FY22 ISO/IEC 27001 Certification Update

ISO/IEC 27001 Certification Update

Overview

The International Organization for Standardization (ISO) is an independent, non-governmental international organization with a membership of 167 national standards bodies. ISO brings together experts to share knowledge and develop voluntary, consensus-based, market relevant International Standards that support innovation and provide solutions to global challenges.

Atlassian has implemented and is certified with the below ISO standards:

  • ISO/IEC 27001 outlines and provides requirements for an information security management system (ISMS).

  • ISO/IEC 27018 is focused on the protection of personally identifiable information (PII) and also supports compliance with GDPR.

What Atlassian Cloud Offerings are ISO/IEC 27001:2013 certified?

Atlassian is proud to announce we have received ISO/IEC 27001:2013 certification renewals for Jira Cloud, Confluence Cloud, Bitbucket Cloud, Trello, Statuspage, Opsgenie, Jira Align, and Jira Service Management. This audit cycle we also added Halp, Compass, Forge, Data Lake, Insight, and Bitbucket Pipelines to the ISO/IEC 27001:2013 certification. The Atlassian Trust Management System supporting the operations underlying these cloud offerings are governed by the implemented controls in accordance with the organizational Statement of Applicability, which further extends to the additional controls defined within ISO/IEC 27018:2019. The Statement of Applicability (SoA) is available upon request via support.

You can download this certificate from our Compliance Page: Compliance at Atlassian | Atlassian.

2 comments

Comment

Log in or Sign up to comment
Xavier Willemin February 24, 2022

Hi @Hema Vadodaria , What about the certificate for ISO/IEC 27018? The one I find online expired on January 22nd 2022. Is Atlassian still ISO/IEC 27018 certified ? Thank you.

Hema Vadodaria
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 24, 2022

Hi @Xavier Willemin, a recent amendment to ISO/IEC 27006:2015 (req 8.2.1) was made that references how some certification documents shall be stated as being only a control set source for controls applied in the Statement of Applicability and not a certification on their own. 

The ISO/IEC 27001:2013 certificate is a combined certification with a statement appended that states the Statement of Applicability is extended by the additional controls within ISO/IEC 27018:2019. You can download the certificate from our ISO 27001 Compliance page and the Statement of Applicability (SoA) is available upon request via support.

Like Xavier Willemin likes this
TAGS
AUG Leaders

Atlassian Community Events