Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,456,368
Community Members
 
Community Events
176
Community Groups

SOC 2 Reporting Improvements

Atlassian’s 2020 reporting consisted of 8 SOC 2 reports individually attesting compliance for our cloud products. With each weighing-in at ~90 pages, we saw duplication of content, effort, inconsistent voice, not to mention that any customer using more than one of our products would need to review each individual report annually for their own compliance program requirements.

Within the last year our teams have been working hard on new products, features, and acquisitions that also require third party review and certification for customer assurance. Unchanged, that meant for our next audit year we had to add Insight, Bitbucket Pipelines, Data Lake, Forge, and Compass into the mix.

For those counting at home (and still paying attention), that brings us to 13 SOC 2 reports.

So we reframed our approach, identified our products utilising key core technologies and supporting platforms, and began consolidating the detail to create the Atlassian Platform Products report. Use of these same systems, tools, and processes (e.g., Standard backups, Change, and Incident Management) reduces testing time, removes the need for 1:1 auditor and product team walkthroughs, and reduces the chance of deviation from control requirements.

This said, there will still be more than one SOC 2 report for this round, but we’re okay with this. Some of our products aren’t on the Atlassian common platform at all, or only parts of them are (with system and tool migrations planned for the future), so we’ll still have individual reports for our beloved Halp, Jira Align, Statuspage, and Trello products. However, we can all agree that 5 reports are better than 13.

See our Compliance Resource Center for more information and keep a look out for our next update confirming our SOC 2 product reporting results.

3 comments

Is the security post leaking a new product release? Plato?

Amy Knapp Atlassian Team Nov 30, 2021

@Boris Berenberg - Atlas Authority this is an internal reference to Atlassian Data Lake, which is in the early access stage of testing: https://community.atlassian.com/t5/Jira-Software-articles/Introducing-Atlassian-Data-Lake-for-Jira-Software-Early-Access/ba-p/1584438 Thanks for pointing that out!

Like # people like this
Alice White Atlassian Team Dec 12, 2021

Awesome work Amy & R&C team! Less is more ;)

Like Amy Knapp likes this

Comment

Log in or Sign up to comment
TAGS

Atlassian Community Events