Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How Atlassian uses Jira to manage risks and compliance obligations - Part 2

38 comments

Recommended Learning For You

Level up your skills with Atlassian learning

Jira Align Program Essentials

jira-align

Learn how to use Jira Align at the program level and how to plan for and manage your Program Increment (PI).

3h Beginner
On Demand

Managing Agile Boards and Reports

Jira Software

Learn how to pick the right board type for your team and customize it to fit your specific requirements.

1.8h Advanced
Free

Atlassian Certified Associate

Jira Software Board Configuration

Jira Software

Earn an associate-level credential from Atlassian that shows you can effectively configure Jira Software boards.

1h Intermediate
Certification

Comment

Log in or Sign up to comment
jimmi.handoko
jimmi.handoko September 17, 2019

@Guy for a starter like me, is there any steps that I can follow and easily understand? I usually use Confluence for documentation, raise issues / incidents in JIRA. But I want to know where and how to start for kicking off RCSA establishment within JIRA. I mean like a GRC in JIRA for dummy. Haha.

Like
Guy
Guy
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 18, 2019

@jimmi.handoko reach out to me directly - guy@atlassian.com and let's talk - might be a good idea to get your Jira admin on the call as well.

Like
Guy
Guy
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 18, 2019

@Shuichi Sakai We built an app internally - I think that there are a couple on the app store that do the same thing.

Like
jimmi.handoko
jimmi.handoko September 18, 2019

Thanks @Guy , will be in touch soon. 

Like
Miguel Silveira
Miguel Silveira February 4, 2020

@Guy Thank you for this.
It appears that you only show the screens of the existing transitions.
Some custom fields from the first part are missing, can you specify the screens and fields for issue creation on workflows.
Nevertheless, this will be incredibly useful to multiple GRC teams! Thank you

Like
Scott Margolis
Scott Margolis November 19, 2020

@Guy 

This is absolutely spectacular and helpful!!  Thank you very much.  I'm going to see what I can do with NIST following this great approach you've laid out here.  Thank you

-Scott

Like
Muhammet Ayal
Muhammet Ayal
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
January 30, 2021

Hi  @Guy ,

Thanks for the sharing. 

Should I customize / seperate every creation screen according to Part1's fields? 

or

Every issuetype schould have one create screen?

What is your suggestion / best practice?

Like
Deon Aiken
Deon Aiken March 9, 2021

@Guy Is there any more information you can share regarding this implementation of JIRA GRC? My company is using this as our compliance tool but really needs some additional information on how to best use the different issue types and understanding the workflow. Any guidance or information you can offer would be helpful. 

Like
Gyuri Kim
Gyuri Kim May 5, 2021

Hi @Guy 

Is part 3 there in the draft stage? I followed part 1 and part 2 setups on our JIRA cloud but I still feel very blurry about this. It would be great if I can see some implementation examples of how to present control objectives on JIRA. I hope Atlassian Sydney open a meetup for GRC in future :)  

Like Lesley Anderson likes this
Jordin
Jordin September 13, 2021

How do you recommend we trigger risk reviews annually or after a certain period of time? I would expect some sort of notification being sent out once a date has arrived to trigger a re-evaluation of the risk.

Like
Lesley Anderson
Lesley Anderson September 22, 2021

@Jordin I'm experimenting with the policy workflow and have set up project level automation to transition the policy jira back to in progress 11 months after the last resolution date.

Like
Muhammad Fahad
Muhammad Fahad
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 14, 2022

Hi @Guy ,

Thanks for right in detail. It's good and useful. Just wondering if you are writing more on the control objective. Looking forward to your response. Thank you

We will be sharing information on the control objectives that we have and how we went about building them - we have really enjoyed the risk and compliance journey so far and want to share our travel stories. 

Like Lesley Anderson likes this
Nick Gyorfi
Nick Gyorfi July 20, 2022

@Guy Would be awesome to pull in the Security Controls Framework CSVs, they map the majority of control frameworks :)

Like
Guy

Guy

Atlassian Team
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.

About this author

IT Risk and Compliance Manager

Atlassian

Sydney

26 total posts

View profile
groups-icon
Agile
TAGS
AUG Leaders

Atlassian Community Events

    See all events