Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Jira Service Management / Atlassian NIS2 compliance?

Kristoffer Bundgaard October 23, 2023

Hi there.

I have a potential JSM customer that wants to know how Jira Service Management will / can help comply with the NIS2 directive (https://digital-strategy.ec.europa.eu/en/policies/nis2-directive).

I can find no resources on this in the trust center.

Searching with google "Atlassian NIS2" or her in the Atlassian Community or in the Partner portal returns no results.

The customer is looking at Jira Service Management and ServiceNow. Searching for "NIS2 Servicenow" returns usable results. 

If anyone has faced this question? 

UPDATE: 

Answer from Atlassian:  


I have reached out to our Trust team and I was provided with this information:

The NIS2 directive is not yet effective but will be next year as EU member states have to implement it into national law by 17th Oct 2024. But I can see that customers are already concerned about this

At Atlassian, we are committed to maintaining the highest standards of security, and we are closely monitoring developments related to the NIS2 Directive ve and other regulatory bodies. We have undertaken the following measures to follow the NIS2 compliance requirements:

Regular Risk Assessments: We regularly conduct thorough risk assessments to identify vulnerabilities and mitigate potential risks. More information here and here.

State-of-the-Art Security Measures: Atlassian has implemented various technical and organisational measures for security and data privacy; see our ISO 27001 certification, SOC2 report or pre-signed DPA for more information.

Incident Reporting Protocols: We have mechanisms in place to identify and report any significant cybersecurity incidents in a timely manner; find more information here and here.

Transparency and Documentation: We maintain comprehensive documentation of our security policies and incident response plans, which are part of our annual SOC2 audit performed by independent 3rd party auditors. Atlassian also provides an overview of implemented policies here.

Cooperation with Authorities: We are committed to fully cooperating with national cybersecurity agencies and to adhere to their requirements to confirm our compliance.

(links removed due to invalid HTML)

3 answers

1 vote
Joseph Chung Yin
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 23, 2023

@Kristoffer Bundgaard -

I would recommend that you to reach to Atlassian Support (https://support.atlassian.com) for direct assistance on the NIS2 directive compliance with JSM product.

Here are a few Atlassian links that address compliances -

https://www.atlassian.com/trust/compliance/resources

https://www.atlassian.com/trust

Hope this helps.

Best, Joseph Chung Yin

Jira/JSM Functional Lead, Global Technology Applications Team

Viasat Inc.

Kristoffer Bundgaard October 24, 2023

Hi Joseph

Thanks. I already asked them, but forgot to mention it in my post. 

Br, Kris

0 votes
Juergen Lanner May 12, 2024

Aa far as I understand NIS2 demands 2FA also for customers using JSD. This means, without a solution from Atlassian all Europe based installations are violating the rules once in place.

The answer I got from support was "discussions are ongoing internally on how to best support customers and how they meet the NIS2 compliance. Once there are updates on this discussion, this can be shared with customers and how best to proceed." 

 

Let's see when we will see those answers :-)

Kristoffer Bundgaard May 13, 2024

Hi @Juergen Lanner 

That's a classic Atlassian answer...

0 votes
Kristoffer Bundgaard October 24, 2023

Asked Atlassian for this:

Thanks for the quick reply. I have forwarded the answer from the trust team to the customer. If they need a meeting I will reach out.

But, the answer from the trust team is how the Cloud Platform complies with NIS2.

There is also a need for Atlassian to provide answers to how JSM supports the processes and requirements described in NIS2.

ServiceNow consulting firms are answering this question already: https://www.linkedin.com/pulse/how-ready-dora-nis2-servicenow-devoteam-n-platform

They base their answer on the functionality described for the ServiceNow Governance, Risk, and Compliance (GRC) product.

There is no similar product / description of how JSM can supports these processes. I have read a fair bit about NIS2, and I can see that JSM can support and automate these processes. But customers need a vendor statement from Atlassian on how this can be achieved.

Can you forward this requirement to the JSM product marketing team / trust team?

Joseph Chung Yin
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 24, 2023

@Kristoffer Bundgaard -

As your posting is hosted within Community env, you should follow-up with Atlassian Support (https://support.atlassian.com), so the support team can contact the JSM product team directly for you.

Best, Joseph

Kristoffer Bundgaard October 24, 2023

I already did this.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events