Trust & Security

We maintain an always-on bug bounty to identify and triage issues in our products and services. Many customers ask us for ‘penetration reports’ or similar - basically a report from a third party that...

Ben Howe published an article 8 0 January 10, 2023

Hello, We are currently conducted financial statements audit  by accounting firm. Our auditors have required the SOC1 Type2 report of all significant service organizations including Atlassian....

김영훈 started a discussion 3 11 January 10, 2023

January 4, 2023 Overview The Health Insurance Portability and Accountability Act (HIPAA) is a federal law developed by the U.S. Department of Health and Human Services and was established in 1996...

Hema Vadodaria published an article 14 12 January 4, 2023

January 4th 2023 Overview The International Organization for Standardization (ISO) is an independent, non-governmental international organization with a membership of 167 national stand...

Kaito Lee published an article 14 2 January 4, 2023

Wo kann ich als Admin in den Account-Einstellungen aller Nutzer für die angeschlossenen APPs/AddOns einstellen, dass die jeweiligen Anbieter keinen Zugriff auf das Nutzerkonto haben? Wenn ich den RE...

Gaby started a discussion 1 6 January 2, 2023

Atlassian’s Trust team now have now completed for three new attestations: APRA Prudential Standard CPS 234 NCSC - UK Cloud Security Section 889 What is APRA Prudential Standar...

Jodie Vlassis published an article 9 0 December 21, 2022

Atlassian primarily relies on our Atlassian Bug Bounty Program and our own internal testing by our Security Engineers to test and identify security issues or vulnerabilities in our Products and Servi...

Ben Howe published an article 6 0 December 20, 2022

Overview System and Organization Controls (SOC) Reports are independent third-party examination reports that provide detailed information and assurance about controls in place at service organizati...

Amy Knapp published an article 15 2 December 19, 2022

What a year 2022 has been! As we have seen the world open up again, our connectedness has grown more. Here at Atlassian, we value togetherness and community, and are proud and honoured we can continu...

Jodie Vlassis published an article 20 5 December 18, 2022

@sparsh.kulshrestha @Dan Hranj I think we are missing the big picture here. If what Cloudsek is claiming is true, then it means that cookies were stolen via malware infections on endpoint computers....

Grzegorz Szyło started a discussion 3 7 December 16, 2022

On December 7, 2022 (UTC), Atlassian's security team opened an investigation into unauthorized access of a customer's Cloud account. On December 8, we concluded that the bad actor used session tokens...

Dan Hranj published an article 53 8 December 15, 2022

Hi,    I came across one of the Scurity Issues/Vulnerability   https://cloudsek.com/security-flaw-in-atlassian-products-jira-confluencetrello-bitbucket-affecting-multiple-compa...

Ajay Mishra started a discussion 1 7 December 13, 2022

Hello Atlassian Community, Since we launched organization audit logs in Atlassian Cloud, we have been iterating on our logging capabilities and expanding coverage across an organization’s administr...

Jonathon Yu published an article 12 5 December 9, 2022

I've seen the talks and pages about how Atlassian uses Jira and Confluence to manage their own risk and compliance program.  I want to implement this at my company. Are the "blueprints" for how...

Vince Schira started a discussion 6 5 December 7, 2022

I just started our company on Trello to manage our workflow. The roll out went so well that Sales department has created a board also. What I have noticed is that I created a private board for myself...

Edwin Montgomery started a discussion 1 1 December 7, 2022

Atlassian’s Trust team now have now completed an updated response for the Higher Education Cloud Vendor Assessment Toolkit (HECVAT) version 3.03 for our Cloud products. What is HECVAT? The HECVAT...

Ben Howe published an article 4 0 November 30, 2022

Atlassian has published a list of sub-processors here: https://www.atlassian.com/legal/sub-processors . However this list of sub-processors seems not complete.  When you use Conflucence, Jira,...

marc -Collabello--Phase Locked- published an article 2 4 November 21, 2022

Update as of March 17, 2025 We’re excited to share that Atlassian Government Cloud has received FedRAMP Moderate Authorization. Read more about this update here.     Updat...

Dave Meyer published an article 33 44 November 17, 2022

Hi all, I wanted to highlight this trust and security-related survey opportunity. It was posted in the Jira Cloud Admins group but it is open to any product (not just Jira) in any...

Monique vdB published an article 7 0 November 14, 2022

Hi everyone, My name is Fili and I’m a Principal Product Manager on Enterprise Trust. I’m here to announce the launch of data residency in Germany 🎉! We're thrilled to expand our data re...

Filiberto Selvas (OOO Jan 16 - Feb 9) published an article 34 30 November 7, 2022

Tracking working hours is not new in the workforce; it has been around since time cards and clocks were the only technology available. Some companies follow this technique to keep track of working ho...

Andreas Springer _Actonic_ published an article 2 0 November 4, 2022

On November 1, OpenSSL published a security advisory detailing high severity vulnerabilities in version 3.x of their library, also known as CVE-2022-3602 and CVE-2022-3786. Atlassian kicked off the i...

Bill Marriott published an article 39 11 November 1, 2022

Tracking employees’ working hours can vary between businesses, depending on their policies and the laws required in the countries where they are based. Some countries in Europe have now adopted manda...

Andreas Springer _Actonic_ published an article 3 1 October 28, 2022

Following on our first ever Annual Bug Bounty Report from 2021, we have updated this report to reflect a full year of statistics and data about our Bug Bounty Programs as part of our overall Vulnerab...

Bill Marriott published an article 11 0 October 27, 2022

Atlassian maintains submissions to the Cloud Security Alliance (CSA) STAR Registry for our major Cloud Services. The STAR Registry hosts the Consensus Assessment Initiative Questionnaire (CAIQ), whic...

pknowlton published an article 7 3 October 24, 2022