I’m interested in understanding how Atlassian ensures that security controls are effectively implemented and operating. Could you please clarify if we undertake audits or other reviews by ourselves, or engage third-party auditors to assess their security practices?
I Googled ‘atlassian security practices’ and the very first result returned, right at the top of the page, in BIG BOLD LETTERS, it says…
That site seems to contain pages and pages of information on the exact topic of your question.
In regard to the question asked earlier I am seeking clarification for the third-party developers who build apps on Atlassian ecosystem, whether they should undertake audits by themselves or engage third-party auditors for this purpose ?
On that site, there is an entire section dedicated entirely to the topic of internal and external audits of Atlassian’s systems. That section even provides specific contact information on who you should contact if you read everything and still have further questions or enquiries.