Close

Compliance at Atlassian

Don't just take us at our word - we encourage you to inspect and verify our security and privacy practices and operations. Our team is constantly working to expand coverage to help organizations meet compliance needs.

 

Our compliance program

SOC logo

SOC 2

SOC 2 (System and Organization Controls) is a regularly refreshed report that focuses on non-financial reporting controls as they relate to security, availability, and confidentiality of a cloud service.

SOC logo

SOC 3

SOC 3 (System and Organization Controls) is a regularly refreshed report that focuses on internal controls as they relate to security, availability, and confidentiality of a cloud service.

Download SOC3 for:

PCI DSS logo

PCI DSS

The Payment Card Industries Data Security Standard is an information security standard for the handling of credit card information.

Download our PCI Attestations of Compliance (AoC) for:

ISO/IEC 27018 logo

ISO/IEC 27001

ISO 27001 is specification for an information security management system (ISMS), which is a framework for an organization's information risk management processes.

Products included in certification : Jira Cloud, Confluence Cloud, Bitbucket Cloud and Trello

Iso/IEC 27018 logo

ISO/IEC 27018

ISO 27018 is a code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors.

Products included in certification : Jira Cloud, Confluence Cloud, Bitbucket Cloud and Trello

Privacy Shield logo

Privacy Shield

The US/EU Privacy Shield and US/Swiss Privacy Shield programs provide additional privacy protection for EU residents when their personal data is moved outside of Europe to the United States.

GDPR logo

GDPR

The General Data Protection Regulation is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area.

VPAT logo

VPAT

The Voluntary Product Accessibility Template is a document used by providers to self-disclose the accessibility of a particular product.

Clipboard

Vendor Management and Security Assessment Program

Our data centers, co-location, and managed service providers undergo a thorough security assessment as a part of the evaluation process and then undergo regular SOC1, SOC2 and/or ISO/IEC 27001 audits thereafter. In the event these audits have material findings, which present risks to Atlassian or our customers, we work closely with the vendor to track their remediation efforts until the issue has been resolved.

Control panel

The Atlassian Controls Framework

Our Common Controls Framework is a set of security activities and controls Atlassian implements across our global product and infrastructure teams. To create this framework, we analyzed the requirements of all the certifications that apply to Atlassian customers around the world. This holistic and structured approach to compliance enables us to consistently implement these controls across Atlassian’s products and infrastructure.

Network globe with flag

Cloud Security Alliance Membership

Atlassian is a member of the Cloud Security Alliance (CSA), a not-for-profit organization whose mission is to promote best practices for security assurance in cloud computing. CSA’s Security, Trust & Assurance Registry (STAR) is a publicly accessible registry that documents industry-verified security controls. We routinely update a Consensus Assessment Initiative (CAI) Questionnaire and make it publicly available to view.


Get more visibility into our cloud platform roadmap

We're committed to providing visibility into our upcoming security, compliance, privacy, and reliability releases wherever possible.

Cloud platform roadmap (Track, Plan, and Support)

We’re here and ready to answer all of your questions.

Trust & Security Community

Join the Trust & Security group on the Atlassian Community to hear directly from our Security team and share information, tips, and best practices for using Atlassian products in a secure and reliable way.

Atlassian Support

Reach out to one of our highly-trained support engineers to get answers to your most specific security questions. You may find the answers to many of your questions on our pre-filled security questionnaires.