Security Policy

Effective Date: July 18, 2020
Last Updated: March 14, 2025

Overview

Visdum provides a cloud-based sales compensation and performance management platform and is committed to achieving and maintaining the trust of its customers. Visdum takes security seriously and has implemented administrative, technical, and organizational measures designed to protect access to customer accounts and customer data processed through the Visdum platform.

This Security Measures Summary provides an overview of Visdum’s data security practices and procedures applicable to Visdum’s generally available production services (the “Visdum Service”). This document is provided for informational purposes only and does not form part of any contractual agreement.

The Visdum Service does not include, and this Security Measures Summary does not apply to, pilot, beta, trial, evaluation, non-production, or limited-availability services unless otherwise agreed in writing.

Certain security controls described herein rely on reputable third-party service providers. Visdum’s security program is designed to align with recognized industry standards for security and privacy. Additional security documentation, including independent audit reports, is available to customers and prospects upon request under NDA.

Visdum may update this Security Measures Summary from time to time and will make the most current version available via its Trust Center.

Architecture

The Visdum Service is hosted on secure, cloud-based infrastructure operated by leading cloud service providers. Visdum leverages cloud-native security capabilities to help protect the confidentiality, integrity, and availability of customer data processed within the platform.

The underlying cloud infrastructure provider maintains independent security and compliance certifications, including SOC and ISO-based assessments. Visdum implements its own security controls on top of the cloud infrastructure in accordance with its internal security program.

Web Application Security

The Visdum Service is delivered via secure web application architectures and protected using industry-standard controls designed to mitigate common application-layer threats.

These controls include:

  • Network and application-layer protections
  • Distributed denial-of-service (DDoS) mitigation
  • Restriction of services, protocols, and ports to only those required for platform operation
  • Secure configuration and change management practices

Vulnerability Management

Visdum performs ongoing vulnerability assessments across its systems and applications. Identified vulnerabilities are tracked through a formal vulnerability management process and prioritized for remediation based on assessed risk and potential impact.

Remediation activities are documented and reviewed in accordance with Visdum’s internal security procedures.

Logging, Monitoring & Intrusion Detection

Visdum maintains centralized logging and monitoring mechanisms to support security analysis and incident detection.

  • Security-relevant system logs are collected and retained
  • Monitoring tools generate alerts for anomalous or suspicious activity
  • Logs and alerts are reviewed to identify potential security events

Identified events are investigated and closed following review and appropriate action.

Incident Management

Visdum maintains documented incident response procedures designed to address security incidents involving unauthorized access to or disclosure of customer data.

These procedures include:

  • Incident identification and containment
  • Internal escalation and coordination
  • Investigation and remediation
  • Customer notification in accordance with contractual and regulatory obligations

Access Management

Visdum enforces access management controls designed to prevent unauthorized access to systems and customer data.

Key controls include:

  • Unique user identifiers for internal system access
  • Authentication prior to system access
  • Role-based access controls aligned to job responsibilities
  • Least-privilege access principles
  • Multi-factor authentication for access to internal systems
  • Periodic access reviews and timely access revocation upon role changes or termination

Physical Security

The Visdum Service is hosted in professionally managed data centers operated by its cloud infrastructure providers. These facilities implement physical, operational, and environmental security controls, including controlled access, surveillance, and environmental safeguards.

Physical access to production data centers is restricted to authorized personnel of the cloud provider and approved third parties, subject to multi-factor authentication and monitoring.

Reliability & Backup

Customer data processed by the Visdum Service is protected through redundancy and backup mechanisms designed to support data durability and platform reliability.

  • Data is backed up on a regular basis
  • Backups are stored using encrypted and access-controlled storage
  • Backup and recovery processes are periodically tested

Business Continuity & Disaster Recovery

Visdum maintains business continuity and disaster recovery (BCDR) plans designed to support the ongoing availability of the Visdum Service.

These plans include:

  • Redundant infrastructure components
  • Defined recovery procedures
  • Periodic testing of recovery processes

Additional details related to recovery objectives or availability commitments are addressed contractually where applicable.

Malware Protection

Visdum employs industry-standard measures to reduce the risk of exposure to malware and other malicious code. These measures include endpoint protections, monitoring controls, and secure configuration practices.

Data Encryption

Visdum implements encryption controls designed to protect customer data:

  • Data in transit is encrypted using secure transport protocols (TLS 1.2 or higher)
  • Data at rest is encrypted using industry-standard encryption mechanisms
  • Backup data is encrypted and protected using access-controlled storage

Data Retention & Deletion

Customer data is retained and deleted in accordance with Visdum’s contractual commitments and applicable data protection requirements. Upon termination of services, customer data is handled in accordance with the applicable agreement.

Secure Development Practices

Visdum follows secure software development practices designed to identify and remediate security issues throughout the development lifecycle.

These practices include:

  • Secure coding standards
  • Peer code reviews
  • Automated testing and scanning
  • Change management controls prior to deployment

Endpoint Security

Access to customer data by Visdum personnel is restricted to company-managed endpoints configured with security controls aligned to industry best practices. Policies and technical safeguards are in place to reduce the risk of unauthorized access from unmanaged devices.

Continuous Security Assessment

Visdum continuously evaluates the security posture of its systems and services using monitoring and assessment tools. Identified issues are reviewed and addressed based on severity and risk.

Independent Audits & Assurance

Visdum’s security controls are independently assessed as part of its compliance program.

  • SOC 2 Type II (covering Security, Availability, and Confidentiality)
    Audit reports are available to customers and prospects upon request under NDA.

Security Contact & Reporting

Customers and security researchers may report suspected vulnerabilities or security concerns by contacting:

security@visdum.com

Additional security documentation, including audit reports and questionnaire responses, is available upon request.