DevOps Agile SaaS Platform
BDQ provide a SaaS DevOps Agile platform based on the Atlassian Cloud Stack (Jira, Confluence, Bitbucket and JIRA Service Management), alongside Zephyr and Sonatype.
Features
- Atlassian Stack - Jira, Confluence, Bitbucket, Jira Service Management
- Zephyr real-time test management
- Sonatype Nexus automates open source governance and DevSecOps
- Hosted in Atlassian Cloud
- DataCentre edition can be hosted in AWS or on-premise
- License management, Configuration and set-up consultancy
- Optionally, systems administration and ongoing support
- Customisation based on user requirements e.g. secure Jira Service Management
- Complete Agile SaaS Platform for DevOps
Benefits
- Turnkey infrastructure platform for Agile & DevOps
- Atlassian Solutions Partner expertise in best-practice configuration
- Scalable for Agile-at-scale
- No on-premise installation required
- DataCentre edition can be hosted in AWS or on-premise
- Incident reponse with OpsGenie and communication with StatusPage
- Git source code management with BitBucket
- Enterprise planning with Jira Align
- Extensive Marketplace of 3rd Party Apps for additional functionality
Pricing
£900 a user a year
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at enquiries@bdq.cloud.
Tell them what format you need. It will help if you say what assistive technology you use.
Framework
G-Cloud 13
Service ID
9 9 6 2 9 7 4 5 7 2 8 9 2 9 5
Contact
BDQ
Dominic Bush
Telephone: +44 (0)844 8265 236
Email: enquiries@bdq.cloud
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
-
Atlassian's SLAs are here: https://www.atlassian.com/legal/sla
Monthly uptime percentage target for 'Premium' is 99.9%, 'Enterprise' is 99.95% - System requirements
- See supported browsers in the 'Using the Service' section.
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- 24 hours, 7 days a week
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- Via Atlassian website
- Web chat accessibility testing
- None.
- Onsite support
- No
- Support levels
- These responses are for the current Atlassian Enterprise edition. Support levels vary based on the edition of the software. Contact us for details of current support offerings. BDQ support is available separately.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
We can provide training courses, drop-ins and workshops for the products and consultancy services to make sure that your projects get off to the best possible start, achieve adoption and follow best practice guidance. These are available under the separate support services.
Full user documentation is available for all the products. - Service documentation
- Yes
- Documentation formats
- HTML
- End-of-contract data extraction
- The products provide tools which allow the contents of the products to be extracted to open formats.
- End-of-contract process
- At additional cost we can provide consultancy services to off-board the data. Please see our SFIA rate card for pricing.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- When you view the Atlassian and Zephyr products on a mobile device an optimised version of the page is displayed. It is possible to switch to a desktop view if required.
- Service interface
- No
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- API
- Yes
- What users can and can't do using the API
- The Atlassian and Zephyr products have extensive REST-based APIs that allow configuration of the services and editing of the data within the product. For example, here is the documentation for Jira Cloud: https://docs.atlassian.com/jira/REST/cloud/
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
- All products are highly configurable, including branding, by the end user or by BDQ under the separate support service.
Scaling
- Independence of resources
- The service is monitored using standard SaaS Cloud Management techniques to prevent users impacting each other.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Highly configurable
- Reporting types
-
- Real-time dashboards
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- AWS, Atlassian, Zephyr and Sonatype
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- Never
- Protecting data at rest
- Physical access control, complying with CSA CCM v3.0
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Authorised users can export data from within the application to a number of different formats.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- Varies on deployment type and customer requirements.
- Approach to resilience
- Available on request
- Outage reporting
- Public dashboard showing current status of their cloud products.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
- Only those users assigned to the administrator groups have access to the management user interface. A buyer specified set of users are permitted to raise support requests.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- Between 1 month and 6 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- Between 6 months and 12 months
- How long system logs are stored for
- Between 1 month and 6 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Coalfire Certification, Inc
- ISO/IEC 27001 accreditation date
- August 16, 2021
- What the ISO/IEC 27001 doesn’t cover
-
The certificate scope comprises the Information Security Management System (ISMS) also referred to as the Atlassian Trust Management System supporting the operations underlying the Atlassian Cloud offering. The cloud offering comprises Jira Cloud, Confluence Cloud, Bitbucket Cloud, Bitbucket Pipelines, Trello, Opsgenie, Jira Align, Statuspage, Jira Service Management (JSM), Halp, Data Lake, Forge, Insight, and Compass as well as the microservices used to deliver these applications. These activities are governed by the implemented controls in accordance with the organizational Statement of Applicability, which further extends to the additional controls defined within ISO/IEC 27018:2019.
The organizational scope includes the Legal, Talent, Policy, Procurement, Trust, Workplace Experience, and Workplace Technology teams affecting the ISMS.
Any other aspects of Atlassian’s business is out of scope. - ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 05/02/2022
- CSA STAR certification level
- Level 1: CSA STAR Self-Assessment
- What the CSA STAR doesn’t cover
- Any third-party add-ons added by the Buyer.
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- Optus Cyber Security Pty Limited
- PCI DSS accreditation date
- 30/09/2021
- What the PCI DSS doesn’t cover
- All credit card payments are processed by a third-party provider, Stripe, via a SAQ A-compliant iFrame embedded within the online payment apge. No credit card data is stored, processed or transmitted by Atlassian. All payment pages delivered to the customer's browser originate directly from Stripe.
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- CSA CCM version 3.0
- ISO/IEC 27001
- Information security policies and processes
- See https://www.atlassian.com/trust/security/security-practices
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- Atlassian rigorously tracks and monitors all software changes made to the products and run comprehensive automated testing to ensure that changes do not introduce defects into the software which may compromise security. All software changes are code reviewed within Atlassian before being deployed to product instances.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- Atlassian have an extensive security program that includes ongoing testing of their hosted systems and products. They also undertake third party independent assessments of our Cloud products. Atlassian set out their security bugfix SLA in this document: https://www.atlassian.com/trust/policies/security-bugfix-policy
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- Atlassian has an ongoing system of monitoring access to check for unauthorised access. If a compromise is detected the account holder is notified and access is locked off until the problem is resolved. Incidents are handled at the 'Level-1 Critical' standard within the Atlassian support response SLA, i.e. 1 hour for the standard Cloud based instances.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Atlassian sets out it's incident management approach in this document: https://www.atlassian.com/trust/security/security-incident-responsibilities Users should report incidents via support. Incident reports will be provided to a user specified by the Buyer via email.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Wellbeing
-
Wellbeing
BDQ operates a modern, inclusive set of working practices, providing a supportive working environment that takes account of the needs of individual employees, whether they might require flexible hours, mentoring and support, or even company loans to assist with relocations etc. Pay rises are awarded annually at or above inflation to ensure pay keeps pace with the cost of living, and the annual review process is also used to seek opportunities to provide additional help and support to employees.
Many of the Cloud-based services we resell and support have extensive collaboration features, providing various communication channels to promote productivity and flexible working. BDQ staff use many of these services in their day-to-day work, ensuring adoption across the organisation and familiarity with the services to better promote best practices with customers.
The use of these collaboration tools supports flexible working and work from home policies and maintains the social interaction of the office, despite disparate working locations, that is so essential to mental health and wellbeing. These benefits are felt among BDQ staff and the staff of our customers, and in the interactions between them.
Training, including the opportunity to achieve certifications and accreditations in the services, is provided to all staff, and the benefit of this knowledge is transferred to customers own staff through the various training courses and workshops that BDQ provides.
Retrospectives are carried out at the end of each major assignment to seek internal feedback and learn lessons, giving employees a stake in how the business is run. These sessions improve not only BDQ’s internal processes and procedures, but may also lead to significant business decisions, such as a recent Board decision to offer additional discounts to charities seeking our services.
Together, these practices promote a collaborative, consultative working culture within and between BDQ and our customers.
Pricing
- Price
- £900 a user a year
- Discount for educational organisations
- No
- Free trial available
- No
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at enquiries@bdq.cloud.
Tell them what format you need. It will help if you say what assistive technology you use.