SOC 2 Reporting Improvements

Atlassian’s 2020 reporting consisted of 8 SOC 2 reports individually attesting compliance for our cloud products. With each weighing-in at ~90 pages, we saw duplication of content, effort, inconsistent voice, not to mention that any customer using more than one of our products would need to review each individual report annually for their own compliance program requirements.

Within the last year our teams have been working hard on new products, features, and acquisitions that also require third party review and certification for customer assurance. Unchanged, that meant for our next audit year we had to add Insight, Bitbucket Pipelines, Data Lake, Forge, and Compass into the mix.

For those counting at home (and still paying attention), that brings us to 13 SOC 2 reports.

So we reframed our approach, identified our products utilising key core technologies and supporting platforms, and began consolidating the detail to create the Atlassian Platform Products report. Use of these same systems, tools, and processes (e.g., Standard backups, Change, and Incident Management) reduces testing time, removes the need for 1:1 auditor and product team walkthroughs, and reduces the chance of deviation from control requirements.

This said, there will still be more than one SOC 2 report for this round, but we’re okay with this. Some of our products aren’t on the Atlassian common platform at all, or only parts of them are (with system and tool migrations planned for the future), so we’ll still have individual reports for our beloved Halp, Jira Align, Statuspage, and Trello products. However, we can all agree that 5 reports are better than 13.

See our Compliance Resource Center for more information and keep a look out for our next update confirming our SOC 2 product reporting results.

3 comments

Comment

Log in or Sign up to comment
Boris Berenberg - Atlas Authority
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 30, 2021

Is the security post leaking a new product release? Plato?

Amy Knapp
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 30, 2021

@Boris Berenberg - Atlas Authority this is an internal reference to Atlassian Data Lake, which is in the early access stage of testing: https://community.atlassian.com/t5/Jira-Software-articles/Introducing-Atlassian-Data-Lake-for-Jira-Software-Early-Access/ba-p/1584438 Thanks for pointing that out!

Like # people like this
Alice White
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 12, 2021

Awesome work Amy & R&C team! Less is more ;)

Like Amy Knapp likes this
TAGS
AUG Leaders

Atlassian Community Events