Security

Privacy and security are essential elements for Admincontrol and our customers. This is ensured by a constant focus on these elements when developing our solutions as well as during daily operations.

Our security measures ensure that our customers data is secure and available only to the registered users with documented access. On a regular basis, Admincontrol undergo audits by a certified IT auditor to make sure the control environment at Admincontrol is in line with industry best practices and established frameworks.


Certifications and compliance





SOC 2

SOC stands for “System and Organization Controls”. Companies that use cloud service providers use SOC 2 reports to assess and address the risks associated with third-party technology services.
Read more





ISO 27001:2013

The ISO 27001:2013 certification in Admincontrol covers the entire business, process and Products. This proves our commitment to providing excellent security throughout every aspect of our service.
Read more










G-CLOUD

Admincontrol is part of the Digital Marketplace’s G-Cloud 11 initiative, designed to simplify procurement of cloud-related software, IT services and technologies by public sector organisations. It centralises the vendor qualification process, removing lengthy, complicated procurement requirements for every IT purchase.
Read more








GDPR

In Admincontrol we have taken all necessary measures to ensure that we, when we are responsible for the collection of personal data (Data Controller) and where we process personal data on behalf of our customers (Data Processor), is performed in line with the requirements of the GDPR.
Read more

Vulnerability management

Application penetration tests of our Web & Mobile Applications are performed on regular basis by Third party security experts who systematically attempts to penetrate our systems on our behalf and with our permission to find security holes that a hacker could potentially exploit.

How often are you testing?
Each upcoming release of our solution undergo penetration tests by Third party security experts, any identified vulnerabilities are fixed before a new release of our solution are put into production. This is to ensure that we always have a secure solution.

Are you tested against OWASP Top 10?
All penetration tests are performed using OWASP methodology and against OWASP Top 10. In addition, we verify our service against OWASP ASVS L2 on annual basis.

Vulnerability scans are used to find vulnerabilities within our infrastructure and applications. For this we use some of the top vulnerability and Web Application Security scanners on the market. This enable us to scan our systems for well know & latest security vulnerabilities.

As part of being a company in the Visma group we participate in the Visma Responsible Disclosure program. This allows security researchers to report any security issues within our products in a responsible way. For more information on Responsible Disclosure and how to report see Responsible Disclosure Policy under ‘Useful links’ below.

Ole Martin Refvik

Security Manager & Data Protection Officer

+47 992 19 830

[email protected]