SOC Reports are independent third-party examination reports that provide detailed information and assurance about controls in place at service organizations. Refer to the AICPA for further details.
When outsourcing services, it is critical to verify that the service organization has effective internal controls in place. System and Organization Controls (SOC) Reports establish trust and confidence in a service organization by providing assurance their internal controls over the systems are designed and operating effectively.
To offer this assurance, Atlassian provides SOC 2 reports relevant to security and availability of the systems Atlassian uses to process users' data and the confidentiality of the information processed by these systems. These reports can be used to evaluate Atlassian and verify that we meet your requirements from various teams including Security, Compliance, Internal Audit, and Procurement, among others.
Atlassian is proud to announce we have obtained updated SOC 2 Type II certifications for our major products: Jira Cloud, Confluence Cloud, Bitbucket Cloud, Trello, and Opsgenie.
In addition, we have also added Statuspage to our portfolio of SOC 2 certifications by obtaining the SOC 2 Type I report. We are aiming to achieve SOC2 Type II for Statuspage and Jira Align in 2020.
You can download the latest certifications from our Compliance Page: https://www.atlassian.com/trust/compliance.
Atlassian SOC 2 Type II reports are maintained on an annual basis for a rolling 12-month cycle that begins in November and ends in October of the following year. External audits typically occur in November and refreshed reports are usually available prior to 31 December each year.
The International Organization for Standardization (ISO) is an independent, non-governmental international organization with a membership of 164 national standard bodies. ISO brings together experts to share knowledge and develop voluntary, consensus-based, market relevant International Standards that support innovation and provide solutions to global challenges.
Atlassian has implemented and is certified with the below ISO standards:
ISO/IEC 27001 which outlines and provides requirements for an information security management system (ISMS).
ISO/IEC 27018 which is focused on the protection of personally identifiable information (PII).
Atlassian has received ISO/IEC 27001 and ISO/IEC 27018 certification renewals for Jira Cloud, Confluence Cloud, Bitbucket Cloud, and Trello. Opsgenie is also now certified to the ISO/IEC 27001 standard and ISO/IEC 27018 standard.
In addition, we are aiming to achieve ISO/IEC 27001 and ISO/IEC 27018 for Statuspage in 2020.
You can download these certifications from our Compliance Page: https://www.atlassian.com/trust/compliance.