Use this thread to chat with Fili about:
If compliance with FedRAMP, HIPAA, regulatory frameworks dictated by BaFIN, FINRA and APRA or others are top of mind for you, we’d like to hear more! What regulatory frameworks do you need us to satisfy in order to adopt our Cloud Products? Curious about what is in the roadmap already? You can find that here.
Hello @Jared Dohrman , thanks for the post
We currently have it in 2nd half of 2022, timeline will be re-evaluated in an ongoing basis based on demand and opportunity. FYI the aspect of security and access controls is already in progress, as it has a considerable overlap with NIST 800.53 that we are already addressing. Could you share with me the domain of the company requiring APRA? we are tracking that as one of the data inputs for prioritization, if you prefer to email I can be reached at fselvas at Altassian dot com
Hello,
I can provide some insights into the Medical Device regulations. We are already feeding information to Fili, but I'm happy to help here too if necessary.
The standards we have to comply to are:
ISO 13485
21 CFR 11, 21 CFR 820 (in the US)
MDD / MDR (in the EU)
Let me know how I can help.
Regards
Matteo
Thank you Matteo
As has already been remarked by @Thomas Dörfler in the parallel discussion on data residency requirements, switching to cloud may seem like an exciting adventure, but not for a system that you use to store and organize your know-how.
The same is true for data that is classified and that you are legally obliged to safeguard according to the respective national laws (like the UK's Official Secrets Act) and regulations (like the German Verschlusssachenanweisung). Moving to the cloud simply is not an option in this case, and one can't help but feel left out in the cold by Atlassian in such a case. As has been remarked by @kajtzu in the same parallel discussion, for SMEs, DC edition, which might have offered a way out of this, is cost-prohibitive. So one can only agree once more with him that the way it currently feels like is that Atlassian doesn't care about SMEs anymore.
In essence, what is needed to meet legal requirements related to protection of classified data is that Atlassian either reverses its position on no longer supporting Server beyond 2024, or introduces a DC edition that is accessible also for SMEs. And that is needed very fast - unless Atlassian wants to loose SMEs having to adhere to their national laws relating to the processing of classified data for good.
Hi RJ,
you've raised the question, why some customers seem to have no issue with e. g. GDPR and Cloud while others do. From my experience, there are two types of companies. While one type is heavily audited due to
the other is not (yet).
Besides this, to my opinion one major concern about cloud is the fact, that as an US based company an american judge or e. g. the NSA can force Atlassian to disclose (secret) data to american institutions.
Regards
Bernhard
I've got a question relating to GDPR and DPA's (Data Processing Agreements). As I understand, as part of a DPA, you must provide a list of sub-processors. Is Atlassian going to provide such a list?
Will GXP be added to this roadmap?
In reference to @Wyatt Davis and @Scott Lundgren questions, is there validation documentation that would be available, or will be made available?
We help medical device companies with validation.
In case you wish to learn more, please let me know - marion@softcomply.com