My client an assurance company , where we have JIRA SW cloud instance is asking Atlassian to give evidences of Security Scanners to detec intrusion etc... in its site sabdellzurich.atlassian.net.
Atlassian does not share the reports of the tests they performed. But this is not enough fro the client.
I can not believe this is the first time a client ask something like this to Atlassian.
Can any body help me and give me a bit of light?
Thanks a lot
Your client needs to understand that they are buying Software as a Service, not a server.
You can ask Atlassian for more detail, but most of what you will get is assurances that their testing and security is thorough, and references to their public documentation. Remember that they test and monitor all the systems, not individual Cloud sites, so the results are sensitive to each site and hence can't be shared.
If your client has specific questions, you could ask them here for more detail in general, but if that's not enough, raise a support request with Atlassian directly, they may give you something more. https://support.atlassian.com/contact/#/
They can always refer to the trust center (https://www.atlassian.com/trust/security)
The fact that Atlassian is certified in certain ISO's should be sufficient to demonstrate that they are secure and compliant.
Like @Nic Brough _Adaptavist_ mentions, specific site testing won't really be a thing, the platform in itself is validated and secured.
Hello Community! Quick disclaimer: We are running a contest on Community (The Atlympics!) from July 23rd - August 8th of 2021. If you are interested in participating in this contest (prizes! ...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events