Why Security-Conscious Teams Choose JQL Argon: Built on Atlassian Forge

Why Security-Conscious Teams Choose JQL Argon: Built on Atlassian Forge

 

When evaluating a new Jira app, security teams ask one question before anything else: "Where does our data go?"

With JQL Argon Powerful Search JQL Argon  the answer is simple — it never leaves Atlassian.

 

---

Built on Atlassian Forge: Security by Architecture

Argon is built entirely on Atlassian Forge, Atlassian's next-generation serverless cloud platform. This isn't just a technical choice — it's a security commitment that affects every layer of the app.

Traditional Jira apps run on external servers owned by the vendor. Forge apps don't. Argon runs inside Atlassian's own infrastructure, which means:

• No external servers — Argon has no third-party backend
• No data egress — your issues, comments, and worklogs stay within Atlassian
• No externally stored tokens — authentication is handled entirely by Atlassian's platform
• No external databases, APIs, or logging services — zero third-party dependencies

This architecture makes external data breaches structurally impossible for Argon. There is no Orbiscend server to compromise.

 

What Happens to Your Data

Storage

All index data Argon creates is stored using Forge Storage — a native, sandboxed storage layer within Atlassian's infrastructure. It is encrypted at rest and in transit using Atlassian's own encryption standards.

Processing

JQL functions and event listeners execute within Forge's isolated compute environment. Each app instance runs in its own sandbox, preventing cross-tenant access.

On Uninstall

When you uninstall Argon, all Forge Storage data is deleted according to Atlassian's data retention policies. Nothing is held externally.

 

Compliance & Certifications

Because Argon runs on Atlassian's infrastructure, it inherits Atlassian's compliance posture, including:

• ✅ SOC 2 Type II
• ✅ ISO 27001
• ✅ GDPR compliance
• ✅ Data Residency — Argon respects your organization's Atlassian data residency settings

 

CAIQ — Consensus Assessments Initiative Questionnaire

Enterprise security and procurement teams frequently require a CAIQ (Cloud Security Alliance Consensus Assessments Initiative Questionnaire) as part of vendor evaluation. The CAIQ covers domains including data governance, identity & access management, infrastructure security, and incident response.

Because Argon is a Forge-native app with no external infrastructure, many CAIQ domains are answered at the Atlassian level rather than the Orbiscend level:

• Infrastructure & Virtualization Security → Atlassian-managed, Forge sandbox isolation
• Data Security & Information Lifecycle Management → Forge Storage, Atlassian encryption, data residency
• Identity & Access Management → Atlassian's OAuth 2.0, scoped permissions only
• Incident Response → Atlassian's security incident program
• Compliance → SOC 2 Type II, ISO 27001 via Atlassian

If your security team requires a formal CAIQ response or vendor questionnaire, contact us directly — we're happy to provide documentation and assist with enterprise procurement reviews.

You can check all security points on our website.

JQL Argon and others app are available on Atlassian Marketplace.

 

Greetings
Bartek from Orbiscend OU (JQL Argon app provider)