New Verve Consulting

Atlassian as a Service

We provide Atlassian Server and Data Center applications as a cloud service: Jira Core, Jira Software, Jira Service Desk, Confluence, Bitbucket, Bamboo and Crowd. We also support all apps by Atlassian and a wide range of Marketplace apps. Reduce the cost, complexity, and risk of ownership by using our service.


  • Powered by AWS
  • Availability SLA
  • Automated fail-over capacity
  • Scalability
  • High performance
  • Data security (SSL and encryption)
  • Daily backups
  • Infrastructure monitoring
  • Infrastructure management (OpsWorks)
  • Free setup and configuration


  • Reduced cost of ownership
  • Reduced complexity of ownership
  • Reduced risk of ownership
  • Affordable and predicable monthly fee
  • No capital expenditure
  • Reliability
  • Durability
  • Data security
  • Flexibility
  • Expertise


£100 per unit per month

  • Free trial available

Service documents

G-Cloud 10


New Verve Consulting

Nigel Rochford


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints None
System requirements
  • Server licenses for each Atlassian application
  • SSL certificate
  • DNS (for web domain)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We offer two main SLAs - Standard and Premium. - Standard: 09:00 - 17:00 GMT/BST, Business days - Premium: 08:00 - 20:00 GMT/BST, Business days Business days = Monday to Friday, excluding bank or public holidays in Scotland. Response times: - Standard (Blocking): 1 hour - Standard (Critical): 4 hours - Standard (Major): 1 day - Standard (Minor): 5 days - Premium (Blocking): 1 hour - Premium (Critical): 2 hours - Premium (Major): 4 hours - Premium (Minor): 2 days The terms blocking, critical, major, minor are defined in our SLA.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels Our maintenance and support plans ensure that your Atlassian server and cloud applications are supported and maintained within a solid Service Level Agreement.

As well as benefitting from seamless application upgrades, your team will gain access to our 24-hour user-friendly service desk for raising and tracking queries in a transparent way.

Each of our annual plans include a basic provision of support hours to cover your high priority needs. If you need additional help to set up, configure, and administer your Atlassian applications, you have the option to purchase extra 'bolt-on' support hours at competitive prices.

- Standard SLA: Monday - Friday, 09:00 - 17:00 GMT/BST
- Premium SLA: Monday - Friday, 08:00 - 20:00 GMT/BST

See for more details.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide a wide range of bespoke training and support. Atlassian also provides their own product documentation.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Full database and file-system backups in archived password-protected format.

These can be provided via jumpbox (SSH / key access) for download by the client.
End-of-contract process All customer data will be securely transferred on request to the customer at the end of contract. Thereafter, New Verve Consulting may delete the customer data at its discretion.

The customer must discontinue use of the services and point its domain name(s) away from the managed services.

Following termination, New Verve Consulting will promptly provide to the customer copies of all relevant documentation related to the services, hand over to the customer all relevant passwords specific to the services provided to the customer, and provide the customer with assistance and information in transitioning the services in-house or to another 3rd party supplier.

All assistance and information provided in transitioning the services will be provided for free for a period of up to 30 days following termination, thereafter will be chargeable to the customer on a time and materials basis.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service There is a fully responsive version of the websites available on mobile. There are also apps available on Android and iOS.
Accessibility standards None or don’t know
Description of accessibility Refer to

The VPAT and general Accessibility Statements for each of our products are available in digital format here:
Accessibility testing See previous question.
What users can and can't do using the API There are public REST and Server APIs documented at
API documentation Yes
API documentation formats HTML
API sandbox or test environment No
Customisation available Yes
Description of customisation Marketplace add-ons can be installed on request to expand / enhance the service.

Bespoke integrations can also be implemented on request.

All changes will be tested on a dedicated Staging environment prior to go-live and at additional cost.


Independence of resources Every customer gets their own independent application server which is scaled according to their needs. Application data is stored on a RDS instance and we can scale resources with load.


Service usage metrics Yes
Metrics types Site statistics are available directly from the applications. Bespoke statistics and reporting are available via Marketplace add-ons and/or bespoke implementation work performed by New Verve Consulting.
Reporting types

- Through an API
- Real-time dashboards
- Regular reports
- Reports on request
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency Less than once a year
Penetration testing approach In-house
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Full data exports are available at the server-level on request as database exports and file-system dumps.

Content can be exported in CSV, HTML, and XML format directly from the applications.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • XML
  • HTML
  • Word
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
Other protection between networks All components of the hosting infrastructure communicate over SSH-secured network connections and OAuth-authenticated application links. All servers reside within an Amazon Virtual Private Cloud (VPC) with a dedicated virtual firewall per server. All application servers are exposed to the Internet on port 443, allowing HTTPS access to the outside world. All SSH access is strictly controlled through the use of AWS security groups and EC2 key pairs.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability 99.9%

We offer service credits in respect of each calendar month during which the hosted services uptime is less than the monthly uptime percentages listed below. The credit percentage is based on monthly hosted services charges.

- Less than 99.9% but equal to or greater than 99.0%: 10%
- Less than 99.0%: 25%
Approach to resilience Available on request.
Outage reporting A password protected dashboard for all planned and unplanned events. All components of the hosting infrastructure are monitored on an ongoing basis for performance, reliability & security metrics using Amazon CloudWatch. Email alerts are sent to pre-configured mailing lists accordingly.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels All access is based on individual user accounts with password protection. All SSH access is strictly controlled through the use of AWS security groups and EC2 key pairs.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification Yes
Who accredited the ISO 28000:2007 EY CertifyPoint
ISO 28000:2007 accreditation date November 18, 2010
What the ISO 28000:2007 doesn’t cover See
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We have a formal policy in place for the business and it can be forwarded on request. It applies to all Partners, Employees and Suppliers to New Verve, contractual third parties and agents of New Verve who use New Verve IT facilities and equipment, or have access to, or custody of, customer information or New Verve Consulting information. Events and weaknesses must be reported at the earliest possible stage as they need to be assessed by the data protection officer (defined in a separate Data Protection Policy), who will identify from the information provided when a series of events or weaknesses have escalated to become an incident. All Information Security Events or Weaknesses are reported immediately using our JIRA ticketing system. If an event or weakness is detected, users immediately raise a JIRA ticket with Blocker priority in an internal JIRA project. We have a table which defines risk levels, typical incidents for each along with initial response times and ongoing response obligations. Our policy is governed internally and responsibilities are reviewed every 6 months.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Available on request.
Vulnerability management type Supplier-defined controls
Vulnerability management approach All application vulnerabilities are identified by Atlassian and forwarded to us. We provide our customers with written notice for all security updates. Once we identify the relevant security risk, we fully complete testing of any updates before rolling out to the customer's production environment according to the recommended and agreed schedule with the customer. Any security advisories issued by AWS are implemented as above.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Refer to Information Security Policy. Full processes available on request.
Incident management type Supplier-defined controls
Incident management approach Refer to Information security policy.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £100 per unit per month
Discount for educational organisations No
Free trial available Yes
Description of free trial 30 days free for a trial instance for < 50 users.

The trial instance excludes daily backups and monitoring.


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑