Atlassian Self-assessment program
1a. Customer Data
No
Sensitive Data
No
Security Policy
Release Management
Releases follow our Software Development Process described here: Rixter Software Development Process (SDLC) - RSDLC
Audits
No, external audits have been done. We do internal audits so far.
Accreditation
No
Penetration Testing
We have done security pen-tests on some products to find wholes.
This is not a regular task, more case by case or in a procurement process. The tests is the top 10 OWASP security vulnerabilities
External pen tester has been utilized for Integrations Hub for Jira
Notifying Atlassian
Notifications is done by any employee submitting a request Atlassian
Employee Access
No
10. Confidentiality
Yes
11. Managing Security Vulnerabilities
Rixter Software Development Process (SDLC) - RSDLC
12. Disaster Recovery
DC apps are handled by the customer.
Protected Fields is handled by Atlassian since it is a Forge App
Integrations Hub for Jira Cloud is handled by Rixter AB
13. Data Recovery
For Protected Fields, Inbox for Jira and Integrations Hub (DC):
We don´t have access to any customer environment to conduct such activity.