to the user profiles associated with your account. Each user will receive a username and password to be used when they log in. As an administrator, you can assign permissions to different user profiles according to the access the user needs.

Automatically logged out if inactive

If you are inactive for 15 minutes, you will automatically be logged out of Visma Addo. This is to ensure that no one but the users can access their Visma Addo account in case the user has forgotten to log out.

Storing of documents

Visma Addo is a transactional solution, therefore, Visma Addo only stores documents up to 10 days after the transaction is set to expire, after which the documents will be deleted.
It is very important that you make sure to save a copy of the signed documents or store them directly in your digital archive.

Encrypted transmission of data and industry standards

Visma Addo uses a security model where all communication and passwords are encrypted and transmitted through https. This security model ensures that the various parties can only access their own data and no other parties’, thus ensuring the safety of any sensitive personal information. Only the administrator of the Visma Addo account is granted access to the documents that the users send through Visma Addo. With Visma Addo, you get a safe solution. To establish secure communications, Visma Addo is using a wide range of industry standards. To read more information about the encryption in Visma Addo, you should read this article.

Validity of the signature

An electronic signature that is technically implemented in a document, based on the PAdES standard, is referred to as an AES (Advanced Electronic Signature). This means that the signature meets the requirements of the eIDAS regulation for an AES and can therefore not be denied its validity by any organization in a European country. An electronic signature that complies with the PAdES standard can therefore be used as proof of authenticity because of the identity of the secure signatory, using the eID that has been used to sign or identify with. It is also the signer and recipient of the document's security that no changes have been made after the signature has been set and that the signatory intended to sign the document.

There are therefore some requirements that apply for an electronic signature to be valid:

• The signature is directly linked to the signatory, as the signature is unique and can be traced back to the signatory.
• It is possible to identify the signatory, as the signer has sole control over the data that has been used to make the electronic signature.
• It is possible to identify the smallest change in the document after it has been signed and therefore appears invalid.
• The document is attached to a certificate for the electronic signature. This stamp is proof of the signatory's identity and links the validated data of the electronic signature to the signatory.
  
  

Visma Addo is therefore compliant with digital signatures and can vouch for its validity.

Technical Security Surrounding the Signature in Visma Addo

For a signature to be valid, either digital or physical, the signature must meet the following three basic requirements:

1. Signer Authentication
2. Content Integrity
3. Non-repudiation

These three basic requirements will be described below and also explain how Visma Addo meets these requirements with digital signature.

Signer Authentication

This requirement stipulates that we have security for signer’s identity. Visma Addo provides different authentication methods i.e. NemID, SMS code, BankID or SITHS to authenticate the signer's identity and demonstrate proof of signing.

To further increase security, when you use Nemid, the unique PID (Personal Identifier) is also printed on the document, assuring that the signer’s certificate is cryptographically bound to the document.

Furthermore, the signed document will always be locked for any changes no matter the signing method, the document has a timestamp with a certificate from a trusted third-party. All the cryptographically signing proofs are embedded in the PDF, in case it should be used to validate the signing in the future.  

In Norway and Sweden, BankID is the most widely used solution, and in Denmark, NemID is the most secure way of attaching a digital signature to a physical person. These signing methods are all supported by Visma Addo.

Content Integrity

Visma Addo is designed to keep your documents secure and prevent tampering of the documents. When a document is signed using Visma Addo, a unique Visma Addo identification number is printed on the document. Also a “checksum” is created based on the document content including the unique identification number. Visma Addo acts as a kind of notary on the signed document. Every step is captured in a secured audit trail and makes it extremely easy to verify if the signed document has been modified since it was signed. If the document changes after signing, the digital signature is invalidated.

Non-repudiation

Non-repudiation is important for Visma Addo. In this section, it is explained how non-repudiation is achieved using Visma Addo.

Non-repudiation can be achieved using one of the official public signatures (Nemid, BankID, etc) - either signing directly with a public signature or in combination with other forms of signature in Visma Addo.

These are signatures with an eID, which is approved by the eIDAS regulation, confirming its validity and that this does not make it possible to reject its authenticity in relation to a digital signature.