Strong security just got even better now that Complete Control from House of Control has been approved to operate under the Visma Cloud Delivery Model (VCDM). Here’s what that means for our customers.
Security is no longer an optional add-on in business software—it is a fundamental requirement. With increasingly strict regulations and growing cyber threats, companies need complete confidence that their data is protected at the highest level.
Now, Complete Control meets the Visma Cloud Delivery Model (VCDM), a framework where security is a key component. VCDM sets high standards for how cloud-based software should be developed, delivered, and operated—ensuring compliance with essential ISO and ISAE requirements.
"The work to achieve VCDM approval has been impressive. A large team from both House of Control and Visma has collaborated to upgrade how our cloud services are delivered. Being part of the Visma family strengthens us, and for users of Complete Control, this means we meet the most common security requirements they have. Our customers benefit from an even more robust, secure, and flexible solution," says Lasse Sten, CEO of House of Control.
What does VCDM mean for our customers?
We spoke with Magnus Öman, Chief Architect at House of Control, about the impact of VCDM.
"This is a major step forward for us and our customers. Visma is known for its strong focus on security, and by meeting VCDM requirements, we have strengthened our ability to protect customer data while delivering a more robust and accessible service."
VCDM, or Visma Cloud Delivery Model, is Visma’s framework for developing, delivering, and operating cloud services. It ensures that all VCDM-certified Visma companies adhere to the same high standards of security, availability, and continuous improvement—including ISO 27001 certification and ISAE 3402 reporting.
"VCDM is about more than just technical security. It’s a holistic model that defines how we develop and deliver software, manage risk, and ensure high uptime and fast response to customer needs," explains Öman.
For Complete Control customers, this brings several key benefits:
- High security – All solutions are developed in accordance with ISO 27001, ensuring that data is handled securely and systematically.
- Faster response to customer needs – With continuous delivery and DevOps principles, House of Control can adapt more quickly to changing needs, reducing development cycles.
- High availability – The software is designed for near 100% uptime, ensuring customers always have access to their services.
- Continuous improvement – Agile methodologies ensure that our systems evolve based on customer feedback and needs.
"Overall, VCDM provides customers with a more robust, secure, and flexible cloud service. They can trust that Complete Control meets the highest industry standards for operations and security," says Öman.
ISO and ISAE – more than just certifications
House of Control has long maintained strict security routines, but with ISO 27001 certification and ISAE 3402 Type 2 reporting, our systems are now subject to independent audits—providing an extra layer of confidence for customers.
Before VCDM, we held an ISAE 3402 Type 1 report and an ISAE 3000 Type 1 report.
"We have had an Information Security Management System (ISMS) in place for some time. The ISO 27001:2023 certificate, together with an ISAE 3402 Type 2 report, serves as a quality mark for our structured work in systematic risk management, policies, processes, and controls. This means we continuously assess threats, vulnerabilities, and risks while maintaining control mechanisms to protect confidentiality, integrity, and data availability," explains Öman.
Strengthening cybersecurity defenses
Cyber threats such as data breaches, ransomware, and hacking attempts are becoming more frequent and complex. House of Control has therefore strengthened its monitoring and preventive measures through VCDM.
"The best security incident is the one that never happens. We work proactively with risk assessments, continuous monitoring, and modern technology to detect and prevent threats before they cause harm," says Öman.
Access control plays a key role in this security approach.
"We follow the 'least privilege' principle, meaning employees and systems only have access to the data they truly need. We also use encryption at multiple levels—including file storage, databases, and data transfers."
Another important security measure is two-factor authentication (2FA).
"All users should enable two-factor authentication. It’s a simple but highly effective security measure. Many of our customers have already adopted it, but we encourage even more to follow suit."
Greater resources, stronger expertise
As part of the Visma family, House of Control benefits from a large technical organization.
"Visma has a vast network of experts in IT security, cloud solutions, and compliance. When we work on security, we can draw on the experience and knowledge of experts across more than 200 Visma companies," says Öman.
This also means greater investments in technology and infrastructure.
"Both House of Control and Visma invest heavily in security, and Visma gives us access to resources that would have been difficult to build on our own. We collaborate with leading cybersecurity providers and follow best practices from the industry."
Making compliance easier for customers
IT security requirements are constantly increasing, driven by regulatory bodies and customer expectations. GDPR and other regulations impose strict requirements on how companies protect personal data and critical infrastructure.
"VCDM helps our customers with compliance. ISO 27001 and ISAE 3402 overlap with many of the requirements in GDPR. This makes compliance easier and reduces the burden on our customers," explains Öman.
He also notes that customers are increasingly requesting documentation and confirmation that services comply with their information security standards.
"With VCDM, many of these requirements are already validated. This shortens security assessments, which can often be time-consuming."
Looking ahead: A continued focus on security
For House of Control, VCDM is not an endpoint but a starting point for the next phase of our security efforts.
"Security is an ongoing process. We will continue to improve our systems, work proactively on new threats, and ensure that our customers always have access to a secure and stable service," says Öman.
At the core of all of this is trust.
"We provide a service that helps companies with financial management and contract handling. For them to trust us with their data, we must deliver the highest security standard possible. With VCDM, we do exactly that."
