You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
I have a potential JSM customer that wants to know how Jira Service Management will / can help comply with the NIS2 directive (https://digital-strategy.ec.europa.eu/en/policies/nis2-directive).
I can find no resources on this in the trust center.
Searching with google "Atlassian NIS2" or her in the Atlassian Community or in the Partner portal returns no results.
The customer is looking at Jira Service Management and ServiceNow. Searching for "NIS2 Servicenow" returns usable results.
If anyone has faced this question?
Answer from Atlassian:
I have reached out to our Trust team and I was provided with this information:
The NIS2 directive is not yet effective but will be next year as EU member states have to implement it into national law by 17th Oct 2024. But I can see that customers are already concerned about this
At Atlassian, we are committed to maintaining the highest standards of security, and we are closely monitoring developments related to the NIS2 Directive ve and other regulatory bodies. We have undertaken the following measures to follow the NIS2 compliance requirements:
Regular Risk Assessments: We regularly conduct thorough risk assessments to identify vulnerabilities and mitigate potential risks. More information here and here.
State-of-the-Art Security Measures: Atlassian has implemented various technical and organisational measures for security and data privacy; see our ISO 27001 certification, SOC2 report or pre-signed DPA for more information.
Incident Reporting Protocols: We have mechanisms in place to identify and report any significant cybersecurity incidents in a timely manner; find more information here and here.
Transparency and Documentation: We maintain comprehensive documentation of our security policies and incident response plans, which are part of our annual SOC2 audit performed by independent 3rd party auditors. Atlassian also provides an overview of implemented policies here.
Cooperation with Authorities: We are committed to fully cooperating with national cybersecurity agencies and to adhere to their requirements to confirm our compliance.
(links removed due to invalid HTML)
I would recommend that you to reach to Atlassian Support (https://support.atlassian.com) for direct assistance on the NIS2 directive compliance with JSM product.
Here are a few Atlassian links that address compliances -
Hope this helps.
Best, Joseph Chung Yin
Jira/JSM Functional Lead, Global Technology Applications Team
Asked Atlassian for this:
Thanks for the quick reply. I have forwarded the answer from the trust team to the customer. If they need a meeting I will reach out.
But, the answer from the trust team is how the Cloud Platform complies with NIS2.
There is also a need for Atlassian to provide answers to how JSM supports the processes and requirements described in NIS2.
ServiceNow consulting firms are answering this question already: https://www.linkedin.com/pulse/how-ready-dora-nis2-servicenow-devoteam-n-platform
They base their answer on the functionality described for the ServiceNow Governance, Risk, and Compliance (GRC) product.
There is no similar product / description of how JSM can supports these processes. I have read a fair bit about NIS2, and I can see that JSM can support and automate these processes. But customers need a vendor statement from Atlassian on how this can be achieved.
Can you forward this requirement to the JSM product marketing team / trust team?