Skip to main content

Help us improve the Digital Marketplace - send your feedback

  1. Digital Marketplace
  2. Lot 2: Cloud software
  3. Atlassian Cloud - Jira Software, Jira Service Management and Confluence
BDQ

Atlassian Cloud - Jira Software, Jira Service Management and Confluence

Jira Software, Jira Service Management, Confluence and Atlassian Marketplace Apps provide industry leading task tracking, project planning, Agile, DevOps, ITSM, asset tracking, Work Management and collaboration tools. This service is hosted by Atlassian within their Cloud infrastructure with BDQ providing implementation consultancy as an Atlassian Solution Partner.

Features

  • Jira Software: Flexible Programme, Project, Issue and Work Management
  • Manage all projects including Agile software development using Scrum, Kanban
  • Highly configurable with customisable issue fields, dashboards, workflow and security
  • Workflow automation to support the development and QA processes
  • Jira Service Management: Web portals for Customer Service desks
  • SLA tracking, Asset tracking, time logging and reporting
  • Customisable request types and workflow for automation
  • Confluence: Collaboration tool for project documentation and knowledge bases
  • Integrates seamlessly with Jira Software and Jira Service Management
  • Advanced Roadmaps: Manage work and capacity across multiple teams, projects

Benefits

  • Plan and manage projects and tasks across your teams
  • Track, prioritise and discuss your team's work with complete visibility
  • Easily customisable dashboards give complete visibility of status, progress, MI
  • An 'anyone can use' service desk with knowledge base
  • Centralise documentation in a single, searchable repository
  • Easy to use collaboration features improve team efficiency
  • Highly customisable workflow and automation to match your working practices
  • Easy to use security ensures content is kept safe
  • Easy onboarding to help achieve high adoption among staff
  • Use past velocity to set team capacity for project autoscheduling

Pricing

£7.50 a user a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@bdq.cloud. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

2 2 6 9 9 4 0 0 5 4 8 9 3 5 9

Contact

BDQ Dominic Bush
Telephone: +44 (0)844 8265 236
Email: enquiries@bdq.cloud

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Atlassian's SLAs are here: https://www.atlassian.com/legal/sla
Monthly uptime percentage target for 'Premium' is 99.9%, 'Enterprise' is 99.95%
System requirements
See supported browsers in the 'Using the Service' section.

User support

Email or online ticketing support
Email or online ticketing
Support response times
24 hours, 7 days a week
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Via Atlassian website
Web chat accessibility testing
None.
Onsite support
No
Support levels
These responses are for the current Atlassian Enterprise edition. Support levels vary based on the edition of the software. Contact us for details of current support offerings. BDQ support is available separately.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We can provide training courses, drop-ins and workshops for the products and consultancy services to make sure that your projects get off to the best possible start, achieve adoption and follow best practice guidance. These are available under the separate support services.
Full user documentation is available for all the products.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
The products provide tools which allow the contents of the products to be extracted to open formats.
End-of-contract process
At additional cost we can provide consultancy services to off-board the data. Please see our SFIA rate card for pricing.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
When you view the Atlassian products on a mobile device an optimised version of the page is displayed. It is possible to switch to a desktop view if required.
Service interface
No
User support accessibility
WCAG 2.1 AA or EN 301 549
API
Yes
What users can and can't do using the API
The Atlassian products have extensive REST-based APIs that allow configuration of the services and editing of the data within the product. For example, here is the documentation for JIRA Cloud: https://docs.atlassian.com/jira/REST/cloud/
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
All products are highly configurable, including branding, by the end user or by BDQ under the separate support service.

Scaling

Independence of resources
The service is monitored using standard SaaS Cloud Management techniques to prevent users impacting each other.

Analytics

Service usage metrics
Yes
Metrics types
Highly configurable
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Atlassian

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
Never
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Authorised users can export data from within the application to a number of different formats.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Varies on deployment type and customer requirements.
Approach to resilience
Available on request
Outage reporting
Public dashboard showing current status of their cloud products.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Only those users assigned to the administrator groups have access to the management user interface. A buyer specified set of users are permitted to raise support requests.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Coalfire Certification, Inc
ISO/IEC 27001 accreditation date
August 16, 2021
What the ISO/IEC 27001 doesn’t cover
The certificate scope comprises the Information Security Management System (ISMS) also referred to as the Atlassian Trust Management System supporting the operations underlying the Atlassian Cloud offering. The cloud offering comprises Jira Cloud, Confluence Cloud, Bitbucket Cloud, Bitbucket Pipelines, Trello, Opsgenie, Jira Align, Statuspage, Jira Service Management (JSM), Halp, Data Lake, Forge, Insight, and Compass as well as the microservices used to deliver these applications. These activities are governed by the implemented controls in accordance with the organizational Statement of Applicability, which further extends to the additional controls defined within ISO/IEC 27018:2019.

The organizational scope includes the Legal, Talent, Policy, Procurement, Trust, Workplace Experience, and Workplace Technology teams affecting the ISMS.

Any other aspects of Atlassian’s business is out of scope.
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
05/02/2022
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
Any third-party add-ons added by the Buyer.
PCI certification
Yes
Who accredited the PCI DSS certification
Optus Cyber Security Pty Limited
PCI DSS accreditation date
30/09/2021
What the PCI DSS doesn’t cover
All credit card payments are processed by a third-party provider, Stripe, via a SAQ A-compliant iFrame embedded within the online payment apge. No credit card data is stored, processed or transmitted by Atlassian. All payment pages delivered to the customer's browser originate directly from Stripe.
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes
See https://www.atlassian.com/trust/security/security-practices

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Atlassian rigorously tracks and monitors all software changes made to the products and run comprehensive automated testing to ensure that changes do not introduce defects into the software which may compromise security. All software changes are code reviewed within Atlassian before being deployed to product instances.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Atlassian have an extensive security program that includes ongoing testing of their hosted systems and products. They also undertake third party independent assessments of our Cloud products. Atlassian set out their security bugfix SLA in this document: https://www.atlassian.com/trust/policies/security-bugfix-policy
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Atlassian has an ongoing system of monitoring access to check for unauthorised access. If a compromise is detected the account holder is notified and access is locked off until the problem is resolved. Incidents are handled at the 'Level-1 Critical' standard within the Atlassian support response SLA, i.e. 1 hour for the standard Cloud based instances.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Atlassian sets out it's incident management approach in this document: https://www.atlassian.com/trust/security/security-incident-responsibilities Users should report incidents via support. Incident reports will be provided to a user specified by the Buyer via email.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Wellbeing

Wellbeing

BDQ operates a modern, inclusive set of working practices, providing a supportive working environment that takes account of the needs of individual employees, whether they might require flexible hours, mentoring and support, or even company loans to assist with relocations etc. Pay rises are awarded annually at or above inflation to ensure pay keeps pace with the cost of living, and the annual review process is also used to seek opportunities to provide additional help and support to employees.

Many of the Cloud-based services we resell and support have extensive collaboration features, providing various communication channels to promote productivity and flexible working. BDQ staff use many of these services in their day-to-day work, ensuring adoption across the organisation and familiarity with the services to better promote best practices with customers.

The use of these collaboration tools supports flexible working and work from home policies and maintains the social interaction of the office, despite disparate working locations, that is so essential to mental health and wellbeing. These benefits are felt among BDQ staff and the staff of our customers, and in the interactions between them.

Training, including the opportunity to achieve certifications and accreditations in the services, is provided to all staff, and the benefit of this knowledge is transferred to customers own staff through the various training courses and workshops that BDQ provides.

Retrospectives are carried out at the end of each major assignment to seek internal feedback and learn lessons, giving employees a stake in how the business is run. These sessions improve not only BDQ’s internal processes and procedures, but may also lead to significant business decisions, such as a recent Board decision to offer additional discounts to charities seeking our services.

Together, these practices promote a collaborative, consultative working culture within and between BDQ and our customers.

Pricing

Price
£7.50 a user a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
30 day free trial period

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@bdq.cloud. Tell them what format you need. It will help if you say what assistive technology you use.