Vendor Security & Risk Responses

At Atlassian, we are transparent in how we operate, secure and manage our cloud services. We understand that many of our customers have a Vendor Risk Management process for cloud services.

We have implemented a structured controls framework to manage the operations, security and reliability of our cloud services. Many of these controls are externally validated, and some controls are internal only. You can find more on our Compliance Resource Center.

If your Vendor Risk Management process is based on any of the below standardized questionnaires, you can download our pre-completed questionnaires. If your Vendor Risk Management process relies on external certification, see our Compliance Resource Center.

If the options below do not answer the questions you have, feel free to contact Atlassian Support.

A comment on the value of compliance

Atlassian has compiled the below questionnaire responses to answer the common questions and formats that we receive from customers. However, it is worth saying that each of the below questionniares are self-attestation style responses. No independent third party has tested or validated these responses, and they should not be considered contractual and may be subject to change. 

All of our independently validated, external attestations and certificates can be found on our Atlassian Compliance page. We firmly believe these certifications can and should serve as your primary assurance that we are operating, securing and managing our cloud-services with the interests of our customers in mind. 

If you have any questions about our Compliance certificates, please contact Atlassian Support.

Cloud Security Alliance (CSA) - Consensus Assessment Initiative Questionnaire (CAIQ)

The Cloud Security Alliance was formed in 2009 as a research organization to determine the best practices for secure cloud computing. Over time, the CSA has issued a number of papers and practices on how to secure your cloud, your cloud service, and how evaluate a cloud service provider. 

The CSA Cloud Controls Matrix (CCM) was developed, as well as the CSA Consensus Assessment Initiative Questionnaire (CAIQ), along with the STAR registry to house the completed questionnaires from cloud service providers. 

The CSA is among the best known cloud service frameworks and standards. The Atlassian CAIQ entries can also be found on the Atlassian STAR registry.

• Download the Atlas Cloud CAIQ
• Download the Bitbucket Cloud CAIQ
• Download the Jira and Confluence Cloud CAIQ 
• Download the Jira Align Cloud CAIQ
• Download the Jira Product Discovery CAIQ
• Downloand the Jira Service Management CAIQ
• Download the Halp CAIQ
• Download the Loom CAIQ
• Download the Opsgenie CAIQ
• Download the Statuspage CAIQ
• Download the Trello CAIQ

Whistic

Whistic has built a platform which supports Company and Product Security Profiles, including a series of industry standard questionnaires detailing common security, operational and organizational controls. Click the links below to request access to Atlassian's Whistic Security Profiles:

• Bitbucket Cloud Security Profile
• Confluence Cloud Security Profile
• Jira Align Security Profile
• Jira Cloud Security Profile
• Opsgenie Security Profile 
• Statuspage Security Profile
• Trello Security Profile

Built on the market’s first third-party cyber risk exchange, CyberGRX's dynamic and scalable approach is innovating third party cyber risk management for enterprises and third parties.  Click the link below to request access to Atlassian's CyberGRX Report:

• Access the Atlassian Assessment at CyberGRX