SoftComply Cloud apps are compliant with the Atlassian Cloud Security Program. Additionally, apps use all of the latest and most common transport layer security technologies (TLS, HSTS, etc). See more at Security requirements for cloud apps
SoftComply apps are not SOC 2 compliant, however, we participate in and are compliant with the following programs owned by Atlassian:
Apps use HTTPS for data encryption in transit.
Only SoftComply Risk Manager application and Document Manager application has data stored in backend database at Google Cloud. The data at rest is then encrypted with Google Cloud mechanisms.
Other apps use Atlassian Forge Storage to store data.
We currently don’t conduct external audits of the app except for the BugCrowd open crowdsourced security program that we participate in.
As we are compliant with the Atlassian Security Program, a self-assessment is updated and sent to Atlassian every year. This is a company-wide security assessment, not per-product assessment.
Yes, more information is available on request or at App security incident management guidelines for Marketplace Partners .
We do have a Business Continuity Plan, and a Disaster Recovery Plan in place. We are fully hosted on Google Cloud, which is 100% fault tolerant. Additionally, we have redundancies built in, to keep the application running in the event of an outage in the region. Our servers are backed up daily.
We do have the ability to recover data for a specific customer even though it can take some time, as our application is multi-tenant. Currently, data recovery can be requested through a support ticket.
We are enrolled in the Bug Bounty program run by BugCrowd as part of the Atlassian “Vendor Security Assessment” program. As part of the program security researchers pen test our application and report back all security vulnerabilities and we fix all the identified vulnerabilities as per the SLA’s setup by Atlassian for the program. If we continue to meet the requirements of the vendor security assessment program Atlassian confers a security badge on the app in the marketplace.
No personal data is stored by SoftComply. Only SoftComply Risk Manager stores the configuration of the risk matrix and the risk table but no personal or user information whatsoever. All user information is stored in Jira by Atlassian. SoftComply Risk Manager Plus is a Forge application thus the data is stored and maintained by Atlassian.
We store the Atlassian user ID and email address in the Forge storage (within Atlassian) to be able to run the service. We also store data entered in fields, which may be sensitive depending on the actual content entered by the user. Processing of this data is limited to storage and transfer. For regulatory purposes we store the audit trail of documents and our App.
This data is stored on Google Cloud services and is encrypted at rest and use HTTPS for data encryption in transit. Access to the database is controlled. Access to data is allowed only for troubleshooting purposes and only after written consent from the customer.
All Data is stored in the European Union.
Our privacy policy can be accessed on our website at Privacy Policy – SoftComply .
No customer data is stored in SoftComply’s database. Only the following configuration is stored:
Risk Matrix configuration,
Risk Table configuration.
All data is encrypted in transit and at rest.
No customer data is stored in SoftComply’s database.
We store the Atlassian user ID and email address in the Forge storage (within Atlassian) to be able to run the service. We also store data entered in fields, which may be sensitive depending on the actual content entered by the user. Processing of this data is limited to storage and transfer. For regulatory purposes we store the audit trail of documents and our App.
This data is stored on Google Cloud services and is encrypted at rest and use HTTPS for data encryption in transit. Access to the database is controlled. Access to data is allowed only for troubleshooting purposes and only after written consent from the customer.
We do NOT store data contained in Confluence pages.
All Data is stored in the European Union.
We don’t have any security relevant certificates yet.
