Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Regulations & Compliance: General Discussion

RJ Gazarek Atlassian Team Nov 18, 2020

Use this thread to chat with Fili about:

If compliance with FedRAMP, HIPAA, regulatory frameworks dictated by BaFIN, FINRA and APRA or others are top of mind for you, we’d like to hear more! What regulatory frameworks do you need us to satisfy in order to adopt our Cloud Products? Curious about what is in the roadmap already? You can find that here.


JiraJared Community Leader Nov 20, 2020

Hey RJ,

APRA is a big one for us - is there any chance earlier evidence can be provided on a case by case basis?

I see the linked page has 2022, is that likely to be early or late 2022?


Hello @__JiraJared , thanks for the post 

We currently have it in 2nd half of 2022, timeline will be re-evaluated in an ongoing basis based on demand and opportunity.  FYI the aspect of security and access controls is already in progress, as it has a considerable overlap with NIST 800.53 that we are already addressing.   Could you share with me the domain of the company requiring APRA?  we are tracking that as one of the data inputs for prioritization, if you prefer to email I can be reached at fselvas at Altassian dot com 

Like # people like this


I can provide some insights into the Medical Device regulations. We are already feeding information to Fili, but I'm happy to help here too if necessary.

The standards we have to comply to are:

ISO 13485

21 CFR 11, 21 CFR 820 (in the US)

MDD / MDR (in the EU)

Let me know how I can help.




Thank you Matteo

As has already been remarked by @Thomas Dörfler in the parallel discussion on data residency requirements, switching to cloud may seem like an exciting adventure, but not for a system that you use to store and organize your know-how.

The same is true for data that is classified and that you are legally obliged to safeguard according to the respective national laws (like the UK's Official Secrets Act) and regulations (like the German Verschlusssachenanweisung). Moving to the cloud simply is not an option in this case, and one can't help but feel left out in the cold by Atlassian in such a case. As has been remarked by @kajtzu in the same parallel discussion, for SMEs, DC edition, which might have offered a way out of this, is cost-prohibitive. So one can only agree once more with him that the way it currently feels like is that Atlassian doesn't care about SMEs anymore.

In essence, what is needed to meet legal requirements related to protection of classified data is that Atlassian either reverses its position on no longer supporting Server beyond 2024, or introduces a DC edition that is accessible also for SMEs. And that is needed very fast - unless Atlassian wants to loose SMEs having to adhere to their national laws relating to the processing of classified data for good.

Like # people like this

Hi RJ,

you've raised the question, why some customers seem to have no issue with e. g. GDPR and Cloud while others do. From my experience, there are two types of companies. While one type is heavily audited due to

  • industry (GxP, Banking)
  • size (i.e. is it mandatory for them, that their fiscal statement is audited externally)
  • if they have a strong labor union
  • how long and in wich departments they use Jira (is it already in the focus of the auditors)

the other is not (yet).

Besides this, to my opinion one major concern about cloud is the fact, that as an US based company an american judge or e. g. the NSA can force Atlassian to disclose (secret) data to american institutions.



I've got a question relating to GDPR and DPA's (Data Processing Agreements).  As I understand, as part of a DPA, you must provide a list of sub-processors.  Is Atlassian going to provide such a list?

Any news on 21 CFR 11 and ISO 13485?

Like Mel Cummings likes this

Will GXP be added to this roadmap?

Like Mel Cummings likes this

In reference to @Wyatt Davis and @Scott Lundgren questions, is there validation documentation that would be available, or will be made available?

Hi @Ronson LeVau

We help medical device companies with validation.

In case you wish to learn more, please let me know - 


Log in or Sign up to comment

Atlassian Community Events