System and Organization Controls (SOC) Reports are independent third-party examination reports that provide detailed information and assurance about controls in place at service organizations. Refer to the AICPA for further details.
When outsourcing services, it is critical to verify that the service organization has effective internal controls in place. SOC Reports establish trust and confidence in a service organization by providing assurance their internal controls are designed and operating effectively.
To offer this assurance, Atlassian provides SOC 2 reports relevant to security and availability of the systems Atlassian uses to process users' data and the confidentiality of the information processed by these systems. These reports can be used to evaluate Atlassian systems or products and verify that we meet our customer requirements across Security, Compliance, Internal Audit, Procurement, and other governance needs.
Atlassian is proud to announce we have obtained updated SOC 2 Type II reports for Atlassian Platform (encompassing Jira Cloud, Confluence Cloud, Bitbucket Cloud, Bitbucket Pipelines, Opsgenie, Jira Service Management (JSM), Data Lake, Forge, Insight, and Compass), Halp, Jira Align, Statuspage, and Trello.
You can download the latest certifications from our Compliance Page: SOC 2 | Atlassian.
Atlassian SOC 2 Type II reports are maintained on an annual basis for a rolling 12-month cycle that begins in October and ends in September of the following year. External audits typically occur in November and refreshed reports are usually available prior to 31 December each year.
Bridge letters are used to bridge the “gap” between the end date of the most recently completed SOC report(s) and the date of the bridge letter.
You can download the latest bridge letter, updated prior to 31 January each year, from our Compliance Page: SOC 2 | Atlassian.
Amy Knapp
Risk & Compliance Manager
Atlassian
Salt Lake City, UT
15 comments