Security and trust are the foundation of Visma Sign. Our e-signing service protects every document and signature with the same precision, transparency and Nordic reliability that over 70 000 organisations already trust.
Visma Sign focuses on:
Visma Sign has prioritised information security since day one.
Our business is built on trust ensuring that every customer can rely on us to handle their data safely and responsibly. Security has always been one of our top priorities, from encrypted document storage to the use of strong authentication in every e-signing process.
Visma Sign is part of the Visma Application Security Program (VASP) — a framework designed specifically for cloud services to continuously monitor and assess information security from multiple perspectives. Each Visma product has its own target level and real-time evaluation of current security status.
The programme follows global best practices and recognised industry standards to ensure continuous improvement and transparency.
Visma Sign complies with the EU eIDAS regulation (PAdES standards) and Finnish legislation on electronic signatures.
This ensures that every signature made in Visma Sign is legally binding at both the Advanced (AdES) and Simple (SeS) levels across all EU member states.
Visma Sign also fully adheres to the EU General Data Protection Regulation (GDPR), guaranteeing lawful and transparent processing of all personal data.
Visma Sign’s product development team works continuously on both software and security enhancements in close collaboration with external experts and auditors.
Visma Sign uses trusted data centre partners that operate within the European Union. Together with them, we ensure that all stored data remains secure and accessible even under exceptional circumstances.
Our cloud infrastructure is hosted by reliable partners who follow industry best practices in monitoring, security, and compliance. All documents and data uploaded to Visma Sign are encrypted both in transit and at rest, ensuring full protection throughout the signing process.
Security is built into every stage of Visma Sign’s development lifecycle. We perform automated vulnerability scans and annual security audits conducted by Visma’s internal security team. All findings are immediately addressed to maintain continuous protection against emerging threats.
All communication between servers is encrypted, ensuring that data remains safe while in transit. Certain microservices also use VPN tunnels for additional protection.
All information sent or received through Visma Sign is transferred using secure, encrypted connections, such as the HTTPS protocol.
This security applies to all communication — both between internal servers within Visma Sign and for any data that enters or leaves the system through the interface or API.
All documents and data uploaded to Visma Sign are encrypted during both transfer and storage.
An organisation’s administrator defines user access rights so that users can only view the archive folders and documents they are authorised to see.
All Visma employees undergo background checks appropriate to their role and responsibilities.
Every employee and consultant is bound by confidentiality agreements and receives mandatory annual security and privacy training before gaining access to production environments.
We work with a wide network of reliable Nordic and international subcontractors.
All partners, including data centre providers, go through Visma’s Vendor Management process, which evaluates their capability to meet strict security and privacy requirements.
OVisma Sign’s infrastructure and processes are designed for resilience. We use redundant systems, continuous monitoring, and automatic alerts to ensure service availability even in unexpected situations.
Our production team responds immediately to any incident to maintain uninterrupted service.
Every document and e-signature in Visma Sign is fully traceable. The audit trail records all key details related to the signing process, including IP addresses and timestamps of each event.
Each document is assigned a unique identifier, allowing verification of authenticity and proof that it has not been altered.
Visma Sign operates in full compliance with current data protection laws, including the EU General Data Protection Regulation (GDPR). When a customer stops using the service, they can download all agreements stored in their account.
The data is then deleted according to Visma’s Data Deletion Policy.
As a general principle, personal data is retained only for as long as necessary to fulfil the purpose of processing.
Visma has an organisation-wide process for managing security incidents.
The Visma Product Security Team supports Visma Sign’s internal security team in handling any potential information or data protection incidents promptly and effectively.
More than 70,000 businesses across the Nordics trust Visma Sign to manage their agreements securely and efficiently. Would you like to see how it works in practice?
Try Visma Sign free of charge or contact our experts for more information.