The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard administered by the PCI Security Standards Council.
PCI DSS is a set of network security and business best practices guidelines adopted by the PCI Security Standards Council to establish a “minimum security standard” to protect customers’ payment card information. The scope of the PCI DSS includes all systems, networks, and applications that process, store, or transmit cardholder data, and also systems that are used to secure and log access to the systems in scope. PCI DSS applies to entities that store, process, or transmit cardholder data (CHD) or sensitive authentication data (SAD), including merchants, processors, acquirers, issuers, and service providers. The PCI DSS is mandated by the card brands and administered by the Payment Card Industry Security Standards Council.
Atlassian doesn’t store, process or transmit cardholder data. We rely on third party service providers to handle transactions and have implemented iframes for our payment processors so we never store, process or transmit cardholder data.
PCI SAQ-A is a self-assessment for organizations that meet the following criteria : Card-not-present merchants (e-commerce or mail/telephone-order) that have fully outsourced all cardholder data functions to PCI DSS validated third-party service providers, with no electronic storage, processing, or transmission of cardholder data on the merchant’s systems or premises.
Atlassian's PCI-DSS Certification does not cover customers storing credit, debit or other payment card data subject to PCI DSS, in Atlassian Cloud Products, per Section 5.3 of our Cloud Terms of Service.
Atlassian’s approach to PCI compliance is to perform a SAQ-A self assessment - copies of our attestations are linked on the left.