Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Bridging the Gap: From Information Security to Compliance

Dimitris Sylligardakis
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 7, 2024

Hello again, Atlassian Community!

Last time, we embarked on a journey through the realm of Information Security, unravelling its significance within the Atlassian ecosystem. As we continue to navigate through our Infosec and Compliance series, today's chapter opens a new door, leading us into the world of compliance. 

In this segment, I’ll demystify some essential compliance frameworks and spotlight those most relevant to our ecosystem, and in turn, your organisation. Let's dive in!

 

What exactly is compliance, and how does it relate to Information Security?

Compliance refers to the process of adhering to laws, regulations, guidelines, and specifications relevant to business operations. 

In the context of Information Security and your organisation, compliance ensures that you’re meeting data protection and privacy regulations, as well as safeguarding both the organisation and its customers. It's all about aligning business practices with legal and regulatory requirements for better outcomes.

 

Okay, but why is compliance so important?

There are a multitude of reasons why compliance matters. Here are some of the most important:

  • Avoid penalties and fines: Non-compliance can lead to significant financial repercussions.
  • Protect your brand reputation: Customers trust businesses that demonstrate compliance–a breach can lead to substantial reputational and financial damage.
  • Gain a competitive edge: Compliance gives you a competitive advantage. It signals you're trustworthy to potential customers and positions you as a preferred partner.

 

Can you highlight some common compliance frameworks relevant to the Atlassian ecosystem?

Absolutely! There are several important compliance frameworks relevant to the Atlassian ecosystem. Some of the most notable ones include:

GDPR (General Data Protection Regulation): A key regulation for any organisation dealing with EU citizens' data, focused on data protection and privacy.

HIPAA (Health Insurance Portability and Accountability Act): Essential for entities dealing with healthcare information in the US, focusing on the protection of sensitive patient data.

SOC 2 (Service Organization Control 2): A framework for technology and cloud computing companies, including those leveraging Atlassian tools, ensuring secure management of data.

ISO 27001: An international standard outlining best practices for an information security management system (ISMS), applicable across various industries.

FedRAMP:  A US government program ensuring a standardised approach to security assessment, authorisation, and continuous monitoring of cloud services.

SOX 404 (IT): A US government program ensuring a standardised approach to security assessment, authorisation, and continuous monitoring of cloud services.

PCI DSS: An information security standard designed to protect cardholder data during processing, storage, and transmission.

NIST SP 800-53 Rev 4: A cybersecurity framework developed by the National Institute of Standards and Technology (NIST) to help organisations secure their information systems. It's particularly relevant for organisations that handle government data.

 

This is interesting, but how does all this tie into my use of Atlassian tools?

Great question! Atlassian products are a powerful part of any good compliance toolkit. Here's why:

Documentation: Confluence is perfect for storing your policies, procedures, and evidence of compliance activities.

Collaboration: Jira and Confluence make it seamless for teams to collaborate on compliance tasks and stay aligned.

Audit trails: Atlassian tools give you the detailed history you need to demonstrate adherence to regulations.

 

Is there any way to make it easier to meet compliance requirements?

We get it–compliance can be complex, which is why companies like Upscale exist! 

We specialise in crafting apps that streamline compliance processes for companies within the Atlassian ecosystem. 

Want to optimise your Atlassian setup for security and compliance? We can help you leverage the power of Jira to help you achieve and demonstrate compliance, effortlessly.

We understand that compliance isn’t a one-time task, but an ongoing process. We're always looking to evolve and improve our offerings, ensuring you always have the compliance tools you need against the backdrop of changing regulations and business needs.

 

What's next?

So, we've touched on the basics of compliance and key frameworks to be aware of. Now, I want to hear from you!

How do you ensure your Atlassian tools are compliant with specific regulations? Are there any challenges you've faced in aligning your Atlassian practises with compliance frameworks?

Stay tuned for our next post, where we'll dive into Security Best Practices for Jira (Permissions, secure workflows, issue-level security) within the Atlassian ecosystem. Your feedback and questions are invaluable, so feel free to share your thoughts, experiences, or topics you’d like me to talk about in the future in the comments below!

2 comments

Comment

Log in or Sign up to comment
Brad Barber
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
May 7, 2024

Hi Dimitris,


I read that Atlassian Jira is on the path to be FedRAMP compliant by Q1 2025 (https://community.atlassian.com/t5/Trust-Security-articles/It-s-official-FedRAMP-Moderate-has-a-new-date-in-cloud/ba-p/2488663). However, it is unclear to me whether Atlassian Confluence will also be a FedRAMP certified cloud service. Do you have any information that you can share regarding Confluence and FedRAMP? I also would like to know if Atlassian intends to pursue Tx-RAMP certification when the provisional TX-RAMP certification expires in December.

Thanks for any insights you can offer.

BB

Dimitris Sylligardakis
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 7, 2024

Hi Brad,

I've been also following the specific discussion and the roadmap they have given us for FedRAMP-Moderate. The roadmap shows that Confluence is included in the products to become FedRAMP certified but they haven't come back with any updates or timelines. I'm on the same boat as everyone else in terms of visibility. 

I've reached out and hopefully we can get an update and next steps for the roadmap from the Atlassian team 

Humashankar VJ
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 8, 2024

Great Information.

TAGS
AUG Leaders

Atlassian Community Events