Why Visier
Products
Solutions
Developers
Resources
Customers

FAQs

Visier's responses to commonly asked questions.

Trust
Security
Privacy
Compliance
Documents
Code of Conduct
Alerts & Advisories
Trust Assurance FAQs

Introduction

We proactively compiled answers to top questions about Visier to help you get a better sense of our practices. Please also visit the various pages within Visier’s Trust site to learn about our approach to security, privacy, and compliance at an organizational, platform, and operational level.

Governance and Audit

What standards and frameworks are Visier policies and procedures based on?
Does Visier provide a SOC 2 report?
Does Visier provide a SOC 1 report?
Are corporate policies reviewed and approved at least annually?

Security Organization and Risk Management

Does Visier have an Information Security team that is formally responsible for information security?
Is there a documented Information Security Policy?
Does Visier have a Governance, Risk, and Compliance (GRC) team?
Does Visier have a Risk Management Program which includes Third Party Risk Management?
Does Visier make its sub-service organizations’ SOC reports available?
Does Visier perform background checks of its employees?

Access Management

Does Visier support the principle of segregation of duties (SoD) and least privilege?
Is access to key resources reviewed periodically?
Does Visier manage privileged access to key resources?
What identity providers (IdP) are supported? Do Visier solutions support strong authentication mechanisms such as digital certificates, smart cards, and SecurID?
Is access to sensitive data restricted?
Is user access logged?

Data Management

Is customer data stored locally on end-user devices?
Are development, test and production environments and networks sufficiently segregated?
Is data encrypted in transit and at rest?
Is one’s data logically segregated from another’s?
Does Visier have a data retention policy?
Is customer data securely destroyed?
Where can someone find further information on Visier’s Privacy and Data Protection Program?
Where can someone find further information on Visier’s Privacy and Data Protection Program?

Physical Security

Does Visier have a Physical Security Policy?
Are there physical security controls to effectively protect customer data?

Asset Management

Does Visier have an Asset Management Policy and Program?

Operations Management

Does Visier have a Threat and Vulnerability Management Program?
Are vulnerability scans performed?
Does Visier use cyber threat intelligence to identify, assess, and manage threats?
Does Visier have a patch management policy and process?
Are customers allowed to perform their own web application penetration testing?
Does visier harden its systems (including operating systems, applications, databases)?

Secure Application Development

What methodology is used for software development?
Is Segregation of Duties (SoD) enforced for developing, testing and deploying code?
Are developers trained on secure coding?

Incident Management

Does Visier have an Incident Response Program?
When does Visier notify customers about incidents which impact them?
How can I report a security issue to Visier?

Business Continuity and System Resiliency

Does Visier have a Business Continuity Policy?
Does Visier have a Disaster Recovery Plan?
Where can I find more information about Visier’s response to security incidents?
How can customers check the current uptime status of the Visier solution?