Regulations & Compliance: General Discussion

RJ Gazarek
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 18, 2020

Use this thread to chat with Fili about:

If compliance with FedRAMP, HIPAA, regulatory frameworks dictated by BaFIN, FINRA and APRA or others are top of mind for you, we’d like to hear more! What regulatory frameworks do you need us to satisfy in order to adopt our Cloud Products? Curious about what is in the roadmap already? You can find that here.

8 comments

Comment

Log in or Sign up to comment
JiraJared
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
November 20, 2020

Hey RJ,

APRA is a big one for us - is there any chance earlier evidence can be provided on a case by case basis?

I see the linked page has 2022, is that likely to be early or late 2022?

Jared.

Filiberto Selvas
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 24, 2020

Hello @Jared Dohrman , thanks for the post 

We currently have it in 2nd half of 2022, timeline will be re-evaluated in an ongoing basis based on demand and opportunity.  FYI the aspect of security and access controls is already in progress, as it has a considerable overlap with NIST 800.53 that we are already addressing.   Could you share with me the domain of the company requiring APRA?  we are tracking that as one of the data inputs for prioritization, if you prefer to email I can be reached at fselvas at Altassian dot com 

Like # people like this
Matteo Gubellini _SoftComply_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 25, 2020

Hello,

I can provide some insights into the Medical Device regulations. We are already feeding information to Fili, but I'm happy to help here too if necessary.

The standards we have to comply to are:

ISO 13485

21 CFR 11, 21 CFR 820 (in the US)

MDD / MDR (in the EU)

Let me know how I can help.

 

Regards

Matteo

Filiberto Selvas
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 30, 2020

Thank you Matteo

office December 9, 2020

As has already been remarked by @Thomas Dörfler in the parallel discussion on data residency requirements, switching to cloud may seem like an exciting adventure, but not for a system that you use to store and organize your know-how.

The same is true for data that is classified and that you are legally obliged to safeguard according to the respective national laws (like the UK's Official Secrets Act) and regulations (like the German Verschlusssachenanweisung). Moving to the cloud simply is not an option in this case, and one can't help but feel left out in the cold by Atlassian in such a case. As has been remarked by @kajtzu in the same parallel discussion, for SMEs, DC edition, which might have offered a way out of this, is cost-prohibitive. So one can only agree once more with him that the way it currently feels like is that Atlassian doesn't care about SMEs anymore.

In essence, what is needed to meet legal requirements related to protection of classified data is that Atlassian either reverses its position on no longer supporting Server beyond 2024, or introduces a DC edition that is accessible also for SMEs. And that is needed very fast - unless Atlassian wants to loose SMEs having to adhere to their national laws relating to the processing of classified data for good.

Like # people like this
Bernhard Reiter February 4, 2021

Hi RJ,

you've raised the question, why some customers seem to have no issue with e. g. GDPR and Cloud while others do. From my experience, there are two types of companies. While one type is heavily audited due to

  • industry (GxP, Banking)
  • size (i.e. is it mandatory for them, that their fiscal statement is audited externally)
  • if they have a strong labor union
  • how long and in wich departments they use Jira (is it already in the focus of the auditors)

the other is not (yet).

Besides this, to my opinion one major concern about cloud is the fact, that as an US based company an american judge or e. g. the NSA can force Atlassian to disclose (secret) data to american institutions.

Regards

Bernhard

marc -Collabello--Phase Locked-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 11, 2021

I've got a question relating to GDPR and DPA's (Data Processing Agreements).  As I understand, as part of a DPA, you must provide a list of sub-processors.  Is Atlassian going to provide such a list?

Wyatt Davis February 22, 2021

Any news on 21 CFR 11 and ISO 13485?

Like # people like this
Scott Lundgren August 11, 2021

Will GXP be added to this roadmap?

Like # people like this
Ronson LeVau April 20, 2022

In reference to @Wyatt Davis and @Scott Lundgren questions, is there validation documentation that would be available, or will be made available?

Marion Lepmets _SoftComply_
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
April 21, 2022

Hi @Ronson LeVau

We help medical device companies with validation.

In case you wish to learn more, please let me know - marion@softcomply.com 

TAGS
AUG Leaders

Atlassian Community Events