Visier launches monthly resignation data and free workforce benchmarking service     Learn More
Close

Trust and Security


Introduction

We proactively compiled answers to top questions about Visier to help you get a better sense of our practices. Please also visit the various pages within Visier’s Trust site to learn about our approach to security, privacy, and compliance at an organizational, platform, and operational level.



Governance and Audit

What standards and frameworks are Visier policies and procedures based on?

Visier policies, practices and internal controls are generally based on standards and frameworks including:

  • ISO/IEC 27001; ISO/IEC 27002; ISO/IEC 27005; ISO/IEC 31000
  • ITIL and COBIT frameworks
  • Relevant publications from the United States National Institute of Standards and Technology (NIST)
  • Personal Information Protection and Electronic Documents Act (PIPEDA)
  • EU General Data Protection Regulation (GDPR)
  • E.U. – U.S. and Swiss – U.S. Privacy Shield Frameworks

Does Visier provide a SOC 2 report?

Does Visier provide a SOC 1 report?




Access Management

Does Visier support the principle of segregation of duties (SoD) and least privilege?

Yes.

Is access to key resources reviewed periodically?

Does Visier manage privileged access to key resources?

What identity providers (IdP) are supported? Do Visier solutions support strong authentication mechanisms such as digital certificates, smart cards, and SecurID?

Is access to sensitive data restricted?

Is user access logged?




Data Management

Is customer data stored locally on end-user devices?

No. Customer data is always stored within Visier’s secure data centers.

Are development, test and production environments and networks sufficiently segregated?

Is data encrypted in transit and at rest?

Is one’s data logically segregated from another’s?

Does Visier have a data retention policy?

Is customer data securely destroyed?

Where can someone find further information on Visier’s Privacy and Data Protection Program?




Physical Security

Does Visier have a Physical Security Policy?

Yes.

Are there physical security controls to effectively protect customer data?




Asset Management

Does Visier have an Asset Management Policy and Program?

Yes.




Operations Management

Does Visier have a Threat and Vulnerability Management Program?

Yes.

Are vulnerability scans performed?

Does Visier use cyber threat intelligence to identify, assess, and manage threats?

Does Visier have a patch management policy and process?

Are customers allowed to perform their own web application penetration testing?

Does visier harden its systems (including operating systems, applications, databases)?




Secure Application Development

What methodology is used for software development?

Visier uses the Agile software development methodology as part of its Software Development Lifecycle (SDLC).

Is Segregation of Duties (SoD) enforced for developing, testing and deploying code?

Are developers trained on secure coding?




Incident Management

Does Visier have an Incident Response Program?

Yes.

When does Visier notify customers about incidents which impact them?

How can I report a security issue to Visier?




Business Continuity and System Resiliency

Does Visier have a Business Continuity Policy?

Yes.

Does Visier have a Disaster Recovery Plan?

Where can I find more information about Visier’s response to security incidents?

How can customers check the current uptime status of the Visier solution?