Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

SOC 2 Reporting Improvements

Atlassian’s 2020 reporting consisted of 8 SOC 2 reports individually attesting compliance for our cloud products. With each weighing-in at ~90 pages, we saw duplication of content, effort, inconsistent voice, not to mention that any customer using more than one of our products would need to review each individual report annually for their own compliance program requirements.

Within the last year our teams have been working hard on new products, features, and acquisitions that also require third party review and certification for customer assurance. Unchanged, that meant for our next audit year we had to add Insight, Bitbucket Pipelines, Data Lake, Forge, and Compass into the mix.

For those counting at home (and still paying attention), that brings us to 13 SOC 2 reports.

So we reframed our approach, identified our products utilising key core technologies and supporting platforms, and began consolidating the detail to create the Atlassian Platform Products report. Use of these same systems, tools, and processes (e.g., Standard backups, Change, and Incident Management) reduces testing time, removes the need for 1:1 auditor and product team walkthroughs, and reduces the chance of deviation from control requirements.

This said, there will still be more than one SOC 2 report for this round, but we’re okay with this. Some of our products aren’t on the Atlassian common platform at all, or only parts of them are (with system and tool migrations planned for the future), so we’ll still have individual reports for our beloved Halp, Jira Align, Statuspage, and Trello products. However, we can all agree that 5 reports are better than 13.

See our Compliance Resource Center for more information and keep a look out for our next update confirming our SOC 2 product reporting results.

3 comments

Comment

Log in or Sign up to comment
Boris Berenberg - Atlas Authority
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Nov 30, 2021

Is the security post leaking a new product release? Plato?

Amy Knapp
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Nov 30, 2021

@Boris Berenberg - Atlas Authority this is an internal reference to Atlassian Data Lake, which is in the early access stage of testing: https://community.atlassian.com/t5/Jira-Software-articles/Introducing-Atlassian-Data-Lake-for-Jira-Software-Early-Access/ba-p/1584438 Thanks for pointing that out!

Like # people like this
Alice White
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Dec 12, 2021

Awesome work Amy & R&C team! Less is more ;)

Like Amy Knapp likes this
TAGS
AUG Leaders

Atlassian Community Events