Highlighted

Certifications Update FY20

Victoria Atlassian Team Feb 06, 2020

SOC 2

Overview

SOC Reports are independent third-party examination reports that provide detailed information and assurance about controls in place at service organizations. Refer to the AICPA for further details.

When outsourcing services, it is critical to verify that the service organization has effective internal controls in place. System and Organization Controls (SOC) Reports establish trust and confidence in a service organization by providing assurance their internal controls over the systems are designed and operating effectively.

To offer this assurance, Atlassian provides SOC 2 reports relevant to security and availability of the systems Atlassian uses to process users' data and the confidentiality of the information processed by these systems. These reports can be used to evaluate Atlassian and verify that we meet your requirements from various teams including Security, Compliance, Internal Audit, and Procurement, among others.

What Atlassian Products have SOC2 Reports?

Atlassian is proud to announce we have obtained updated SOC 2 Type II certifications for our major products: Jira Cloud, Confluence Cloud, Bitbucket Cloud, Trello, and Opsgenie.

In addition, we have also added Statuspage to our portfolio of SOC 2 certifications by obtaining the SOC 2 Type I report. We are aiming to achieve SOC2 Type II for Statuspage and Jira Align in 2020.

You can download the latest certifications from our Compliance Page: https://www.atlassian.com/trust/compliance.

When are Reports Published?

Atlassian SOC 2 Type II reports are maintained on an annual basis for a rolling 12-month cycle that begins in November and ends in October of the following year. External audits typically occur in November and refreshed reports are usually available prior to 31 December each year. 

 

ISO/IEC 27001 and ISO/IEC 27018

Overview

The International Organization for Standardization (ISO) is an independent, non-governmental international organization with a membership of 164 national standard bodies. ISO brings together experts to share knowledge and develop voluntary, consensus-based, market relevant International Standards that support innovation and provide solutions to global challenges.

Atlassian has implemented and is certified with the below ISO standards:

  • ISO/IEC 27001 which outlines and provides requirements for an information security management system (ISMS).

  • ISO/IEC 27018 which is focused on the protection of personally identifiable information (PII).

What Atlassian Products have ISO/IEC 27001 and ISO/IEC 27018 Certificates?

Atlassian has received ISO/IEC 27001 and ISO/IEC 27018 certification renewals for Jira Cloud, Confluence Cloud, Bitbucket Cloud, and Trello. Opsgenie is also now certified to the ISO/IEC 27001 standard and ISO/IEC 27018 standard.

In addition, we are aiming to achieve ISO/IEC 27001 and ISO/IEC 27018 for Statuspage in 2020.

You can download these certifications from our Compliance Page: https://www.atlassian.com/trust/compliance.

1 comment

I don't see Atlassian Access listed as one of the services covered under SOC 2.  When will Access be audited and covered by SOC 2?

Guy Atlassian Team Jul 12, 2020

Atlassian Access is a subscription that is deeply integrated into the identity system that is used across all our products and services, so it is implicitly covered in all audits of our products. At the moment there are no plans to do a separate SOC2 specifically for Access.

Comment

Log in or Sign up to comment
TAGS