Close
View this page in your language?
All languages
Choose your language

Compliance FAQ

General

How can I get my vendor due diligence / supplier questionnaire / security questionnaire completed? Copy link to heading Copied! Show +
  

If you need assistance to complete a questionnaire to document portions of our Atlassian Trust programs, we have an approach designed to provide you with the resources you need to answer your security and compliance questions about our Atlassian cloud products.

Atlassian provides a Customer Trust Portal that centralises detailed security, privacy, and compliance documentation, including compliance reports, certifications, and additional security collateral. The portal offers authenticated, self-service access and supports efficient security reviews for customers. You can find our Trust Portal here.

If you require further support, please submit a request to Atlassian Support.
Which Atlassian Products are included in the Atlassian Cloud Compliance Scope? Copy link to heading Copied! Show +
  

Based on roll-out, or in some cases acquisition, the Products vary per compliance program. For the most up to date Products and their associated compliance program, see the Atlassian Compliance page.
Does Atlassian maintain any sub-processors? Copy link to heading Copied! Show +
  

Atlassian may use sub-processors, as documented on our Sub-Processor page to carry out specific activities on behalf of our customers, our products or specific data center hosting and management activities. This page also provides customers with the option to subscribe to RSS if the list of sub-processors changes or is updated.
Can you provide the locations for your data centers? Copy link to heading Copied! Show +
  

Atlassian does not manage any of our own data centers, all data center operations are outsourced. Primarily we rely on AWS as our data center hosting and management partner. Regional deployments differ based on product. For more information on AWS Data Center controls, see the AWS Data Center Controls site.

Please download the relevant SOC 2 reports to learn about where data center operations are located for our products.

Compliance Reports

Are Atlassian Cloud products ISO27001 certified? Copy link to heading Copied! Show +
  

Based on roll-out, or in some cases acquisition, the Products in our ISO27001 and ISO27018 scope vary. For the most up to date Products and their associated compliance program, see the Atlassian Compliance page.
Where can I download Atlassian Compliance Reports, like SOC 1 or SOC 2? Copy link to heading Copied! Show +
  

We post all current compliance reports to our Compliance Resource Center.
How long is the Atlassian SOC 2 report valid? Copy link to heading Copied! Show +
  

SOC 2 Type 2 audits are a review of performance of controls over a period of time. Once the audit period is over, the report is prepared and made available to customers. Atlassian issues SOC 2 reports covering a 12-month period (October 1 through September 30). The reports are applicable for the following 12 months, when we perform the next audits.

There are many factors that impact the release of new reports, but our external audits typically occur in November and refreshed reports are usually available by end of December each year. We also issue a 3-month bridge letter in January/February of each year that extends the coverage period through the end of January.

All SOC 2 reports (and the bridge letter) can be downloaded on the Compliance Resource Center.

Compliance Programs

Can I use Atlassian Cloud products in compliance with HIPAA? Copy link to heading Copied! Show +
  

Yes, Atlassian Cloud does offer solutions for customers that require HIPAA compliance, please visit this page for more information.
How do I request a GDPR-Compliant Data Processing Addendum with Atlassian? Copy link to heading Copied! Show +
  

We have posted a pre-signed Data Processing Addendum (DPA). The DPA helps meet onward transfer requirements under GDPR. See our DPA, or read more at our Privacy and GDPR FAQ.

Controls Framework

Will Atlassian share information on your internal controls? Copy link to heading Copied! Show +
  

We have put a great deal of work into something we call our Atlassian Control Framework (ACF), which combines the controls from external regulatory requirements and industry standards.  We utilize this framework to implement controls internally and use external companies to evaluate and validate the implementation and operation of our controls.  You can view the status of any of our certifications or reports on our Atlassian Compliance page