How Visma protects you and your information

Visma has been offering internet solutions since 2007, and over the years we have established processes, methods and technologies to meet our customers' needs for security, privacy and accessibility.

The nature of threats is constantly changing, so security awareness is a natural part of our development process and we constantly strive to become even better.

For many reasons, we cannot reveal details of our security processes, but here are some examples of how we work to ensure that you, our customers, can feel safe and secure.

How do we ensure that your customer information is safe in Visma’s hands?

  • All our staff are covered by confidentiality agreements.
  • Our staff only have access to the systems and functions they need to perform their tasks.
  • Access to your stored information is limited to a few people in operations and technical support. Other support staff can only see your information when you actively approve it, for example via a support login.
  • We comply with the rules of retention of accounting records specified in the Swedish Accounting Act.

How do we ensure that your services are up and running?

  • Backups are taken several times daily and copies are stored geographically separate from the operating environment.
  • Redundant (at least two independent) connections to the data centre. In case of a service interruption there is an automatic transfer to a functioning connection, usually without the service being affected.
  • Redundant (at least two independent) network and server units. In case of a fault, the connection is automatically transferred to a functioning unit, usually without the service being affected.

How do we protect and monitor data traffic?

  • Automated systems to detect, deter and prevent intrusion and abuse.
  • Anycast networks for DNS services.

How do we protect your information against cyber-attacks?

  • We perform security audits and penetration testing using both internal and external experts.
  • Passwords are never stored as text, but are always “hashed and salted”. This means that not even staff at Visma can find out what your password is. If you lose your password, you must generate a new one.
  • Communication is run via an encrypted connection.
  • Our services are tested to handle recurrent attacks from, for example, SQLi, XSS and CSRF, session hijacking, and other threats.

How do we physically protect your information?

  • Our data centre is locked and the alarms are set following Protection Class 2 regulations.
  • Video monitoring and traceability of access to the premises.
  • Redundant climate control with environmental monitoring of gas, moisture, heat and water.
  • Fire alarm with automatic firefighting equipment.
  • Uninterruptible power supply, regularly tested against fictional power outages.
  • Some of our services use Microsoft Azure and its data centres in northern Europe for storage of information. These data centres run around the clock and ensure operations by protecting against power outage, physical intrusion and network outage. They conform to recognised industry standards of physical security and reliability, including ISO/IEC 27001:2005. The information is transferred and stored in Sweden for compliance with the rules of retention of accounting records, specified in the Swedish Accounting Act.
  • Some of our services are delivered via a network of global data centres that are run around the clock, and which in various ways ensure operations by protecting against power outage, physical intrusion and network outage. These data centres conform to recognised industry standards of physical security and reliability, including ISO/IEC 27001:2005.

Which guarantees and conditions apply?

  • The relationship between Visma and our customers regarding our services is governed by Visma's terms of use.

Terms of use for Visma Spcs websites

Terms of use for Visma.net

Glossary

Redundancy

A method to increase reliability by allowing two or more units (e.g. network or hardware) to work in parallel with the same information, providing a reflection of each other. If one of them breaks down, the other one takes over.

Anycast network

An industry standard for addressing name resolution traffic (DNS) over the internet, which gives servers the highest possible availability across the world and also prevents cyber-attacks.

Penetration testing

A way of attempting to identify security weaknesses by penetrating security systems.

Hashing

A hashing function is an algorithm or mathematical function that can, for example, transform a password to a kind of fingerprint that cannot be decrypted.

Salting

A method to prevent hacking by adding information before or after the hashed password.

SQLi

SQL injection is a way to exploit security vulnerability in applications working with a database. The idea is to make a direct database query that circumvents the login system, and allows the manipulation of data.

XSS

Cross-Site Scripting is a method whereby code is embedded in a site's input data, thereby changing its functionality or appearance.

CSRF

Cross-Site Request Forgery is when an attacker aims to gain control of your web application to perform the functions as if it were an authorised user.

Session hijacking

A method where an attacker steals a logged in, open, user connection and thereby can execute commands.

Read more about how Visma protects your information at Visma Trust Centre.