New Verve Consulting

Atlassian Server Applications as a Service

We provide Atlassian Server applications as a cloud service: JIRA Core, JIRA Software, JIRA Service Desk, Confluence, and Crowd.

We also support all add-ons by Atlassian and a wide range of Marketplace add-ons.

Reduce the cost, complexity, and risk of ownership by using our service.


  • Powered by AWS
  • Availability SLA
  • Automated fail-over capacity
  • Scalability
  • High performance
  • Data security (SSL and encryption)
  • Daily backups
  • Infrastructure monitoring
  • Infrastructure management (OpsWorks)
  • Free setup and configuration


  • Reduced cost of ownership
  • Reduced complexity of ownership
  • Reduced risk of ownership
  • Affordable and predicable monthly fee
  • No capital expenditure
  • Reliability
  • Durability
  • Data security
  • Flexibility
  • Expertise


£100 per instance per month

Service documents

G-Cloud 9


New Verve Consulting

Nigel Rochford


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints We currently only support hosting and support for JIRA software, JIRA core, JIRA service desk, Confluence, and Atlassian Crowd.

We will be adding more applications throughout 2017-2018.
System requirements
  • Server licenses for each Atlassian application
  • SSL certificate
  • DNS (for web domain)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We offer two main SLAs - Standard and Premium.

- Standard: 09:00 - 17:00 GMT/BST, Business days
- Premium: 08:00 - 20:00 GMT/BST, Business days

Business days = Monday to Friday, excluding bank or public holidays in Scotland.

Response times:
- Standard (Blocking): 1 hour
- Standard (Critical): 4 hours
- Standard (Major): 1 day
- Standard (Minor): 5 days

- Premium (Blocking): 1 hour
- Premium (Critical): 2 hours
- Premium (Major): 4 hours
- Premium (Minor): 2 days

The terms blocking, critical, major, minor are defined in our SLA.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels Our service plans ensure that your Atlassian server and cloud applications are supported and maintained within a solid Service Level Agreement.

As well as benefiting from seamless application upgrades, your team will gain access to our user-friendly service desk for raising and tracking queries in a transparent way.

Each of our plans include a basic provision of support hours to cover your high priority needs. If you need additional help to set up, configure, and administer your Atlassian applications, you have the option to purchase extra 'bolt-on' support hours at competitive prices.

STANDARD monthly pricing is as follows (Standard SLA, Monday - Friday, 09:00 - 17:00 GMT/BST): £299 / month. Includes 5 hours of support per month. Bolt-on pricing:
+ 10 hours / month: £750
+ 20 hours / month: £1,425
+ 30 hours / month: £2,025
+ 50 hours / month: £3,000

PREMIUM monthly pricing is as follows (Premium SLA, Monday - Friday, 08:00 - 20:00 GMT/BST): £549 / month. Includes 10 hours of support per month. Bolt-on pricing:
+ 10 hours / month: £1,100
+ 20 hours / month: £2,090
+ 30 hours / month: £2,970
+ 50 hours / month: £4,400
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide a wide range of bespoke training and support.
Atlassian also provides their own product documentation.

We are also an authorized Atlassian Training Partner, meaning we can deliver certain University courses in a classroom-based environment. Refer to service description for more details.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Full database and file-system backups in archived password-protected format.
End-of-contract process Daily backups are included in hosting plans as standard - if more regular backups are required, these come at additional cost.

Setup and configuration is included at no extra cost in hosting plans, but migration from legacy services are priced separately based on client needs.

Support plans include complimentary support hours each month (5 for standard plans, 10 for premium). Any additional support hours are charged separately.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • Linux or Unix
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service JIRA: Refer to Atlassian's website here -

Confluence: Refer to Atlassian's website here -
Accessibility standards None or don’t know
Description of accessibility Atlassian is auditing their products to ensure they are compliant with Section 508 and WCAG 2.0 AA.

Refer here for more detail:
Accessibility testing Refer to Atlassian.
What users can and can't do using the API Java and REST APIs are both available and fully documented by Atlassian here:
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available No


Independence of resources Every customer gets their own independent application server which is scaled according to their needs.

Application data is stored on a RDS instance and we can scale resources with load.


Service usage metrics Yes
Metrics types Site statistics are available directly from the applications. Bespoke statistics and reporting are available via Marketplace add-ons and/or bespoke implementation work performed by New Verve Consulting.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency Less than once a year
Penetration testing approach In-house
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Full data exports are available at the server-level on request as database exports and file-system dumps.

Content can be exported in CSV, HTML, and XML format directly from the applications.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • XML
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
Other protection between networks All components of the hosting infrastructure communicate over SSH-secured network connections and OAuth-authenticated application links.

All servers reside within an Amazon Virtual Private Cloud (VPC) with a dedicated virtual firewall per server.

All application servers are exposed to the Internet on port 443, allowing HTTPS access to the outside world.

All SSH access is strictly controlled through the use of AWS security groups and EC2 key pairs.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability We offer service credits in respect of each calendar month during which the hosted services uptime is less than the monthly uptime percentages listed below. The credit percentage is based on monthly hosted services charges.

- Less than 99.9% but equal to or greater than 99.0%: 10%
- Less than 99.0%: 25%
Approach to resilience Available on request.
Outage reporting A password protected dashboard for all planned and unplanned events.

All components of the hosting infrastructure are monitored on an ongoing basis for performance, reliability & security metrics using Amazon CloudWatch. Email alerts are sent to pre-configured mailing lists accordingly.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels All access is based on individual user accounts with password protection.

All SSH access is strictly controlled through the use of AWS security groups and EC2 key pairs.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations
  • AWS security accreditations - refer to Amazon Web Services website
  • Atlassian security accreditations - refer to Atlassian's website

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We have a formal policy in place for the business and it can be forwarded on request.

It applies to all Partners, Employees and Suppliers to New Verve, contractual third parties and agents of New Verve who use New Verve IT facilities and equipment, or have access to, or custody of, customer information or New Verve Consulting information.

Events and weaknesses must be reported at the earliest possible stage as they need to be assessed by the data protection officer (defined in a separate Data Protection Policy), who will identify from the information provided when a series of events or weaknesses have escalated to become an incident.

All Information Security Events or Weaknesses are reported immediately using our JIRA ticketing system. If an event or weakness is detected, users immediately raise a JIRA ticket with Blocker priority in an internal JIRA project.

We have a table which defines risk levels, typical incidents for each along with initial response times and ongoing response obligations.

Our policy is governed internally and responsibilities are reviewed every 6 months.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Available on request.
Vulnerability management type Supplier-defined controls
Vulnerability management approach All application vulnerabilities are identified by Atlassian and forwarded to us.

We provide our customers with written notice for all security updates. Once we identify the relevant security risk, we fully complete testing of any updates before rolling out to the customer's production environment according to the recommended and agreed schedule with the customer.

Any security advisories issued by AWS are implemented as above.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Refer to Information Security Policy. Full processes available on request.
Incident management type Undisclosed
Incident management approach Refer to Information security policy.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £100 per instance per month
Discount for educational organisations No
Free trial available Yes
Description of free trial We offer a 30-day trial to JIRA and Confluence.

Backups and monitoring are excluded.
Link to free trial


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑