| Table of Contents | ||
|---|---|---|
|
This page is to explain explains our security posture that can help customers meet their own compliance needs.Content here is replicated from other places to provide a convenient summary page, which aims to assist customers in meeting their own compliance requirements.
Compliance
SOC2
The Plugin People are currently undergoing SOC2 compliance involving 3rd party auditors. SOC2 Type 1 and 2 Audits are due soon. In scope are the core business processes, as well as our cloud infrastructure that is specific to Enterprise Mail Handler for Jira Cloud.
...
The Plugin People have outsourced the Data Protection Officer role, ; audits are expected soon.
...
File stores used for storing inbound/outbound customer email data are encrypted at rest.
Field Databases used in production are encrypted at rest. Additional field Level encryption (prior to storage) is used to encrypt on sensitive data. Our roadmap includes work to implement best practice multi-tenant row level security (Jira Legacy
Databases used in production are encrypted at rest.
When flagging mail for support, that mail content remains in its source region, is only retrieved at the point of need by The Plugin People.
...
Key management is delegated to AWS wherever possible making rotation automated. Best practice Role based security is applied to all application nodes. Legacy password usage is already limited, future work is planned to
| Jira Legacy | ||||||
|---|---|---|---|---|---|---|
|
Product Security
Penetration Testing
...