On Regulated Industries on Atlassian Cloud: Challenges and Possible Solutions

April 24, 2023

Introduction

Companies in the regulated industries like medical device, space and aviation and other complex system developers are among the latest adopters of Atlassian Cloud as their collaboration and product lifecycle development platform. In addition to industry-specific regulations, companies in the regulated industries are periodically audited also in the areas of user data access, privacy and security, which extend to the compliance of their software development platform providers like Atlassian.

Atlassian Marketplace Partner SoftComply that offers compliance apps for the regulated industries on Atlassian since 2017 organized a Breakfast Roundtable Chat at Atlassian Team 23 event on April 20 together with their customer and consulting partner Orthogonal. The aim of the event was to discuss the challenges that the regulated industries may be facing on Atlassian Cloud, share experiences and best practices for the regulated industries on Atlassian Cloud and come up with ideas how Atlassian with its partners can better support users from the regulated industries.

The breakfast chat was attended by people from Atlassian, Atlassian Marketplace and Solution Partners as well as Atlassian’s customers in the regulated space: Atlassian, Ambientia, Appfire, Izymes, K15t, Togetha, Cenote Labs, Polymetis Apps, Orthogonal, and SoftComply.

Possible Challenges of using Atlassian Cloud in the Regulated Industries

During the discussion, participants raised some potential challenges that regulated industries may face when using Atlassian Cloud.

There were three main challenges identified:

  1. App Fatigue – this refers to the interoperability and integration between different apps that are used in regulated industries. Some customers may feel overwhelmed by the number of various apps offered by different Marketplace Vendors to support their business. While Atlassian Solution Partners are the point of contact for the larger customers, the configuration and support of the apps is still controlled by separate companies, i.e. the app vendors.
  1. User Data – this includes concerns around where data is stored and who can access it. Customers using multiple apps may feel unsure about where their data is stored and who can access it.
  2. Data Security – there are concerns around how data is secured and how users benefit from Atlassian Forge apps. While Atlassian strongly supports the app vendors developing apps for Atlassian Cloud in Forge to increase data security for the users, users might not all be aware of these benefits.

To better support the regulated industries better, Atlassian app vendors should consider the following actions:

  1. Firstly, we as app vendors should collaborate to better understand the user needs and work together to provide solutions to the users rather than a set of fragmented apps.
  2. Secondly, we should better inform users about the security and privacy of user data in Atlassian Cloud as well as in our developed apps.
  3. Finally, we should improve our apps to cater to companies with compliance needs by offering more granular app configuration and settings options, permission audit logs, and other features.

Atlassian can also help their Marketplace and Solution partners to better serve the regulated industries by:

  1. Clarifying the improved security of Forge apps.
  2. Creating Forge Data Residency options as soon as possible.
  3. Creating and supporting app extensions that allow different pricing models to cater to niche apps that might not all be used across the entire organization.

Atlassian and its partners can work together to better serve and support the regulated industries by forming a focus group to regularly discuss the pain points of the regulated industries and create solutions that would best benefit businesses in the regulated space. The aim of the focus group is to share experiences and best practices and come up with ideas to improve Atlassian Cloud and support the regulated industries.

Summary

In summary, the Breakfast Roundtable Discussion organized by SoftComply and Orthogonal was an excellent opportunity to address the challenges that the regulated industries face when using Atlassian Cloud.

The discussion identified app fatigue, user data privacy and security as the primary challenges that users in these industries face. Atlassian and its Marketplace and Solution partners can take different actions to support the regulated industries and make their experience with Atlassian Cloud more seamless. By collaborating and forming a focus group, they can develop and implement solutions that best benefit the regulated industries.

Table of Contents

Ready to get started?

Contact us to book a demo and learn how SoftComply can cover all your needs

Medical Device Compliance Guide
Picture of Marion Lepmets

Marion Lepmets

CEO
September 23, 2024

Introduction This medical device compliance guide focuses on the key requirements and strategies for navigating the regulatory landscape. We will cover the role of major regulatory bodies like the FDA, the classification of devices, and the importance of quality management. We will also discuss the challenges of global compliance and...

CVSS-FDA-cybersecurity-medical-devices-1712x599-c
Picture of Matteo Gubellini

Matteo Gubellini

Regulatory Affairs Manager
September 16, 2024

This case study describes the experience of a multinational medical device manufacturer meeting the FDA cybersecurity requirements. The company is operating in the MedTech sector developing a class 2/IIb device consisting of hardware and software. The company spent about 2 years working on the security risk management of the device....

Information Security Risk Management Guide
Picture of Marion Lepmets

Marion Lepmets

CEO
September 13, 2024

Keeping your data safe is vital for every business. One way to do this is by following ISO 27001. But how can we manage these information security risks with a tool like Jira? Let’s dive in! What is Information Security Risk Management Information Security Risk Management is all about identifying,...