The International Organization for Standardization (ISO) is an independent, non-governmental international organization with an international membership of 167 national standards bodies. The ISO/IEC 27000 family of standards helps organizations keep their information assets secure.
ISO/IEC 27001:2013 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO/IEC 27002 best practice guidance. The basis of this certification is the development and implementation of a rigorous security program, which includes the development and implementation of an Information Security Management System (ISMS), which we call the Atlassian Trust Management System (ATMS), which defines how we manage security in a holistic, comprehensive manner.
ISO/IEC 27018 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in line with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
The Atlassian Trust Management System supports the operations underlying our cloud offerings and is governed by the implemented controls in accordance with the organizational Statement of Applicability, which further extends to the additional controls defined within ISO/IEC 27018:2019.