Catapult CX Limited

Atlassian Jira, Confluence, Trello, Licensing

Atlassian licensing for the following Atlassian products - Atlassian Access, BitBucket, Confluence, Crowd, Jira Core, Jira Service Desk, Jira Software and Trello. We procure all your Atlassian licenses for you, making sure you get the best deal available, we simplify your licensing, by co-terming, ensurring you're always within Atlassian S&M.


  • License advice to reduce cost
  • License upgrades and renewals
  • Tools licensing decision making support
  • Atlassian Marketplace addons
  • Identity and access management


  • Accredited Atlassian Consultants recommendations on products
  • Co-terming advice
  • Service consolidation to reduce licensing costs
  • Technical Architecture Review to reduce cost


£0 a user

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

4 9 1 8 6 7 4 8 9 7 2 4 2 3 7


Catapult CX Limited Alex Fishlock
Telephone: 020 3457 1374

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
DevOps Tool Chain
Secure CI/CD pipeline
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
System requirements
  • System requirements aligned to user need
  • Technical architecture design based on user need

User support

Email or online ticketing support
Yes, at extra cost
Support response times
The support levels are customised and priced for each customer.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Web chat support
Onsite support
Yes, at extra cost
Support levels
The support levels are customised and priced for each customer.
Support available to third parties

Onboarding and offboarding

Getting started
There is significant documentation available online. For an extra cost, we 'train the trainer' for your organisation.
Service documentation
Documentation formats
End-of-contract data extraction
All data can be exported as an archive
End-of-contract process
Included in the price:
Data is extracted to an archive, and given to the customer.
The service is then decommissioned, and all data is deleted.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Designed for use on mobile devices
Service interface
User support accessibility
WCAG 2.1 AA or EN 301 549
What users can and can't do using the API
Using the API, users with the appropriate level of access can search for anything and create, read, update and delete the following:
users, content, blogs, builds, tasks, stories, issues,
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
The users can customise the look and feel of the services, and procure extra add-ons from the Atlassian marketplace that provide enhanced functionality. For an extra cost, Catapult can advise, procure, and configure all the services for you.


Independence of resources
Services are hosted on AWS. We do not guarantee aren’t affected by the demand other users are placing on these services. However millions of users are happy with the services today.


Service usage metrics
Metrics types
Status pages, with data feeds supply realtime monitoring and status metrics for all services
Reporting types
  • API access
  • Real-time dashboards


Supplier type
Reseller providing extra support
Organisation whose services are being resold

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Other
Other data at rest protection approach
Data sanitisation process
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users follow documented proceedures, and export their data as a zip file.
Data export formats
Other data export formats
  • XML
  • HTML
  • Zip
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Summary SLA guarantee
Monthly Uptime Percentage (MUP)
Premium: MUP = 99.9%
Enterprise: MUP = 99.95%
detail here:

Service credits are offered:
10% credit 99.0%>MUP>99.8%
25% credit 95.0%>MUP>99.0%
50% credit 95.0%>MUP

5% credit 99.9%>MUP>99.95%
10% credit 99.0%>MUP>99.9%
25% credit 95.0%>MUP>99.0%
50% credit 95.0%>MUP

detail -
Approach to resilience
Multiple AWS Zones in Multiple AWS Regions are used, with auto-failover and auto-scaling
Outage reporting
Public dashboard, and api are offered

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
Access restrictions in management interfaces and support channels
This is configurable, usually, 2FA is required for all administrative access.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
BSI Group
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Our policies confirm ISO 27001, and are documented internally. Atlassian accredited to ISO 27001, SOC 2, SOC 3, FedRamp, PCI DSS, and VPAT.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
The cloud product roadmap is published
Components are built using continuous delivery methods, and deployed to non-production environments for testing, before making live.
Changes are assessed for security impact with both human intervention and automated vulnerability testing during engineering
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
The process is extensive and is described at length here

Threat assessment is a blend of human interventions, public CVE reports, user reports and bugs found by all the users.
Patches can be deployed within minutes for the most severe defects.
Atlassian offer a paid bug bounty programme for all products. This includes security bugs
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Several monitoring mechanisms in place to detect failures or anomalies in our products and infrastructure that may be an indicator of a potential security incident. These systems alert us immediately if an activity is detected that requires further investigation. We have an aggregated log capture and analytics platform which collates logs in a single location, so our analysts can investigate quickly and thoroughly, and our Site Reliability Engineers monitor the platform to make sure it’s always available. We also create alerts in our security information and event application that notify our teams proactively.

Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Every incident is managed by one of our highly-qualified and experienced Major Incident Managers (or MIMs). MIMs are further supported by incident analysts who lead the investigation and analysis of incidents. Users report incidents online or email
Incident reports are available online

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

We have Carbon Reduction Plan, which has been completed in accordance with PPN 06/21 and associated guidance and reporting standard for Carbon Reduction Plans.

Emissions have been reported and recorded in accordance with the published reporting standard for Carbon Reduction Plans and the GHG Reporting Protocol corporate standard and uses the appropriate Government emission conversion factors for greenhouse gas company reporting.

Scope 1 and Scope 2 emissions have been reported in accordance with SECR requirements, and the required subset of Scope 3 emissions have been reported in accordance with the published reporting standard for Carbon Reduction Plans and the Corporate Value Chain (Scope 3) Standard.

The Carbon Reduction Plan has been reviewed and signed off by the board of directors (or equivalent management body).

In order to achieve this our plan, we undertake carbon-saving activities such as: Working from home rather than commuting and maintaining a fully staffed office. Use public transport rather than private. Recycle all recyclables. Fully electric company fleet. Use sustainable suppliers. Extensive use of online meetings and events.
Covid-19 recovery

Covid-19 recovery

Catapult has highly flexible working conditions. We offer employment to people who do not require an office to work in, as we utilise the latest online technology that enables us to prefer and encourage home and remote working over working from an office.

Remote working allows us to hire those left unemployed by COVID-19 from anywhere in the country; it also enables us to employ people who need to socially distance or are highly vulnerable and for them to fully participate. We find that remote working democratises our company.

As a growing technology consultancy, we are in a high growth sector, so the employment we offer is of high value for our employees. We are leaders in the use of cutting edge online tools that enable us to work remotely much more effectively.

The flexible working practices and tooling are a vital support to those people who are suffering from the physical and mental health of people affected by the covid-19 pandemic, as well as providing great opportunities for knowledge sharing and cross-company training to happen.
Tackling economic inequality

Tackling economic inequality

Catapult is a small dynamic and growing company. We are an entrepreneur-led company. We partner with micro-companies and SMEs to bolster our capacity to scale and offer specialist skills; this has been core from the start of our company and is still fundamental to the success we have today. Our micro-company supply chain provides specialist technical, security and engineering skills, and are located in parts of the United Kingdom.

We regularly hire young or disadvantaged people and provide them with training both formal, and on-the-job training, so that we foster untapped innovation that perhaps otherwise might be lost.

Our specialist areas of technology and consulting have always had skills shortages, but nonetheless we are closing the national skills gaps and creating wealth by creating more specialists. We require our micro-company supply chain to do the same, since as our customer base grows we need to scale our supply chain as well.

Widening our supply chain and hiring further staff allows us to bring in more skills and cross populate these skills between our combined team, thereby providing future-proofed commercial growth,, all the while bringing vital services to the public sector.

One example of an integrated supply chain bringing benefits is in cyber. During the initial months of the Ukraine invasion, the intensity of cyber attacks increased on one of our public sector customers. We utilised various micro and small businesses combined with two large enterprises (AWS and OKTA), to achieve less than one-hour response and mitigation to the cyber attacks. By doing this we provided influence to our public sector customer and our complete supply chain, providing both support resistance and capacity in a full end to end service wrap.
Equal opportunity

Equal opportunity

We have an Equality and Diversity Policy which is dedicated to encouraging a supportive and inclusive culture amongst the whole workforce. It is within our best interest to promote diversity and eliminate discrimination in the workplace.

We ensure that all employees and job applicants are given equal opportunity and that our organisation is representative of all sections of society. Each employee is respected and valued and able to give their best as a result.

The policy reinforces our commitment to providing equality and fairness to all in our employment and not provide less favourable facilities or treatment on the grounds of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, ethnic origin, colour, nationality, national origin, religion or belief, or sex and sexual orientation. We are opposed to all forms of unlawful and unfair discrimination.

All employees, no matter whether they are part-time, full-time, or temporary, are treated fairly and with respect. When selecting candidates for employment, promotion, training, or any other benefit, it will be on the basis of their aptitude and ability.

Catapult are a proud member of the Living Wage Foundation, and we have always paid well above the living wage as defined by LWF.

In March 2022, we had 40% of employees identifying as Female; 50% of our company board are female. We operate a ‘blind’ recruitment process we provide internships for University students, (e.g. Durham, UCL and Bournemouth Universities). 45% of the workforce have declared that they have Black, Asian or Minority Ethnic origins.

9% of employees have declared they have a disability.

100% of our people work remotely, with flexible working hours, and advanced ergonomic workstation assessments; this encourages people who are unable to travel, leave their homes, or with home care obligations to work with us, and many do.


£0 a user
Discount for educational organisations
Free trial available
Description of free trial
Full functionality is included but for a limited time. The time is product dependent, but most are one month, which is extendable
Link to free trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.