Hi there.
I have a potential JSM customer that wants to know how Jira Service Management will / can help comply with the NIS2 directive (https://digital-strategy.ec.europa.eu/en/policies/nis2-directive).
I can find no resources on this in the trust center.
Searching with google "Atlassian NIS2" or her in the Atlassian Community or in the Partner portal returns no results.
The customer is looking at Jira Service Management and ServiceNow. Searching for "NIS2 Servicenow" returns usable results.
If anyone has faced this question?
UPDATE:
Answer from Atlassian:
I have reached out to our Trust team and I was provided with this information:
The NIS2 directive is not yet effective but will be next year as EU member states have to implement it into national law by 17th Oct 2024. But I can see that customers are already concerned about this
At Atlassian, we are committed to maintaining the highest standards of security, and we are closely monitoring developments related to the NIS2 Directive ve and other regulatory bodies. We have undertaken the following measures to follow the NIS2 compliance requirements:
Regular Risk Assessments: We regularly conduct thorough risk assessments to identify vulnerabilities and mitigate potential risks. More information here and here.
State-of-the-Art Security Measures: Atlassian has implemented various technical and organisational measures for security and data privacy; see our ISO 27001 certification, SOC2 report or pre-signed DPA for more information.
Incident Reporting Protocols: We have mechanisms in place to identify and report any significant cybersecurity incidents in a timely manner; find more information here and here.
Transparency and Documentation: We maintain comprehensive documentation of our security policies and incident response plans, which are part of our annual SOC2 audit performed by independent 3rd party auditors. Atlassian also provides an overview of implemented policies here.
Cooperation with Authorities: We are committed to fully cooperating with national cybersecurity agencies and to adhere to their requirements to confirm our compliance.
(links removed due to invalid HTML)
Aa far as I understand NIS2 demands 2FA also for customers using JSD. This means, without a solution from Atlassian all Europe based installations are violating the rules once in place.
The answer I got from support was "discussions are ongoing internally on how to best support customers and how they meet the NIS2 compliance. Once there are updates on this discussion, this can be shared with customers and how best to proceed."
Let's see when we will see those answers :-)
That's a classic Atlassian answer...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I would recommend that you to reach to Atlassian Support (https://support.atlassian.com) for direct assistance on the NIS2 directive compliance with JSM product.
Here are a few Atlassian links that address compliances -
https://www.atlassian.com/trust/compliance/resources
https://www.atlassian.com/trust
Hope this helps.
Best, Joseph Chung Yin
Jira/JSM Functional Lead, Global Technology Applications Team
Viasat Inc.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Joseph
Thanks. I already asked them, but forgot to mention it in my post.
Br, Kris
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Asked Atlassian for this:
Thanks for the quick reply. I have forwarded the answer from the trust team to the customer. If they need a meeting I will reach out.
But, the answer from the trust team is how the Cloud Platform complies with NIS2.
There is also a need for Atlassian to provide answers to how JSM supports the processes and requirements described in NIS2.
ServiceNow consulting firms are answering this question already: https://www.linkedin.com/pulse/how-ready-dora-nis2-servicenow-devoteam-n-platform
They base their answer on the functionality described for the ServiceNow Governance, Risk, and Compliance (GRC) product.
There is no similar product / description of how JSM can supports these processes. I have read a fair bit about NIS2, and I can see that JSM can support and automate these processes. But customers need a vendor statement from Atlassian on how this can be achieved.
Can you forward this requirement to the JSM product marketing team / trust team?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
As your posting is hosted within Community env, you should follow-up with Atlassian Support (https://support.atlassian.com), so the support team can contact the JSM product team directly for you.
Best, Joseph
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.