Security is our top priority

Information security is of paramount importance to us. We ensure that Severa meets the security requirements both now and in the future.


24/7 monitoring

The Service Delivery Team monitors the product’s continuity during office hours. Outside of office hours, continuity is monitored by Visma’s Central Operations team.

Server Security

Our server provider is Microsoft Azure, which has multiple security certifications. The server rooms used by Severa are located in the Azure North Europe region. The data you store in Severa remains within the borders of Europe.


Customer data is backed up to a geographically independent service, ensuring data availability even if the Azure data center is down. Backups are performed nightly and retained for 30 days.

Security is considered in all operations

Security is at the core of our operations. In Severa, security and privacy are taken into account from various perspectives. Learn more about how security is considered in Severa’s product development and the actions of the entire company’s staff.

ISO 27001 Information Security Standard

ISO 27001 badge

Severa follows Visma’s security framework VCDM (Visma Cloud Delivery Model). This framework is ISO 27001 certified, which means that Severa also complies with the requirements of the ISO 27001 certification.

The certification ensures that Severa meets the security requirements set by the standard. This makes it easier for our customers to have confidence in the security of the service and the commitment to high-level security management.

Severa is GDPR complaint

GDPR Ready

The goal of the EU’s General Data Protection Regulation (GDPR) is to enhance individuals’ rights to control the processing of their personal data. In Severa, the processing of personal data is handled appropriately as both a data controller and a data processor.

Visma quality assurance framework

Visma has its own quality assurance framework called VCDM (Visma Cloud Delivery Model), which encompasses product development, delivery, and the operation of cloud services at Visma. This framework enables us to ensure the delivery of high-quality cloud services, enhance agility, and gain a competitive advantage. Severa fully adheres to this framework.

Frequently Asked Questions

  • What happens to our data if we stop using Severa?
    All your company and customer data will be deleted six months after the termination of the environment’s usage.
  • How are personal data processed in Severa?
    A detailed description can be found in the document:
  • How can I find out what information about me is stored in your systems?
    All your company and customer data will be deleted six months after the termination of the environment’s usage. With GDPR, individuals have the right to request information about what data is stored about them in the system from the data controller. This information can be obtained through Severa reports: The Contacts report can provide information about customer contacts. The personal data fields include: First Name, Last Name, Email, All phone numbers, Address, and Date of Birth. (Other contact methods if they have been enabled). Employee data can be reported through the Users report. The personal data fields include: Name, Email, Social Security Number, Bank Account, Address, Phone, and Date of Birth. Absence reporting can be done using the Activities report. The activity fields include: Owner, Subject, Description, Activity Type, Start Date, Start Time, and End Time.
  • How is data backup taken care of?
    Customer data is backed up to a geographically independent service, ensuring that backups are available even if Azure’s data center is down. Backups are performed every night and retained for 30 days.
  • What encryption methods are used?
    Data is protected using AES-256-bit encryption when stored in the database. The connection between Severa and your browser is secured with TLS 1.2 encryption.
  • What kind of log information does Severa store, and how can I view it?
    The Change History report allows you to view default events related to users, absences, contacts, and report exports (who, what, when). This functionality can be expanded to cover events related to projects and invoices as well. Login history can be viewed through the Visma Connect service. We also store log information about requests made to the service and changes made to the infrastructure. We utilize Visma’s centralized SLM (Security Log Management) service for storing these log entries and detecting security threats.
  • Does Severa have a continuity and recovery plan?
    We follow the VCDM (Visma Cloud Delivery Model) security framework, which includes both continuity and recovery plans. The documentation and scenarios produced based on this process are tested and updated annually.
  • Where is customer data stored?
    Customer data is stored in Azure’s North Europe (Ireland) region. Backup data is duplicated in Azure’s West Europe (Netherlands) region.
  • Is the communication between Severa and the user encrypted?
    All communication with Severa services is always encrypted. We use the latest TLS 1.2 protocol for all traffic.
  • What is Visma Connect?
    Visma Connect is a unified secure login method across all Visma products. Visma Connect allows for single sign-on (SSO) with one username and password, enabling access to Severa and other Visma products such as Visma Expense, Visma Entry, Visma Payroll, etc.
  • Is it possible to use SSO (single sign-on) in Severa?
    In addition to Visma Connect, it is possible to use Google, Microsoft (Office 365, Azure AD), or ADFS (customer’s own Active Directory) services for single sign-on.
  • What 2FA (two-factor authentication) methods are supported in Severa?
    Strong authentication can be achieved using authenticator apps (e.g., Google Authenticator), text messages, biometrics, or a security key. We also support third-party single sign-on (SSO) authentication methods, including Azure AD, ADFS, Okta, HelloID, OneLogin, Google Workspace, Ping Identity, and others. To enable third-party authentication, please contact customer support. It is also possible to restrict the use of specific authentication methods on a company-specific basis.
  • Can 2FA be enabled for all users by default?
    Each user can enable two-factor authentication (2FA) themselves by going to Visma Connect User Management: Enabling 2FA for all users by default can be done by contacting customer support:

Got any questions?

If you are concerned about anything regarding our information security, feel free to contact us. We are happy to answer your questions!