Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

SOC 2 Reporting Improvements

Atlassian’s 2020 reporting consisted of 8 SOC 2 reports individually attesting compliance for our cloud products. With each weighing-in at ~90 pages, we saw duplication of content, effort, inconsistent voice, not to mention that any customer using more than one of our products would need to review each individual report annually for their own compliance program requirements.

Within the last year our teams have been working hard on new products, features, and acquisitions that also require third party review and certification for customer assurance. Unchanged, that meant for our next audit year we had to add Insight, Bitbucket Pipelines, Data Lake, Forge, and Compass into the mix.

For those counting at home (and still paying attention), that brings us to 13 SOC 2 reports.

So we reframed our approach, identified our products utilising key core technologies and supporting platforms, and began consolidating the detail to create the Atlassian Platform Products report. Use of these same systems, tools, and processes (e.g., Standard backups, Change, and Incident Management) reduces testing time, removes the need for 1:1 auditor and product team walkthroughs, and reduces the chance of deviation from control requirements.

This said, there will still be more than one SOC 2 report for this round, but we’re okay with this. Some of our products aren’t on the Atlassian common platform at all, or only parts of them are (with system and tool migrations planned for the future), so we’ll still have individual reports for our beloved Halp, Jira Align, Statuspage, and Trello products. However, we can all agree that 5 reports are better than 13.

See our Compliance Resource Center for more information and keep a look out for our next update confirming our SOC 2 product reporting results.


Is the security post leaking a new product release? Plato?

Amy Knapp Atlassian Team Nov 30, 2021

@Boris Berenberg - Atlas Authority this is an internal reference to Atlassian Data Lake, which is in the early access stage of testing: Thanks for pointing that out!

Like # people like this
Alice White Atlassian Team Dec 12, 2021

Awesome work Amy & R&C team! Less is more ;)

Like Amy Knapp likes this


Log in or Sign up to comment

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you