Alerts and Advisories
Visier takes pride in its role as a responsible employer and service provider. Keeping our customers informed on matters that could potentially impact them is important to us.
December 22, 2022
On December 21, 2022, Visier became aware of an unauthorized access and copy of Okta’s source code repository through their public disclosure. Visier services are not affected. Our security team have assessed this incident to understand impact, working with Okta. We will continue to monitor and assess the situation and update this page with any significant developments made available by Okta.
November 2, 2022: Visier Response to Recent Open SSL Vulnerability
On November 1, 2022, the OpenSSL organization disclosed two high-severity vulnerabilities in version 3.0 (CVE-2022-3602 and CVE-2022-3786). Visier services are not affected and no customer action is required. A multidisciplinary team has been working together to identify, monitor and assess our systems. We will continue to assess this and work with any vendors affected by this vulnerability and update this page with any significant developments.
March 25, 2022: Visier Response to Recent Okta Compromise
Visier is committed to providing secure services to our customers. Our technical and operational teams have been monitoring our environments closely. As of March 25, 2022, Visier has not observed any indicators of compromise from the recent Okta security compromise. We also confirmed with Okta directly that Visier was not impacted. We will continue to monitor and assess the situation and update this page with any significant developments.
March 22, 2022: Visier Response to Recent Okta Compromise
On Tuesday, March 22, 2022, based on publicly available information, Visier became aware of a possible security compromise within Okta’s corporate environment. A multidisciplinary team is working together to monitor our systems for any indicators of compromise. We will continue to assess the situation as it evolves and update this page with any significant developments.
January 27, 2022: Update #3 — Visier response to Apache Log4j vulnerability
Visier has been continuously monitoring our internal environments and assessing the situation. As of January 27, 2022, we continue to be free of any indicators of compromise from Apache Log4j.
Visier’s internal compliance and Third-Party Risk Management (TPRM) teams have been proactively assessing whether any of our key vendors were impacted by the recent Apache Log4j vulnerabilities, and the status of remediation activities (if any). Based on the vendors’ responses and to the best of our knowledge, our critical vendors have not been impacted by this incident to date.
We will continue to assess the situation as it evolves and update this page with any significant developments.
December 20, 2021: Update #2 — Visier response to Apache Log4j vulnerability
In addition to already having deployed countermeasures on December 10th, 2021 (i.e. blocking all relevant traffic, disabling the vulnerable feature in log4j), we have removed all instances of Apache Log4j from our application as of December 15th, 2021.
Our operational teams have been monitoring our internal environments very closely. As of December 20th, 2021, we have not observed any indicators of compromise from Apache Log4j. We are actively working with our critical vendors to determine whether they have been impacted, and to validate that affected parties have performed appropriate remediation activities.
Visier leverages a layered defence strategy to identify and prevent such threats, and maintains robust detection and monitoring measures to promptly alert relevant operational teams of any potential exploitations. Should we become aware of any unauthorized access to customer data, we will notify impacted customers without undue delay.
We will continue to assess the situation as it evolves and update this page with any significant developments.
December 13, 2021: Visier response to Log4j vulnerability
On Thursday, December 9th, 2021, Visier became aware of the newly discovered zero-day vulnerability in the Java logging library Apache Log4j. A multidisciplinary team of senior engineers immediately worked together to monitor our production systems for unusual activity, identified systems at risk, and ultimately deployed a fix.
As of Friday, December 10th, at approximately 23h UTC, a fix was tested and deployed to our production systems. As of today (Monday, December 13th), there has been no evidence of anyone exploiting the log4j vulnerability in our systems. Visier has contacted its critical service-providers to validate that affected vendors have taken appropriate actions to remediate the issue on their systems.
We have been, and will continue, monitoring the system to safeguard the security of your data.
For more information, please refer to our FAQ.
July 15, 2021: Visier Response to Kaseya VSA Ransomware Attack
Visier became aware of a recent supply-chain ransomware attack that exploits a vulnerability in Kaseya VSA software. We would like to confirm to our customers and stakeholders that Visier does not currently use Kaseya VSA software (both on-premise or SaaS hosted), nor used it in the past in any environment. Further, our internal compliance and Third-Party Risk Management (TPRM) teams have contacted our Tier 1 vendors and have determined that they have not been impacted by this incident.
Visier is committed to providing secure and reliable services to our customers. Our Security and Compliance teams will continue to monitor the situation for any significant developments.
April 19, 2021: Visier Response to Microsoft Exchange Server Vulnerabilities
Continuous monitoring of risks and events that could potentially impact Visier (and our customers) is at the center of our comprehensive risk management program. Based on several cyber security sources (including CISA, CCCS), we were recently made aware of several critical vulnerabilities within Microsoft Exchange Servers which threat actors can exploit to gain access to systems, compromise data, and perform other malicious actions:
To learn more about this incident, please visit the Microsoft Security Response Center.
Visier teams — including Governance Risk and Compliance (GRC), Information Security (IS), Information Technology (IT), and Site Reliability Engineering (SRE) — have worked together to investigate any impacts of this incident to Visier. We would like to confirm to our customers and stakeholders that Visier does not currently use Microsoft Exchange Servers (both on-premise or hosted) nor used it in the past in any environment.
Visier’s internal compliance and Third-Party Risk Management (TPRM) teams are proactively assessing whether any of our key vendors have been impacted by the recent Microsoft Exchange Server vulnerabilities, and the status of remediation activities (if any). While this assessment is still ongoing, to the best of our knowledge our critical vendors have not been impacted by this incident.
Our internal teams are continuing to monitor the developments of this cyber incident and will deploy additional actions, as necessary.
December 22, 2020: Visier Response to Recent SolarWinds Sunburst Vulnerability
As part of our vendor risk management program, Visier periodically assesses its third-parties and continually monitors the global and technical landscape for emerging risks. This includes any major incidents and events that could potentially impact Visier and its supply-chain.
Based on SolarWinds’ Security Advisory and publicly available information, in December 2020, SolarWinds experienced a cybersecurity attack where hackers injected the Sunburst vulnerability into SolarWinds’ Orion Platform software builds.
We would like to confirm to our customers and stakeholders that Visier does not use SolarWinds, and has not been impacted by the recent SolarWinds Sunburst backdoor supply-chain attack.
Maintaining the security and reliability of Visier products and services is our highest priority. Much like other organizations, we depend on our vendors to support our day-to-day processes and operational activities. In light of this incident, Visier’s internal compliance and Third-Party Risk Management (TPRM) teams are proactively assessing whether any of our key vendors have been impacted by the SolarWinds Sunburst cyberattack, and the status of remediation activities (if any). While this assessment is still ongoing, to the best of our knowledge our critical vendors have not been impacted by this incident.
March 12, 2020: A Letter to Our Customers from John Schwarz, CEO and Founder
Dear Visier customers,
As I know that the ongoing Covid-19 epidemic is top of mind for many of you, I am writing this letter to update you on the actions our company is taking in response to this situation.
First, let me assure you that we do not expect to see any service interrupts due to Covid-19. As always, we are doing our best to ensure that our Visier People® services remain accessible and uninterrupted during this time.
Internally, our main focus is on the continued health and safety of both our employees, and you, our customers. We have a comprehensive business continuity plan in place that includes safety protocols, travel guidance, and remote work contingencies. We are also actively running simulations to ensure we are fully prepared in the event of a change in our work environment. With regards to business travel, for now, we have stopped all non-essential travel and are assessing any other travel needs on a case-by-case basis.
During these times, it is incredibly important for us to maintain healthy relationships with you, our customers. That means ensuring we remain available and in contact, while still attempting to limit personal exposure for the benefit of everyone.
While we hope our normal sales and service relationships will be able to continue as usual, we understand that like us, many organizations are adopting their own precautionary policies to reduce the potential risk to their employees and partners. To limit disruption as much as possible, we can employ one of the many video meeting technologies available for future meetings in this manner. Zoom is our preferred method of communication, but we can work with your teams on what tools are best. Essential and critical in-person meeting requests will be considered, and we will generally permit travel for such meetings under the guidelines of the health and safety authorities in those regions.
As you know, our annual Outsmart conference has been scheduled for May 6-8 in Orlando. We are actively assessing the current situation and will keep you up to date on any changes we make.
As always, we thank you for your business and trust in Visier. Please feel free to reach out with any questions or concerns you may have.
John Schwarz CEO and Founder
March 11, 2020: Visier Response to Covid-19 by Paul Rubenstein, Chief People Officer (CPO) and Nigel Stoodley, Chief Customer Officer (CCO)
The health and safety of Visier customers, their employees, and our employees is very important to us. Visier’s Executive Management team is continuing to closely monitor the global situation while our cross-functional teams have taken preemptive actions to minimize business and service disruptions across our global offices.
It is paramount that we do everything we can to keep everyone safe during this period of uncertainty. Therefore we have taken the following actions:
- Visier has a Pandemic plan to ensure business continuity.
- As an organization, we are erring on the side of caution, and we have suspended travel for our employees through to April 30 to help limit the possibility of any virus transmission to our customers and to our employees. We are actively reviewing and updating the travel suspension as the situation changes.
- We have instituted a workplace health protocol in the event any employee might be exposed to Covid-19.
- We have prepared for an extended outbreak or city-wide quarantine at our work locations, and have tested our continuity plans that include remote work capabilities.
- Visier has a secure and highly robust infrastructure to support employees working remotely for an extended period of time. As per Visier’s SOC 2 controls, our existing technical controls restrict all remote access to our networks only via encrypted and secure means.
- To ensure we have a process robust enough to protect our employees and visitors, we have also deployed other precautions such as:
- Increasing our cleaning specification in high traffic areas within our offices.
- Preparing for and developing protocols to respond to suspected and confirmed cases Covid-19.
- Engaging with specialist contractors, so that should an incident occur, we are able to deploy a team to fully disinfect any of our offices.
As we continue to monitor changes in the global landscape, we will update this site to keep customers informed of our responses.