Visier Corporate Policies

Overview

Policies are key in helping Visier achieve its organizational and IT governance objectives, operations, and strategic plans. Furthermore, they play an important role in ensuring Visier continues to protect information assets, systems and personnel while meeting customer commitments.

Policy Composition

Visier’s policies are designed to reinforce accountability to internal and external stakeholders, consider business risks and applicable regulatory requirements, and assist in the implementation of internal controls that ensure information assets, systems and personnel are adequately safeguarded. Each policy defines and adheres to the following format:

• Purpose: Provides objectives and background information related to the policy.
• Scope: Defines the assets, personnel, or domains the policy applies to.
• Policy Requirements: Contains policy statements that relate to key areas of the policy topic.
• Roles and Responsibilities: Defines roles and responsibilities of stakeholders and/or teams that are key in developing, maintaining and implementing the policy.
• Violation and Exceptions: Describes disciplinary measures upon failure to comply with the policy.
• Definitions: Defines meaning to key terms within the policy.
• References: Provides references to the standards, frameworks and/or regulations the policy is based on.
• Approval and Revision History: Tracks policy versions, type of revisions, approval and reviewer information.

Visier’s GRC team has been empowered by Executive Leadership to facilitate the creation and modification of policies and related documents based upon the changing needs of the organization.

Policy changes are communicated to the Visier teams via email and the company intranet. Policies are reviewed and approved by Executive Management at least annually.

Industry Standards

The structure and content of Visier’s policies are based on several industry standard frameworks, best practices, laws and regulations including but not limited to:

• ISO/IEC 27001; ISO/IEC 27002
• ITIL and COBIT frameworks
• Relevant publications from the United States National Institute of Standards and Technology (NIST)
• EU General Data Protection Regulation (EU GDPR)
• UK General Data Protection Regulation (UK GDPR)
• California Consumer Privacy Act (CCPA)
• Personal Information Protection and Electronic Documents Act (PIPEDA)

Policy Relationship

Policies, standards, guidelines and procedures play a significant role in facilitating the implementation of Visier’s Information Technology (IT) governance objectives. Their relationship is shown in the figure below:

Policies, standards, guidelines and procedures are updated as required and available for review by all Visier employees on the corporate intranet.

Visier Corporate Policy Overview

Visier does not share organizational policies in their entirety with external parties due to confidentiality reasons. In lieu of sharing the individual policies, the following table has been prepared to provide customers and prospects a brief description of a select list of Visier policies as it pertains to key business practices.

Individual policies, related standards and other governance documents are available for review on the corporate intranet. Employees are trained on select policies as part of the new hire onboarding process and on an annual basis.

The GRC team also educates the applicable teams on new policies that come into effect during the course of the year.

Each policy defines its purpose and scope, policy requirements, roles and responsibilities, key definitions, related standards, frameworks and/or regulations the policy is based on, and the approval and revision history. Policies are reviewed and approved by Executive Leadership at least annually.