Valiantys Ltd

Atlassian Access

Atlassian Access provides a centralised administration to manage users and apply security policies across all Atlassian Cloud products in the organisation including Jira Software, Jira Service Desk, Confluence, Bitbucket, and Trello. Purchase, renew or upgrade your Atlassian Access with Valiantys, your dedicated Atlassian Licence Specialist.

Features

  • Connect your Cloud applications with your idP
  • Scale Atlassian cloud products with confidence
  • Enterprise-grade security and centralised administration across all Atlassian cloud products.
  • Centralised security and governance across your entire organisation.
  • SAML single sign-on (SSO)
  • Organisation audit log
  • Automate User provisioning
  • Organisation insights
  • Security integrations (CASB)
  • Active Directory sync with Okta, Azure, OneLogin, and more

Benefits

  • Atlassian Access gives increased security and simplify login
  • Atlassian Access allows for increased visibility into important activities
  • Require Verification upon login
  • Streamline and automate user lifecycle management
  • Increased understanding of product adoption
  • Atlassian Access allows you to monitor suspicious activities
  • Atlassian Access allows you to view and manage API access
  • API token controls
  • Enforced 2FA

Pricing

£1,500 to £500,000 an instance a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at orders.uk@valiantys.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

6 7 6 2 0 2 0 8 6 3 0 2 8 9 1

Contact

Valiantys Ltd Rickard Johansson
Telephone: +44 (0) 203 735 9808
Email: orders.uk@valiantys.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
If/when security breaches are discovered by the software vendor (Atlassian), they would contact all their customers and advise on the different steps to take. If any maintenance has to be undertaken on the servers provided by Valiantys, our hosting team will contact our customers to confirm which time is most suitable for this planned maintenance. We will always aim at reducing down time and lowering the impact on users. Atlassian hardware requirements are available in the Atlassian documentation: https://confluence.atlassian.com/alldoc/atlassian-documentation-32243719.html.
System requirements
  • Licences for the required Atlassian products and potential add-ons
  • Web browser
  • Access to Internet

User support

Email or online ticketing support
Email or online ticketing
Support response times
We offer different support packages (Standard, Enterprise or Unlimited ) which have different SLAs, further detail here https://valiantys.com/legal/sla.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We offer different support packages (Standard, Enterprise or Unlimited ) which have different SLAs, further detail here https://valiantys.com/legal/sla.

Indicative costs for each of them are listed in our pricing document.

Our customers have access to a team of support engineers who can assist them with their queries.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
-
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
Online
End-of-contract data extraction
Users can extract all data through an XML export.
End-of-contract process
We will provide an XML export containing all the tools' data. We would then delete all backups and any sensitive information from the client. Data migration to another system may require days of consultancy, which would come at an additional cost.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
No
Service interface
No
API
Yes
What users can and can't do using the API
You can use the REST API to build add-ons for Jira, develop integrations between Jira and other applications, or script interactions with Jira.
API documentation
Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
No
Customisation available
No

Scaling

Independence of resources
We set up a virtual private cloud per client.

Analytics

Service usage metrics
Yes
Metrics types
We can provide service metrics regarding our managed hosting services: e.g. CPU usage, RAM, support usage, etc.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
Never
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
No
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
They can export some data on their own, or can also contact their service provider for a full data export (XML).
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • PDF
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The level of availability of our service is 99.5%. Refunds are limited to 10% of the total amount of the contract, and will be negotiated on a case-by-case basis before contract sign-off.
Approach to resilience
This will mainly depend on the architecture and set up (different based on each client's requirements: i.e. cluster environment, disk speed, etc.). Network and equipment are guaranteed by a third party.
Outage reporting
Email alerts and/or provided software.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Personal named accounts with password and user name.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
We try to get as close as possible to ISO-27001 but are not officially accredited at the moment.
Information security policies and processes
Responsibility for security sits under the following: - Our hosting provider, which rents us a data center - Valiantys, who handle service installation and support - Atlassian, who develops and maintain the software. The main security policies/processes we follow are: - Physical and environmental security (e.g. Fire detection and suppression, Power, Climate and temperature, Storage device decommissioning, Physical access to the data center). - Business continuity management (Availability, Company-wide executive review) - Network security (Secure network architecture, Secure access points, Transmission protection, Fault-tolerant design, Network monitoring and protection, Account review and audit, Background checks, VPN, Workstation security, Separated private clouds per customer, Firewalls, etc.) - Credentials (Individual user accounts, Password policy, Multi-factor authentication, Server access) - Data security (Data access, Data deletion at the end of the contract, SSL, Data encryption, Security logs, Backups, Backup retention, Restore procedure, Restore procedure check, Pen tests) - Operations (Security organisation, Change management process, Incident management process, Problem management process, Periodic access rights review, Security incident management, Disaster recovery) For further information please contact us.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our change management process is based on ITIL best practices. A change is created whenever something needs to be added/modified/removed on any of our server or global AWS configuration. The change will go through several validation before being released in production.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Everyone at Valiantys has the ability to create a security incident, to be handled by our hosting and support team. Security incidents are also raised when security vulnerabilities are found on Atlassian tools or any middleware tools we use (SSL, MySQL, Java, Apache Tomcat, Apache HTTPD). Our hosting and support team is continuously monitoring for potential security vulnerabilities on any of those tools. When a vulnerability is found, we immediately inform our customers, and raise a change in order to apply a patch to fix the issue in the best delay.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Everyone at Valiantys has the ability to create a security incident, to be handled by our hosting and support team. Security incidents are also raised when security vulnerabilities are found on Atlassian tools or any middleware tools we use (SSL, MySQL, Java, Apache Tomcat, Apache HTTPD). Our hosting and support team is continuously monitoring for potential security vulnerabilities on any of those tools. When a vulnerability is found, we immediatly inform our customers, and raise a change in order to apply a patch to fix the issue in the best delay.
Incident management type
Supplier-defined controls
Incident management approach
Incidents are created by customers using emails, our support portal or by the Valiantys hosting and support team. An incident can be declared as blocker if it has significant impact on end-users (service down or a major bug, for example). Our hosting and support team handles tickets in the following priority order: - Service down (incidents are automatically created from our monitoring tool) - 30mn SLA - Blocker incidents - Security incidents - SLA breached tickets - All other tickets

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£1,500 to £500,000 an instance a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Free temporary licences can be requested to evaluate the service. Those licences are valid for 30 days and offer the exact same set of functionalities as commercial licences. Temporary licences can be renewed up to two times. Please contact us to request a temporary licence.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at orders.uk@valiantys.com. Tell them what format you need. It will help if you say what assistive technology you use.