Data stored in Visma Addo are stored in Itadel and follows local European regulations and requirements regarding protection of data privacy. Physical measures to protect data includes:
- Locked and alarmed with 24/7 surveillance.
- External and internal video monitoring and traceability of access to the premises.
- Environmental control.
- Uninterruptible power supply regularly tested against fictional power outages.
Services designed for security
From planning to deployment of new services or features, we follow our Security Development Lifecycle, meaning that security requirements are embedded and measured during development. Security requirements are based on a combination of legal, sector, client, best practices and compliance with privacy laws and regulations.
- We perform security audits and penetration testing using both internal and external experts.
- Our services are tested to ensure resilience against attacks like SQLi, XSS and CSRF, session hijacking, and other threats. Our baseline is OWASP top 10.
- The minimum Security Requirements that all development teams follow are:
- Passwords are never stored as text but are always “hashed and salted” server side. This means that even we at Visma are unable to find out what your password is. If you lose your password, you must generate a new one in your trusted environment.
- Communication is always via an encrypted connection.
Monitoring and protection
When making our services available to our customers, they are carefully monitored. This includes continuous scanning for vulnerabilities, monitoring of intrusion attempts as well as abuse detection. Denial-of-service (DDoS) attack prevention.
When incidents occur, we have a dedicated Security Incident team that provides the necessary coordination, management, feedback and communication. They also have responsibility for assessing, responding to and learning from information security incidents to make sure that we minimise the risk of them reoccurring.
Protection of information
- All our staff are covered by confidentiality agreements.
- All Visma staff are located in Europe.
- Our staff only have access to the systems and functions they need to perform their tasks.
- Our staff are bound by guidelines and rules as well as supervised and monitored when accessing client specific information.
- Access to your stored information is limited to a few people in operations and technical support. Other support staff will only see your information when you actively approve it, for example via a support case. We comply with applicable rules of retention of accounting records.
- Visma have extensive internal security guidelines, security reviews as well as a strong security organisation.