Atlassian Self-assessment program

1a. Customer Data

No

  1. Sensitive Data

No

  1. Security Policy

  1. Release Management

Releases follow our Software Development Process described here:

  1. Audits

No, external audits have been done. We do internal audits so far.

  1. Accreditation

No

  1. Penetration Testing

We have done security pen-tests on some products to find wholes.
This is not a regular task, more case by case or in a procurement process. The tests is the top 10 OWASP security vulnerabilities

External pen tester has been utilized for Integrations Hub for Jira

  1. Notifying Atlassian

Notifications is done by any employee submitting a request Atlassian

  1. Employee Access

No

10. Confidentiality

Yes

11. Managing Security Vulnerabilities

12. Disaster Recovery

DC apps are handled by the customer.

Protected Fields is handled by Atlassian since it is a Forge App

Integrations Hub for Jira Cloud is handled by Rixter AB

13. Data Recovery

For Protected Fields, Inbox for Jira and Integrations Hub (DC):

We don´t have access to any customer environment to conduct such activity.