BDQ

Atlassian Cloud - Jira Software, Jira Service Management and Confluence

Jira Software, Jira Service Management, Confluence and Atlassian Marketplace Apps provide industry leading task tracking, project planning, Agile, DevOps, ITSM, asset tracking, Work Management and collaboration tools. This service is hosted by Atlassian within their Cloud infrastructure with BDQ providing implementation consultancy as an Atlassian Solution Partner.

Features

• Jira Software: Flexible Programme, Project, Issue and Work Management
• Manage all projects including Agile software development using Scrum, Kanban
• Highly configurable with customisable issue fields, dashboards, workflow and security
• Workflow automation to support the development and QA processes
• Jira Service Management: Web portals for Customer Service desks
• SLA tracking, Asset tracking, time logging and reporting
• Customisable request types and workflow for automation
• Confluence: Collaboration tool for project documentation and knowledge bases
• Integrates seamlessly with Jira Software and Jira Service Management
• Advanced Roadmaps: Manage work and capacity across multiple teams, projects

Benefits

• Plan and manage projects and tasks across your teams
• Track, prioritise and discuss your team's work with complete visibility
• Easily customisable dashboards give complete visibility of status, progress, MI
• An 'anyone can use' service desk with knowledge base
• Centralise documentation in a single, searchable repository
• Easy to use collaboration features improve team efficiency
• Highly customisable workflow and automation to match your working practices
• Easy to use security ensures content is kept safe
• Easy onboarding to help achieve high adoption among staff
• Use past velocity to set team capacity for project autoscheduling

£7.50 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@bdq.cloud. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

226994005489359

Contact

Dominic Bush
+44 (0)844 8265 236
enquiries@bdq.cloud

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Atlassian's SLAs are here: https://www.atlassian.com/legal/sla; Monthly uptime percentage target for 'Premium' is 99.9%, 'Enterprise' is 99.95%
• System requirements: See supported browsers in the 'Using the Service' section.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 24 hours, 7 days a week
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Via Atlassian website
• Web chat accessibility testing: None.
• Onsite support: No
• Support levels: These responses are for the current Atlassian Enterprise edition. Support levels vary based on the edition of the software. Contact us for details of current support offerings. BDQ support is available separately.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We can provide training courses, drop-ins and workshops for the products and consultancy services to make sure that your projects get off to the best possible start, achieve adoption and follow best practice guidance. These are available under the separate support services. ; Full user documentation is available for all the products.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: The products provide tools which allow the contents of the products to be extracted to open formats.
• End-of-contract process: At additional cost we can provide consultancy services to off-board the data. Please see our SFIA rate card for pricing.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: When you view the Atlassian products on a mobile device an optimised version of the page is displayed. It is possible to switch to a desktop view if required.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: The Atlassian products have extensive REST-based APIs that allow configuration of the services and editing of the data within the product. For example, here is the documentation for JIRA Cloud: https://docs.atlassian.com/jira/REST/cloud/
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: All products are highly configurable, including branding, by the end user or by BDQ under the separate support service.

Scaling

• Independence of resources: The service is monitored using standard SaaS Cloud Management techniques to prevent users impacting each other.

Analytics

• Service usage metrics: Yes
• Metrics types: Highly configurable
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Atlassian

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Never
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Authorised users can export data from within the application to a number of different formats.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Varies on deployment type and customer requirements.
• Approach to resilience: Available on request
• Outage reporting: Public dashboard showing current status of their cloud products.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Only those users assigned to the administrator groups have access to the management user interface. A buyer specified set of users are permitted to raise support requests.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Coalfire Certification, Inc
• ISO/IEC 27001 accreditation date: August 16, 2021
• What the ISO/IEC 27001 doesn’t cover: The certificate scope comprises the Information Security Management System (ISMS) also referred to as the Atlassian Trust Management System supporting the operations underlying the Atlassian Cloud offering. The cloud offering comprises Jira Cloud, Confluence Cloud, Bitbucket Cloud, Bitbucket Pipelines, Trello, Opsgenie, Jira Align, Statuspage, Jira Service Management (JSM), Halp, Data Lake, Forge, Insight, and Compass as well as the microservices used to deliver these applications. These activities are governed by the implemented controls in accordance with the organizational Statement of Applicability, which further extends to the additional controls defined within ISO/IEC 27018:2019. ; ; The organizational scope includes the Legal, Talent, Policy, Procurement, Trust, Workplace Experience, and Workplace Technology teams affecting the ISMS.; ; Any other aspects of Atlassian’s business is out of scope.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 05/02/2022
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: Any third-party add-ons added by the Buyer.
• PCI certification: Yes
• Who accredited the PCI DSS certification: Optus Cyber Security Pty Limited
• PCI DSS accreditation date: 30/09/2021
• What the PCI DSS doesn’t cover: All credit card payments are processed by a third-party provider, Stripe, via a SAQ A-compliant iFrame embedded within the online payment apge. No credit card data is stored, processed or transmitted by Atlassian. All payment pages delivered to the customer's browser originate directly from Stripe.
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
• Information security policies and processes: See https://www.atlassian.com/trust/security/security-practices

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Atlassian rigorously tracks and monitors all software changes made to the products and run comprehensive automated testing to ensure that changes do not introduce defects into the software which may compromise security. All software changes are code reviewed within Atlassian before being deployed to product instances.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Atlassian have an extensive security program that includes ongoing testing of their hosted systems and products. They also undertake third party independent assessments of our Cloud products. Atlassian set out their security bugfix SLA in this document: https://www.atlassian.com/trust/policies/security-bugfix-policy
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Atlassian has an ongoing system of monitoring access to check for unauthorised access. If a compromise is detected the account holder is notified and access is locked off until the problem is resolved. Incidents are handled at the 'Level-1 Critical' standard within the Atlassian support response SLA, i.e. 1 hour for the standard Cloud based instances.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Atlassian sets out it's incident management approach in this document: https://www.atlassian.com/trust/security/security-incident-responsibilities Users should report incidents via support. Incident reports will be provided to a user specified by the Buyer via email.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Wellbeing:

  Wellbeing

  BDQ operates a modern, inclusive set of working practices, providing a supportive working environment that takes account of the needs of individual employees, whether they might require flexible hours, mentoring and support, or even company loans to assist with relocations etc. Pay rises are awarded annually at or above inflation to ensure pay keeps pace with the cost of living, and the annual review process is also used to seek opportunities to provide additional help and support to employees.; ; Many of the Cloud-based services we resell and support have extensive collaboration features, providing various communication channels to promote productivity and flexible working. BDQ staff use many of these services in their day-to-day work, ensuring adoption across the organisation and familiarity with the services to better promote best practices with customers.; ; The use of these collaboration tools supports flexible working and work from home policies and maintains the social interaction of the office, despite disparate working locations, that is so essential to mental health and wellbeing. These benefits are felt among BDQ staff and the staff of our customers, and in the interactions between them.; ; Training, including the opportunity to achieve certifications and accreditations in the services, is provided to all staff, and the benefit of this knowledge is transferred to customers own staff through the various training courses and workshops that BDQ provides.; ; Retrospectives are carried out at the end of each major assignment to seek internal feedback and learn lessons, giving employees a stake in how the business is run. These sessions improve not only BDQ’s internal processes and procedures, but may also lead to significant business decisions, such as a recent Board decision to offer additional discounts to charities seeking our services.; ; Together, these practices promote a collaborative, consultative working culture within and between BDQ and our customers.

Pricing

• Price: £7.50 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: 30 day free trial period

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@bdq.cloud. Tell them what format you need. It will help if you say what assistive technology you use.