HIGHMETRIC UK LTD.

Atlassian Software and Licensing

A portfolio of collaboration, devops and service management applications built on the proven Atlasssian server and cloud platforms including Jira, Confluence, Bitbucket, Service Desk and Bamboo. These applications promote team working, agile (Kanban and Scrum), devops, service management and KCS (knowledge centric support).

Features

  • Support and advice during license purchase
  • Pre-sales demos, architecture design and support
  • DevOps, Agile (Kanban and Scrum) issue management
  • Wiki based knowledge management
  • Cloud and on-prem architectures
  • Mature IT service management applications
  • Source code management and version control solutions
  • Integrated software build tools
  • Mature, published web hooks based API
  • Active, integrated application market place

Benefits

  • Ensure license purchases are right-sized
  • Validated solution architectures
  • Full end-to-end process based solution
  • Full integrated applications, processes and services
  • Cloud native software build tools
  • Cloud native source code management tools
  • oAuth and other cloud based authentication baked in
  • Modern, consumer grade UI / UX
  • Fully configurable workflow engine
  • Governance and approvals on platform

Pricing

£0 to £12 a person

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@highmetric.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

6 1 9 7 5 2 1 3 4 6 8 7 3 2 6

Contact

HIGHMETRIC UK LTD. UK Public Sector Team
Telephone: 07506583977
Email: hello@highmetric.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
None
System requirements
  • Modern Web Browser
  • Licensing

User support

Email or online ticketing support
Email or online ticketing
Support response times
Inline with our published SLAs which are based on priority
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AAA
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
WCAG 2.1 AAA
Web chat accessibility testing
Web chat testing was actioned by our Partner Atlassian
Onsite support
Yes, at extra cost
Support levels
Atlassian provides Customer Support 24 hours a day, 7 days week, 365 days a year as part of the license subscription

A Highmetric Managed Service can extend and augment Atlassian support and can procured on G Cloud
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Please see the full Highmetric Atlassian Implementation Service Definition
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Customer has ability to migrate data to alternative platform and / or provider
End-of-contract process
Customer has ability to migrate data to alternative platform and / or provider

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Mobile devices are only supported on the Mobile views
Service interface
No
API
Yes
What users can and can't do using the API
The Atlassian REST APIs provide a standard interface for interacting with JIRA and our other applications.

REST APIs provide access to resources (data entities) via URI paths. To use a REST API, your application will make an HTTP request and parse the response. Your methods will be the standard HTTP methods like GET, PUT, POST and DELETE. REST APIs operate over HTTP(s) making it easy to use with any programming language or framework. The input and output format for the JIRA REST APIs is JSON.

JIRA uses the Atlassian REST plugin to implement the JIRA APIs. The REST plugin is bundled with JIRA. You can add your own REST APIs to JIRA by creating a JIRA plugin that includes the REST plugin module.
API documentation
Yes
API documentation formats
  • HTML
  • PDF
  • Other
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Users with Administration privileges can make and apply: Workflows, Projects, Themes, Issue types, Custom fields, Schemes, Logo, Site title, Application colours, Language, Banner, Dashboard, Application emails, User management

Scaling

Independence of resources
Each customer instance is scaled according to their functional and non-functional requirements

Analytics

Service usage metrics
No

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Atlassian

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
Never
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be exported through the Atlassian UI into a variety of flat file formats including XML, CSV, XLS, PDF and others
Data export formats
  • CSV
  • Other
Data import formats
  • CSV
  • Other

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
During the Subscription Term for which Atlassian has agreed to provide a relevant Cloud Product to you, we will use commercially reasonable efforts to provide a Monthly Uptime Percentage to you of at least 99.9%
Approach to resilience
Our cloud architecture relies on shared Atlassian accounts, so that with one Atlassian account, users can log in to Jira products, Confluence, and Bitbucket. Users can log in to all the products they use quickly and easily, and admins get a straightforward way to control how users authenticate to access Atlassian products and which users have access to which content.

The architecture is also multi-tenant, which means a single instance of the software and its supporting infrastructure serves multiple customers. Customers share the software application and a single database, but each tenant's data is isolated and remains inaccessible to other tenants.

This shared structure results in more scalability for larger customers, more availability to smaller customers who wouldn’t be able to afford or support full on-premises setups, and a competitive price point for companies of all sizes.
Outage reporting
Atlassian publish a public dashboard showing current status of their cloud products using their StatusPage service

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
SAML 2.0 based SSO, LDAPS, oAuth
Access restrictions in management interfaces and support channels
Only those users assigned to the administrator groups have access to the management user interface. A buyer specified set of users are permitted to raise support requests.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
EY Certify Point
ISO/IEC 27001 accreditation date
25/05/2018
What the ISO/IEC 27001 doesn’t cover
None Jira Cloud products
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
01/03/18
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
Any third-party add-ons added by the Buyer
PCI certification
Yes
Who accredited the PCI DSS certification
8 PCI Security Standards Council self assessment
PCI DSS accreditation date
01/06/2018
What the PCI DSS doesn’t cover
None
Other security certifications
Yes
Any other security certifications
  • ISO 27001
  • SOC 2
  • SOC 3
  • PCI DSS
  • ISO/IEC 27018
  • Privacy Shield

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
ISO 27001 ,
ISO 27018,
SOC2,
SOC3,
PCI DSS,
Privacy Shield,
GDPR,
VPAT.

Highmetric can provide more details on request

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Atlassian rigorously tracks and monitors all software changes made to the products and run comprehensive automated testing to ensure that changes do not introduce defects into the software which may compromise security.

All software changes are code reviewed within Atlassian before being deployed to product instances.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Atlassian have an extensive security program that includes ongoing testing of their hosted systems and products. They also undertake third party independent assessments of our Cloud products.

Atlassian set out their security bugfix SLA in this document:
https://www.atlassian.com/trust/policies/security-bugfix-policy
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Atlassian has an ongoing system of monitoring access to check for unauthorised access. If a compromise is detected the account holder is notified and access is locked off until the problem is resolved.

Incidents are handled at the "Level-1 Critical" standard within the Atlassian support response SLA, i.e. 1 hour for the standard Cloud based instances.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Atlassian sets out it's incident management approach in this document:
https://www.atlassian.com/trust/security/security-incident-responsibilities

Users should report incidents via support. Incident reports will be provided to a user specified by the Buyer via email.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£0 to £12 a person
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
30 day free trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@highmetric.com. Tell them what format you need. It will help if you say what assistive technology you use.