Compliance support for apps - we want to hear from you!

Hello everyone! :wave:

For those of you who don’t know me, I’m Ashwini - a Product Manager on the Ecosystem team. Our team is currently exploring how to make it easier for Apps to support various compliance standards like HIPAA and enable customers to discover the right Apps based on their compliance requirements. Your feedback will inform how we build and prioritize. Let us know what you think using the polls below.

It is important that my apps support compliance standards supported by Atlassian
  • Very important (e.g., it’s crucial to my customers)
  • Important
  • Somewhat important
  • Not very important
  • Not at all important (e.g., it’s not required for my customers)

0 voters

My apps already support the following compliance standards (select all that apply)
  • ISO 27001
  • SOC2
  • Data Residency
  • GDPR
  • None

0 voters

If you feel strongly about any of the above, or you’d like to suggest something different, then add a comment below and let us know why. Of course, if you’re more comfortable, you can DM me. I would love to talk to you about the details as well, you can book some time to have a chat!

Hi @AshwiniRattihalli ,

It would be great if Atlassian would support data transfer boundaries. I.e. if data is in the EU, that Atlassian would guarantee that these data do not leave the EU through Atlassian infrastructure.

This is different from data residency, as Atlassian states that data may be moved and/or cached globally.

Include in that user account data, as these are currently stored in the US only. Some users are looking into EU storage of user data.

That would allow our users to obtain GDPR compliance according to their standards.

1 Like


To pick up on @marc’s point, “data residency” seems like “one of these things is not like the other”. While the others are standards, I don’t know that “data residency” is? For that matter, are we interested in other standards? FedRAMP comes to mind from my customer-facing days. And, I filled out the survey from my perspective in developer experience, where I would like to achieve simple OSI approved licensing for example apps, so that developers can rest easy about copy/pasting our code. (I’ll understand if that’s not a high priority for you.)

@ibuchanan that list is somewhat murky anyway? ISO 27001 and SOC2 are international standards, GDPR and HIPAA are laws and Data Residency is a result of GDPR / a nice Enterprise feature?

Great point @remie
The list was composed of explicit compliance standards and customer requirements that Atlassian supports for the core products.

Are there other compliance standards or requirements that your customers are asking for?

Can you describe the process you follow to offer compliant apps to customers? For example, in the case of HIPAA, if a Business Associate Agreement or BAA is signed, how is the process initiated?

Thanks @ibuchanan
I have added a reply to the post with an open-ended question for feedback.