Data encryption contradiction

The SOC2 and the CSA completed give contradicting responses for data at rest.  The SOC2 for Jira & Confluence says the data at rest is not encrypted, but the CSA self assessment says that the data at rest is encrypted for Jira & Confluence.  Which is the case?

1 answer

1 vote

Hello John,

This previous answer might be helpful: 

Atlassian is compliant with SOC2, and their SOC2 report can be obtained here: https://www.atlassian.com/trust/compliance

Unfortunately the report clearly states on page 29 that "Data is not encrypted at rest. Data in transit is encrypted with the TLS cryptographic protocol."

 

If you need further clarification, please let me know your questions more specifically.

Thank you Eduard for the response.

My confusion is looking at the SOC2 and the CSA's CAIQ (atlassian-caiq-v3.0.1-2016-09-30.xlsx).  The Atlassian CAIQ response for encryption at rest (row 93) states in the notes that JIRA & Confluence, within the Atlassian Cloud Platform, the tenant data is encrypted.

I figure the SOC2 is correct, but I just wanted to make sure.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Jan 08, 2019 in Jira

How to Jira for designers

I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...

846 views 3 9
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you