Policies for information security

Does Visma Software have security policies?

Yes, as a part of our ISO 27001:2002 certification for VCDM.

Information security policy and topic-specific policies is defined, approved by management, published, communicated to and acknowledged by relevant personnel and relevant interested parties, and reviewed at planned intervals and if significant changes occur.

5.1.1 Policies for information security
- VCDM Policy Portal
- PO: VCDM Policy - Secure Application Development and delivery ISMS
- PO: VCDM Policy - Privileged Access

5.1.2 Review of the policies for information security
- VCDM Steering Group
- VCDM Management review Portal
- VCDM QIG

Visma Software has both general IT policies and guidelines for all employees and VCDM specific policies.

Example of general policies: Passwords, Acceptable use, Working in public areas, Mobile device and removeable storage, Saas usage, Personal computer, Information Security, Google drive, Exception, Pysical access, Email, Information Security Risk Managment, Patching.

A common question is our password policies. For the cloud services that we provide the password policy is minimum 8 char, upper, lower, special char and number. Customers can change the password policy in the self service policy portal. This includes options for 2FA, whitelisting and more. See Visma Software security whitepaper for additional information about our IDP Visma Connect and more details related to application security and controls.

Visma internal password requirements are minimum 15 characters. Service accounts requires 20 characters. 2FA is mandatory for all Visma user accounts.