Atlassian Self-assessment program

1a. Customer Data


  1. Sensitive Data


  1. Security Policy

  1. Release Management

Releases follow our Software Development Process described here:

  1. Audits

No, external audits have been done. We do internal audits so far.

  1. Accreditation


  1. Penetration Testing

We have done security pen-tests on some products to find wholes.
This is not a regular task, more case by case or in a procurement process. The tests is the top 10 OWASP security vulnerabilities

External pen tester has been utilized for Integrations Hub for Jira

  1. Notifying Atlassian

Notifications is done by any employee submitting a request Atlassian

  1. Employee Access


10. Confidentiality


11. Managing Security Vulnerabilities

12. Disaster Recovery

DC apps are handled by the customer.

Protected Fields is handled by Atlassian since it is a Forge App

Integrations Hub for Jira Cloud is handled by Rixter AB

13. Data Recovery

For Protected Fields, Inbox for Jira and Integrations Hub (DC):

We don´t have access to any customer environment to conduct such activity.