Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,456,381
Community Members
 
Community Events
176
Community Groups

Cloud Compliance AMA

G’day everyone and happy 2022! 

My name is Filiberto Selvas and I’m a Principal Product Manager focused on data management and compliance in highly regulated industries ! At Atlassian, we understand that you face a complex and dynamic regulatory environment, which is why we’re focused on providing the tools and resources customers need to navigate this ever-changing landscape.

In the last year, our team has worked on several improvements to our compliance program, from adding new features like data residency to enabling stronger operational practices that include audit and oversight rights to allow customers to abide by stricter regulatory standards. These improvements help assure that customers can abide by financial services regulatory standards in Europe, and have paved the way for future capabilities, like HIPAA (launching this quarter) and FedRamp (2023). We want to continue to build on that momentum by creating a forum for you, our customers, to ask questions about how we’re meeting these requirements and/or future investments.

Here's how it works:

Add your questions below any time during the month of January. Be sure to take a look at other community members’ questions and up-vote those that you find interesting.

You can expect to see answers from me and my team rolling in on a weekly basis. Watch the page and be ready to add follow-up questions and discuss further with other Community members. 

Note: The information provided by Atlassian here is not legal advice. Customers are responsible for making their own independent risk and compliance assessments.

Cheers,

Filiberto

22 comments

We are a military supplier and have been waiting for data residency. Currently we have an on premise Confluence system that we are waiting for data residency to be available so we can move to cloud. In addition we have a cloud Jira implementation which currently is also waiting on data residency so we can gain full utilization of it. I am interested in the time lines of the implementation for data residency on both platforms so that we can move our systems forward.

Like Brian Hill likes this

We are a financial cie and we are also waiting for data residency. The timeline for Canada has been pushed back several times and has caused problems with our roadmaps. Here's hoping that it won't happen again.

Hosana Atlassian Team Jan 05, 2022

Hi @David Rodman, we currently offer data residency for all paid plans (Standard, Premium, and Enterprise) in 3 regions - the US, Europe, and AU. To learn more about these capabilities, please visit our documentation page.

Hi Hosana,

Would this include a migration from on prem to cloud? From what I was reading, it was only available for "no data" implementations. Our on prem has data that would need to be moved up.

Hi Filberto, 

Do we have an implementation timeline yet on Service Desk HIPAA compliance? 

Thanks!

Brooklyn

Hello @David Rodman , 

The process of migration is independent from the capability of keeping data resident in a specific region.  You can definitely create a Cloud instance, set it up for data residency in a specific region, and then migrate your on premise data to it... or the other way around (the former is more advisable though). 

Please do review the document Hosana offered above, you mention you are a military supplier and I want to make sure you know the data residency capability we have mentioned does not offer ITAR level guarantees. 

 

I hope this helps 

Like David Rodman likes this

Hello @Brooklyn Trumpy , not yet, it should be a couple more weeks.  Meeting Monday and Tuesday to discuss this, will define that timeline for JSM as soon as possible! 

Like Brooklyn Trumpy likes this

Thank you for the input @Carmen Nadeau , we will do all in our power to keep the timeline as it stands today 

Thank you for the additional information Filiberto. Is there additional information or someone I can discuss ITAR related information with. Since many of the ITAR controls have been changed and data residency is the primary one, this may still work for us. If not, the landscape will be pretty grim when on premise solutions are no longer supported.

happy to schedule a call @David Rodman , send me an email to fselvas at Atlassian dot com and we can find a time 

We're a nonprofit government law enforcement agency and we have onprem Jira, Confluence, Bitbucket, and Bamboo and with the new change, Data Center is not possible with our limited budget and small team (< 50). Do you have a timeline on CJIS compliance for Jira, Confluence, and Bitbucket?

Hello @DRFavreau , 

We currently don't have CJIS in our roadmap, I am not an expert in CJIS but my understanding is that there is no standardized assessment approach to determining whether a Cloud solution is considered CJIS compliant, we will be happy to provide you all information available to help make the determination if that is feasible.  A couple initial pointers: 

I hope this is helpful 

Hello security and compliance team. I am in a very similar circumstance to DRFavreau. I am the CJIS ISO for a Law Enforcement agency. We would struggle to be able to procure the Data Center for budgetary and justification purposes. I believe there is a possibility that CJIS compliance can be obtained with the current level of AoC provided by Atlasian. The most important aspects would be:

  • Support teams within Atlasian that have access to data within a LE license tenant
  • Data at rest and the level of encryption.

If Atlasian is willing to provide those details in a formal capacity I believe ISO's can provide those details in their CJIS Audits with the FBI to ensure Criminal History data is secured appropriately in the cloud. This would be helpful and would allow LE agencies to continue to use Atlasian products and I would take a guess that it would also attract additional agencies to your solutions.

Please let me know if we can start a conversation based around this through email or some sort of communication channel that supports this effort.

Thank you for your time.

Hello @Rob Yardman , 

HIPAA related update:

Yesterday we announced that Atlassian is ready to sign BAA agreements for compliance with the HIPAA law provisions for the Enterprise Plan version of JSW and Confluence. More information here: https://www.atlassian.com/trust/compliance/resources/hipaa 

We will soon update our public roadmap to include a timeline for JSM HIPAA as well, ETA is at the end of calendar year 2022. 

Please let me know of any questions 

I am following up on the status of Atlassian's position on ITAR compliance to see where it stands. We are on premise at this point and are locked for user counts. To date we cannot migrate to cloud and Atlassian refuses to sell us additional seats. We need one of these two issues resolved quickly as it is negatively affecting our business. If it cannot be resolved, we will need to look to other solutions which we would prefer not to do as our users have found the Confluence system of value. 

Is there a line of site on ITAR compliance and can we get a temporary exception for additional licenses?

Like Rob Yardman likes this

Hello @David Rodman , 

We don't have a timeline for ITAR in our Cloud solutions yet.  Have you considered Data Center? 

We have not but would like to. Can you get me information on what is required for Data Center? 

@David Rodman , you can find information on Data Center here, and also reach out to sales through the same page: https://www.atlassian.com/enterprise/data-center 

Michelle Tan Atlassian Team May 18, 2022

Hey everyone,

I'm Michelle, the Product Manager who’s been looking after Jira Service Management’s Customer Notifications and Enterprise-related features. We're currently working towards HIPAA compliance for Jira Service Management and have rolled out a feature this week that will help you meet your organization’s compliance needs and protect your and your customers' data!

Announcing safe customer notifications in Jira Service Management as a building block for compliance and privacy needs 

I'd love for you to try out our feature and give us early feedback on the user experience as we work towards HIPAA compliance in the coming months. 😊

Hi Filiberto,  we are looking for SOC 2 Type II bridge letter for 2023, but you haven´t uploaded to the trust center.   Since we are in our SOX Audit, we kindly request your help to speed up the Bridge Letter release.  Many thanks!

Michelle Tan Atlassian Team Jan 12, 2023

Hi everyone,

Thanks a lot for your patience - we've been awaiting our external audit results and great news!

If you haven't already seen on Community, I would like to announce that Jira Service Management and a few of our other cloud products are now certified as HIPAA compliant!

For more details on HIPAA compliance, please see here.

Wishing you all a great start to 2023!

Cheers,

Michelle

Comment

Log in or Sign up to comment
TAGS

Atlassian Community Events