For those of you who don’t know me, I’m Ashwini - a Product Manager on the Ecosystem team. Our team is currently exploring how to make it easier for Apps to support various compliance standards like HIPAA and enable customers to discover the right Apps based on their compliance requirements. Your feedback will inform how we build and prioritize. Let us know what you think using the polls below.
It is important that my apps support compliance standards supported by Atlassian
Very important (e.g., it’s crucial to my customers)
Important
Somewhat important
Not very important
Not at all important (e.g., it’s not required for my customers)
0voters
My apps already support the following compliance standards (select all that apply)
ISO 27001
SOC2
HIPAA
Data Residency
GDPR
None
0voters
If you feel strongly about any of the above, or you’d like to suggest something different, then add a comment below and let us know why. Of course, if you’re more comfortable, you can DM me. I would love to talk to you about the details as well, you can book some time to have a chat!
It would be great if Atlassian would support data transfer boundaries. I.e. if data is in the EU, that Atlassian would guarantee that these data do not leave the EU through Atlassian infrastructure.
This is different from data residency, as Atlassian states that data may be moved and/or cached globally.
Include in that user account data, as these are currently stored in the US only. Some users are looking into EU storage of user data.
That would allow our users to obtain GDPR compliance according to their standards.
To pick up on @marc’s point, “data residency” seems like “one of these things is not like the other”. While the others are standards, I don’t know that “data residency” is? For that matter, are we interested in other standards? FedRAMP comes to mind from my customer-facing days. And, I filled out the survey from my perspective in developer experience, where I would like to achieve simple OSI approved licensing for example apps, so that developers can rest easy about copy/pasting our code. (I’ll understand if that’s not a high priority for you.)
@ibuchanan that list is somewhat murky anyway? ISO 27001 and SOC2 are international standards, GDPR and HIPAA are laws and Data Residency is a result of GDPR / a nice Enterprise feature?
Can you describe the process you follow to offer compliant apps to customers? For example, in the case of HIPAA, if a Business Associate Agreement or BAA is signed, how is the process initiated?