Catapult CX Limited

Atlassian Jira, Confluence, Trello, Licensing

Atlassian licensing for the following Atlassian products - Atlassian Access, BitBucket, Confluence, Crowd, Jira Core, Jira Service Desk, Jira Software and Trello. We procure all your Atlassian licenses for you, making sure you get the best deal available, we simplify your licensing, by co-terming, ensurring you're always within Atlassian S&M.

Features

• License advice to reduce cost
• License upgrades and renewals
• Tools licensing decision making support
• Atlassian Marketplace addons
• Identity and access management

Benefits

• Accredited Atlassian Consultants recommendations on products
• Co-terming advice
• Service consolidation to reduce licensing costs
• Technical Architecture Review to reduce cost

£0 a user

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@catapult.cx. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

491867489724237

Contact

Alex Fishlock
020 3457 1374
info@catapult.cx

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: DevOps Tool Chain; Secure CI/CD pipeline
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: No
• System requirements:
  • System requirements aligned to user need
  • Technical architecture design based on user need

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: The support levels are customised and priced for each customer.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The support levels are customised and priced for each customer.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: There is significant documentation available online. For an extra cost, we 'train the trainer' for your organisation.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: All data can be exported as an archive
• End-of-contract process: Included in the price:; Data is extracted to an archive, and given to the customer.; The service is then decommissioned, and all data is deleted.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Using the API, users with the appropriate level of access can search for anything and create, read, update and delete the following:; users, content, blogs, builds, tasks, stories, issues,
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The users can customise the look and feel of the services, and procure extra add-ons from the Atlassian marketplace that provide enhanced functionality. For an extra cost, Catapult can advise, procure, and configure all the services for you.

Scaling

• Independence of resources: Services are hosted on AWS. We do not guarantee aren’t affected by the demand other users are placing on these services. However millions of users are happy with the services today.

Analytics

• Service usage metrics: Yes
• Metrics types: Status pages, with data feeds supply realtime monitoring and status metrics for all services
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Atlassian

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Other
• Other data at rest protection approach: CSA STAR CCM v4.0
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users follow documented proceedures, and export their data as a zip file.
• Data export formats: Other
• Other data export formats:
  • XML
  • HTML
  • Zip
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Summary SLA guarantee; Monthly Uptime Percentage (MUP); Premium: MUP = 99.9%; Enterprise: MUP = 99.95%; detail here: https://www.atlassian.com/legal/sla; ; Service credits are offered:; Premium; 10% credit 99.0%>MUP>99.8%; 25% credit 95.0%>MUP>99.0% ; 50% credit 95.0%>MUP; ; Enterprise; 5% credit 99.9%>MUP>99.95%; 10% credit 99.0%>MUP>99.9% ; 25% credit 95.0%>MUP>99.0%; 50% credit 95.0%>MUP; ; detail - https://www.atlassian.com/legal/sla/service-credits
• Approach to resilience: Multiple AWS Zones in Multiple AWS Regions are used, with auto-failover and auto-scaling
• Outage reporting: Public dashboard, and api are offered

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: This is configurable, usually, 2FA is required for all administrative access.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI Group
• ISO/IEC 27001 accreditation date: 12/03/2022
• What the ISO/IEC 27001 doesn’t cover: Nothing
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our policies confirm ISO 27001, and are documented internally. Atlassian accredited to ISO 27001, SOC 2, SOC 3, FedRamp, PCI DSS, and VPAT.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: The cloud product roadmap is published https://www.atlassian.com/roadmap/cloud; Components are built using continuous delivery methods, and deployed to non-production environments for testing, before making live.; Changes are assessed for security impact with both human intervention and automated vulnerability testing during engineering
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: The process is extensive and is described at length here https://www.atlassian.com/trust/security/security-testing; ; Threat assessment is a blend of human interventions, public CVE reports, user reports and bugs found by all the users.; Patches can be deployed within minutes for the most severe defects. ; Atlassian offer a paid bug bounty programme for all products. This includes security bugs
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Several monitoring mechanisms in place to detect failures or anomalies in our products and infrastructure that may be an indicator of a potential security incident. These systems alert us immediately if an activity is detected that requires further investigation. We have an aggregated log capture and analytics platform which collates logs in a single location, so our analysts can investigate quickly and thoroughly, and our Site Reliability Engineers monitor the platform to make sure it’s always available. We also create alerts in our security information and event application that notify our teams proactively.; ; detail https://www.atlassian.com/trust/security/security-incident-management
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Every incident is managed by one of our highly-qualified and experienced Major Incident Managers (or MIMs). MIMs are further supported by incident analysts who lead the investigation and analysis of incidents. Users report incidents online or email; Incident reports are available online

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  We have Carbon Reduction Plan, which has been completed in accordance with PPN 06/21 and associated guidance and reporting standard for Carbon Reduction Plans.; ; Emissions have been reported and recorded in accordance with the published reporting standard for Carbon Reduction Plans and the GHG Reporting Protocol corporate standard and uses the appropriate Government emission conversion factors for greenhouse gas company reporting.; ; Scope 1 and Scope 2 emissions have been reported in accordance with SECR requirements, and the required subset of Scope 3 emissions have been reported in accordance with the published reporting standard for Carbon Reduction Plans and the Corporate Value Chain (Scope 3) Standard.; ; The Carbon Reduction Plan has been reviewed and signed off by the board of directors (or equivalent management body).; ; In order to achieve this our plan, we undertake carbon-saving activities such as: Working from home rather than commuting and maintaining a fully staffed office. Use public transport rather than private. Recycle all recyclables. Fully electric company fleet. Use sustainable suppliers. Extensive use of online meetings and events.
• Covid-19 recovery:

  Covid-19 recovery

  Catapult has highly flexible working conditions. We offer employment to people who do not require an office to work in, as we utilise the latest online technology that enables us to prefer and encourage home and remote working over working from an office.; ; Remote working allows us to hire those left unemployed by COVID-19 from anywhere in the country; it also enables us to employ people who need to socially distance or are highly vulnerable and for them to fully participate. We find that remote working democratises our company.; ; As a growing technology consultancy, we are in a high growth sector, so the employment we offer is of high value for our employees. We are leaders in the use of cutting edge online tools that enable us to work remotely much more effectively. ; ; The flexible working practices and tooling are a vital support to those people who are suffering from the physical and mental health of people affected by the covid-19 pandemic, as well as providing great opportunities for knowledge sharing and cross-company training to happen.
• Tackling economic inequality:

  Tackling economic inequality

  Catapult is a small dynamic and growing company. We are an entrepreneur-led company. We partner with micro-companies and SMEs to bolster our capacity to scale and offer specialist skills; this has been core from the start of our company and is still fundamental to the success we have today. Our micro-company supply chain provides specialist technical, security and engineering skills, and are located in parts of the United Kingdom. ; ; We regularly hire young or disadvantaged people and provide them with training both formal, and on-the-job training, so that we foster untapped innovation that perhaps otherwise might be lost. ; ; Our specialist areas of technology and consulting have always had skills shortages, but nonetheless we are closing the national skills gaps and creating wealth by creating more specialists. We require our micro-company supply chain to do the same, since as our customer base grows we need to scale our supply chain as well.; ; Widening our supply chain and hiring further staff allows us to bring in more skills and cross populate these skills between our combined team, thereby providing future-proofed commercial growth,, all the while bringing vital services to the public sector.; ; One example of an integrated supply chain bringing benefits is in cyber. During the initial months of the Ukraine invasion, the intensity of cyber attacks increased on one of our public sector customers. We utilised various micro and small businesses combined with two large enterprises (AWS and OKTA), to achieve less than one-hour response and mitigation to the cyber attacks. By doing this we provided influence to our public sector customer and our complete supply chain, providing both support resistance and capacity in a full end to end service wrap.
• Equal opportunity:

  Equal opportunity

  We have an Equality and Diversity Policy which is dedicated to encouraging a supportive and inclusive culture amongst the whole workforce. It is within our best interest to promote diversity and eliminate discrimination in the workplace.; ; We ensure that all employees and job applicants are given equal opportunity and that our organisation is representative of all sections of society. Each employee is respected and valued and able to give their best as a result.; ; The policy reinforces our commitment to providing equality and fairness to all in our employment and not provide less favourable facilities or treatment on the grounds of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, ethnic origin, colour, nationality, national origin, religion or belief, or sex and sexual orientation. We are opposed to all forms of unlawful and unfair discrimination.; ; All employees, no matter whether they are part-time, full-time, or temporary, are treated fairly and with respect. When selecting candidates for employment, promotion, training, or any other benefit, it will be on the basis of their aptitude and ability.; ; Catapult are a proud member of the Living Wage Foundation, and we have always paid well above the living wage as defined by LWF.; ; In March 2022, we had 40% of employees identifying as Female; 50% of our company board are female. We operate a ‘blind’ recruitment process we provide internships for University students, (e.g. Durham, UCL and Bournemouth Universities). 45% of the workforce have declared that they have Black, Asian or Minority Ethnic origins.; ; 9% of employees have declared they have a disability.; ; 100% of our people work remotely, with flexible working hours, and advanced ergonomic workstation assessments; this encourages people who are unable to travel, leave their homes, or with home care obligations to work with us, and many do.

Pricing

• Price: £0 a user
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Full functionality is included but for a limited time. The time is product dependent, but most are one month, which is extendable
• Link to free trial: https://www.atlassian.com/try

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@catapult.cx. Tell them what format you need. It will help if you say what assistive technology you use.