Skip to main content

Help us improve the Digital Marketplace - send your feedback

BDQ

DevOps Agile SaaS Platform

BDQ provide a SaaS DevOps Agile platform based on the Atlassian Cloud Stack (Jira, Confluence, Bitbucket and JIRA Service Management), alongside Zephyr and Sonatype.

Features

  • Atlassian Stack - Jira, Confluence, Bitbucket, Jira Service Management
  • Zephyr real-time test management
  • Sonatype Nexus automates open source governance and DevSecOps
  • Hosted in Atlassian Cloud
  • DataCentre edition can be hosted in AWS or on-premise
  • License management, Configuration and set-up consultancy
  • Optionally, systems administration and ongoing support
  • Customisation based on user requirements e.g. secure Jira Service Management
  • Complete Agile SaaS Platform for DevOps

Benefits

  • Turnkey infrastructure platform for Agile & DevOps
  • Atlassian Solutions Partner expertise in best-practice configuration
  • Scalable for Agile-at-scale
  • No on-premise installation required
  • DataCentre edition can be hosted in AWS or on-premise
  • Incident reponse with OpsGenie and communication with StatusPage
  • Git source code management with BitBucket
  • Enterprise planning with Jira Align
  • Extensive Marketplace of 3rd Party Apps for additional functionality

Pricing

£900 a user a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@bdq.cloud. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

6 3 0 8 6 2 2 5 2 8 8 0 7 4 6

Contact

BDQ Dominic Bush
Telephone: +44 (0)844 8265 236
Email: enquiries@bdq.cloud

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Atlassian's SLAs are here: https://www.atlassian.com/legal/sla
Monthly uptime percentage target for 'Premium' is 99.9%, 'Enterprise' is 99.95%
System requirements
See supported browsers in the 'Using the Service' section.

User support

Email or online ticketing support
Email or online ticketing
Support response times
24 hours, 7 days a week
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Via Atlassian website
Web chat accessibility testing
None.
Onsite support
No
Support levels
These responses are for the current Atlassian Enterprise edition. Support levels vary based on the edition of the software. Contact us for details of current support offerings. BDQ support is available separately.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We can provide training courses, drop-ins and workshops for the products and consultancy services to make sure that your projects get off to the best possible start, achieve adoption and follow best practice guidance. These are available under the separate support services.
Full user documentation is available for all the products.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
The products provide tools which allow the contents of the products to be extracted to open formats.
End-of-contract process
At additional cost we can provide consultancy services to off-board the data. Please see our SFIA rate card for pricing.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
When you view the Atlassian and Zephyr products on a mobile device an optimised version of the page is displayed. It is possible to switch to a desktop view if required.
Service interface
No
User support accessibility
WCAG 2.1 AA or EN 301 549
API
Yes
What users can and can't do using the API
The Atlassian and Zephyr products have extensive REST-based APIs that allow configuration of the services and editing of the data within the product. For example, here is the documentation for Jira Cloud: https://docs.atlassian.com/jira/REST/cloud/
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
All products are highly configurable, including branding, by the end user or by BDQ under the separate support service.

Scaling

Independence of resources
The service is monitored using standard SaaS Cloud Management techniques to prevent users impacting each other.

Analytics

Service usage metrics
Yes
Metrics types
Highly configurable
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
AWS, Atlassian, Zephyr and Sonatype

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
Never
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Authorised users can export data from within the application to a number of different formats.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Varies on deployment type and customer requirements.
Approach to resilience
Available on request
Outage reporting
Public dashboard showing current status of their cloud products.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Only those users assigned to the administrator groups have access to the management user interface. A buyer specified set of users are permitted to raise support requests.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Coalfire Certification, Inc
ISO/IEC 27001 accreditation date
May 4, 2023
What the ISO/IEC 27001 doesn’t cover
The certificate scope comprises the Information Security Management System (ISMS) also referred to as the Atlassian Trust Management System supporting the operations underlying the Atlassian Cloud offering. The cloud offering comprises Atlassian Cloud offerings comprising Jira Suite (including A4J), Confluence Cloud, Opsgenie, Bitbucket (including Pipelines), Trello, Jira Service Management (JSM) (including Assets), Halp, Jira Align, Statuspage, Data Lake, Forge, Compass, Atlassian Analytics, Jira Work Management, Jira Product Discovery, Atlas, and Atlassian Admin as well as the micro services used to deliver these applications. These activities are governed by the implemented controls in accordance with the organizational Statement of Applicability, which further extends to the additional controls defined within ISO/IEC 27018:2019. The organizational scope includes the Legal, Talent, Privacy, Procurement, Trust (Security and Risk & Compliance), Workplace Experience, Cloud Engineering, Product Engineering, and Workplace Technology teams affecting the ISMS.
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
January 18, 2024
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
Any third-party add-ons added by the Buyer.
PCI certification
Yes
Who accredited the PCI DSS certification
Optus Cyber Security Pty Limited
PCI DSS accreditation date
April 2022
What the PCI DSS doesn’t cover
All credit card payments are processed by a third-party provider, Stripe, via a SAQ A-compliant iFrame embedded within the online payment apge. No credit card data is stored, processed or transmitted by Atlassian. All payment pages delivered to the customer's browser originate directly from Stripe.
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes
See https://www.atlassian.com/trust/security/security-practices

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Atlassian rigorously tracks and monitors all software changes made to the products and run comprehensive automated testing to ensure that changes do not introduce defects into the software which may compromise security. All software changes are code reviewed within Atlassian before being deployed to product instances.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Atlassian have an extensive security program that includes ongoing testing of their hosted systems and products. They also undertake third party independent assessments of our Cloud products. Atlassian set out their security bugfix SLA in this document: https://www.atlassian.com/trust/policies/security-bugfix-policy
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Atlassian has an ongoing system of monitoring access to check for unauthorised access. If a compromise is detected the account holder is notified and access is locked off until the problem is resolved. Incidents are handled at the 'Level-1 Critical' standard within the Atlassian support response SLA, i.e. 1 hour for the standard Cloud based instances.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Atlassian sets out it's incident management approach in this document: https://www.atlassian.com/trust/security/security-incident-responsibilities Users should report incidents via support. Incident reports will be provided to a user specified by the Buyer via email.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

Fighting climate change

Fighting climate change

Effective stewardship of the environment
At BDQ, we recognize that the fight against climate change is not just a global challenge but a fundamental responsibility. Our commitment to effective stewardship of the environment is at the core of our operations. As a forward-thinking company specializing in cloud solutions, we enable our clients to significantly reduce their carbon footprint. By facilitating remote collaboration, we help minimize the need for travel, leading to a decrease in greenhouse gas emissions. Our services also allow businesses to transition away from energy-intensive on-site computer rooms, further reducing their environmental impact.

We believe that technology can and should be a force for good. Through our innovative cloud-based services, BDQ is dedicated to providing solutions that not only enhance business efficiency but also contribute positively to the environment. We are proud to empower our clients to meet their sustainability goals, fostering a culture of conscious computing and responsible business practices.

In our journey towards a greener future, we pledge to continuously explore new ways to deliver our services in the most eco-friendly manner possible. BDQ is not just a company; it's a community of like-minded individuals committed to making a difference in the world. Together, we are fighting climate change through effective stewardship of the environment. This is our promise, our mission, and our contribution to a sustainable planet.

Pricing

Price
£900 a user a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@bdq.cloud. Tell them what format you need. It will help if you say what assistive technology you use.