Close
View this page in your language?
All languages
Choose your language
Products
For teams
Support
Try for free
Buy now
Search Toggle menu
Close search

Plan, Track, & Support

Jira Software

Project and issue tracking

Jira Align

Enterprise agile planning

Jira Core

Essential business management

Jira Service Desk

IT service desk and customer service

Opsgenie

Modern incident management

Statuspage

Incident communication

Collaborate

Confluence

Document collaboration

Trello

Collaborate visually on any project

Code, Build, & Ship

Bitbucket

Git code management

Sourcetree

Git and Mercurial desktop client

Bamboo

Integration and release management

SECURITY & IDENTITY

Atlassian Access

Security and control across Cloud

Crowd

Single sign-on and identity management
View all products
Close dropdown

By team size

Startups

Great for startups, from incubator to IPO

Small business

Get the right tools for your growing business

Enterprise

Learn how we make big teams successful

By team function

Software

Plan, build, & ship quality products

Marketing

Bring together a winning strategy

HR

Streamline people management

Legal

Operate securely and reliably

Operations

Run your business efficiently

IT

Provide great service and support

Finance

Simplify all finance processes

Incident Response

Respond, resolve, & learn from incidents
View all products
Close dropdown

Atlassian support

Technical support

Raise a support ticket

Purchasing & licensing

Help on pricing or your account

Documentation

Guides to all of our products

Migrate to Cloud

Plan a migration from Server to Cloud

Enterprise services

Support for large teams

Community support

Community help

Get help from other users

Partner Program

Learn about Atlassian Partners

Find a Partner

Custom Professional Services

Learn & connect

About us

Learn about our company

Careers

Search our latest job openings

Training & Certification

Build your skills and get endorsed by Atlassian

Blogs

Thought leadership on all topics
View all support
Close dropdown

Frequently asked questions

Get answers to our top questions around security, reliability, privacy, and compliance.

Does Atlassian adhere to information security standards?

ISO/IEC 27001 - Jira and Confluence cloud have achieved ISO/IEC 27001 Certification. You can read more about the structure of our Security Management Program and you can review the ISO/IEC 27001 Certificate on our Atlassian Compliance page.

ISO/IEC 27018 - We have also acheived ISO/IEC 27018 certification for protection of personally identifiable information (PII) or personal data (PD) in our cloud environments. Our ISO/IEC 27018 Certificate can also be found on our Atlassian Compliance page.

Cloud Security Alliance - We have completed our Cloud Control Matrix CAIQ Self Assessment for the CSA Security, Trust, & Assurance Registry

HIPAA / HITECH – For our Cloud products, we are not able to sign a Business Associate agreement and we recommend our Server products for companies that need to comply. We have more information on this in our Privacy Policy.

PCI – Atlassian uses tokens with PCI DSS certified credit card processors; we never see or store your credit card details. For use of our products within PCI environments you need to assess in terms of your own PCI compliance requirements.

 

Can I see your Cloud Security Alliance (CSA) Consensus Assessment Initiative Questionnaire (CAIQ)? 

Absolutely, we hope you do.  It can be found on our Security, Trust and Assurance Registry (STAR) entry page.  We plan on updating it quarterly, or when big changes occur in our environment. Have a read through: Atlassian's STAR entry

 

Will Atlassian share information on your internal controls?

We have put a great deal of work into something we call our Atlassian Control Framework (ACF), which combines the controls from external regulatory requirements and industry standards.  We utilize this framework to implement controls internally and use external companies to evaluate and validate the implementation and operation of our controls.  You can view the status of any of our certifications or reports on our Compliance page

 

Where can I find Atlassian's security and technology policies? 

We have put a lot of work into building out an internal Policy Central inside our own Confluence. All of our policies have a similar format and structure, defined owners, and committed review cycles. You can read through the tl;dr for each of our internal Technology Domain policies. 

 

Has Atlassian defined responsibilities for cloud security and cloud operations? 

We have published a whitepaper outlining the responsibilities that we manage, and the responsibilities that each of our customers should manage. We've written it with our customers in mind, and we've detailed the particular security topics that each customer should manage. Read through the whitepaper

 

Who has access to our data?

For Atlassian Cloud Customers, we've outlined our approach in our Cloud Security Statement and our Privacy Policy.

 

Is data stored on Atlassian cloud products encrypted?

Atlassian encrypts customer data in transit and at rest.

All customer data stored within Atlassian cloud products and services is encrypted in transit over public networks using Transport Layer Security (TLS) 1.2+ with Perfect Forward Secrecy (PFS) to protect it from unauthorized disclosure or modification.

Data drives on servers holding customer data and attachments in Jira Software Cloud, Jira Service Desk Cloud, Jira Core Cloud, Confluence Cloud, Statuspage, OpsGenie, and Trello use full disk, industry-standard AES-256 encryption at rest. Customer data on Bitbucket Cloud is not fully encrypted at rest.

To learn more, please see our Security Practices page.

 

Is Transport Layer Security (TLS) always used for data encryption on Atlassian cloud products?

Yes, all Atlassian Cloud systems only use TLS, along with PFS, for communication. In line with Industry standards, we have removed support for SSL 3.

 

How are passwords for Atlassian cloud products stored?

Passwords are cryptographically hashed within the Atlassian cloud, which enables user management.

 

Does Atlassian audit its cloud security?

We have an extensive security program that includes ongoing testing of our our hosted systems and products.  We also undertake third party independent assessments of our Cloud products. Our primary testing approach is through our public bug bounty for all of our cloud products and our server products. 

 

Can review Atlassian's testing reports?

Any security vulnerabilities identified in the reports below are tracked in our internal Jira as they come through the Bug Bounty intake process and are closed according to the SLA timelines on our Security Bug Fix Policy.

 

Can we undertake our own security testing?

In line with our Terms of Use for our cloud products, we currently do not allow customer-initiated testing. We are committed to being open and will publish statistics from our bug bounty program once it is public. 

 

I found a vulnerability in one of your products, how do I report it? 

If you discovered a vulnerability in one of our products, we appreciate if you let us know so we can get it fixed ASAP.  Have a read through our instructions for how to report it and you could get some Atlassian swag or be added to our Hall of Fame.  

 

Can you complete my security questionnaire?

We are committed to being open and transparent and sharing information. Part of this goal is to publish as much information as we can to enable you to be comfortable with your decision to use our products and services. We have compiled responses to some of the most frequent standard questionnaire types. If you have additional questions, let us know

 

What is Atlassian's data privacy policy?

Please check out our latest Privacy Policy.

 

What responsibilities does Atlassian maintain during a security incident? 

Here at Atlassian, we try our best to ensure our customers don't experience an outage or a security incident. However, we acknowledge that a security incident has the potential to happen. We have written down our responsibilities during a security incident and what our customers should plan to manage.