1a. Customer Data
No
Sensitive Data
No
Security Policy
https://doc.rixter.se/display/RP/EULA+and+Privacy+Policy
Release Management
Releases follow our Software Development Process described here:
https://doc.rixter.se/display/RP/Rixter+Software+Development+Process+%28SDLC%29+-+RSDLC
Audits
No, external audits have been done. We do internal audits so far.
Accreditation
No
Penetration Testing
We have done security pen-tests on some products to find wholes.
This is not a regular task, more case by case or in a procurement process. The tests is the top 10 OWASP security vulnerabilities
Notifying Atlassian
Notifications is done by any employee submitting a request Atlassian
Employee Access
No
10. Confidentiality
Yes
11. Managing Security Vulnerabilities
https://doc.rixter.se/display/RP/Rixter+Software+Development+Process+%28SDLC%29+-+RSDLC
12. Disaster Recovery
Today we only have forge app and DC apps, both of them being managed by the customers ops teams or by Atlassian when it comes to forge.
13. Data Recovery
We donĀ“t have access to any customer environment to conduct such activity.