We provide Atlassian Server and Data Center applications as a cloud service: Jira Core, Jira Software, Jira Service Desk, Confluence, Bitbucket, Bamboo and Crowd. We also support all apps by Atlassian and a wide range of Marketplace apps. Reduce the cost, complexity, and risk of ownership by using our service.
- Powered by AWS
- Availability SLA
- Automated fail-over capacity
- High performance
- Data security (SSL and encryption)
- Daily backups
- Infrastructure monitoring
- Infrastructure management (OpsWorks)
- Free setup and configuration
- Reduced cost of ownership
- Reduced complexity of ownership
- Reduced risk of ownership
- Affordable and predicable monthly fee
- No capital expenditure
- Data security
£100 per unit per month
- Free trial available
New Verve Consulting
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||We offer two main SLAs - Standard and Premium. - Standard: 09:00 - 17:00 GMT/BST, Business days - Premium: 08:00 - 20:00 GMT/BST, Business days Business days = Monday to Friday, excluding bank or public holidays in Scotland. Response times: - Standard (Blocking): 1 hour - Standard (Critical): 4 hours - Standard (Major): 1 day - Standard (Minor): 5 days - Premium (Blocking): 1 hour - Premium (Critical): 2 hours - Premium (Major): 4 hours - Premium (Minor): 2 days The terms blocking, critical, major, minor are defined in our SLA.|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Onsite support|
Our maintenance and support plans ensure that your Atlassian server and cloud applications are supported and maintained within a solid Service Level Agreement.
As well as benefitting from seamless application upgrades, your team will gain access to our 24-hour user-friendly service desk for raising and tracking queries in a transparent way.
Each of our annual plans include a basic provision of support hours to cover your high priority needs. If you need additional help to set up, configure, and administer your Atlassian applications, you have the option to purchase extra 'bolt-on' support hours at competitive prices.
- Standard SLA: Monday - Friday, 09:00 - 17:00 GMT/BST
- Premium SLA: Monday - Friday, 08:00 - 20:00 GMT/BST
See https://www.newverveconsulting.com/services/support for more details.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||We provide a wide range of bespoke training and support. Atlassian also provides their own product documentation.|
|End-of-contract data extraction||
Full database and file-system backups in archived password-protected format.
These can be provided via jumpbox (SSH / key access) for download by the client.
All customer data will be securely transferred on request to the customer at the end of contract. Thereafter, New Verve Consulting may delete the customer data at its discretion.
The customer must discontinue use of the services and point its domain name(s) away from the managed services.
Following termination, New Verve Consulting will promptly provide to the customer copies of all relevant documentation related to the services, hand over to the customer all relevant passwords specific to the services provided to the customer, and provide the customer with assistance and information in transitioning the services in-house or to another 3rd party supplier.
All assistance and information provided in transitioning the services will be provided for free for a period of up to 30 days following termination, thereafter will be chargeable to the customer on a time and materials basis.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||There is a fully responsive version of the websites available on mobile. There are also apps available on Android and iOS.|
|Accessibility standards||None or don’t know|
|Description of accessibility||
Refer to https://www.atlassian.com/accessibility.
The VPAT and general Accessibility Statements for each of our products are available in digital format here:
|Accessibility testing||See previous question.|
|What users can and can't do using the API||There are public REST and Server APIs documented at https://developer.atlassian.com/|
|API documentation formats||HTML|
|API sandbox or test environment||No|
|Description of customisation||
Marketplace add-ons can be installed on request to expand / enhance the service.
Bespoke integrations can also be implemented on request.
All changes will be tested on a dedicated Staging environment prior to go-live and at additional cost.
|Independence of resources||Every customer gets their own independent application server which is scaled according to their needs. Application data is stored on a RDS instance and we can scale resources with load.|
|Service usage metrics||Yes|
Site statistics are available directly from the applications. Bespoke statistics and reporting are available via Marketplace add-ons and/or bespoke implementation work performed by New Verve Consulting.
- Through an API
- Real-time dashboards
- Regular reports
- Reports on request
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||Less than once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||Encryption of all physical media|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
Full data exports are available at the server-level on request as database exports and file-system dumps.
Content can be exported in CSV, HTML, and XML format directly from the applications.
|Data export formats||
|Other data export formats||
|Data import formats||CSV|
|Data protection between buyer and supplier networks||
|Other protection between networks||All components of the hosting infrastructure communicate over SSH-secured network connections and OAuth-authenticated application links. All servers reside within an Amazon Virtual Private Cloud (VPC) with a dedicated virtual firewall per server. All application servers are exposed to the Internet on port 443, allowing HTTPS access to the outside world. All SSH access is strictly controlled through the use of AWS security groups and EC2 key pairs.|
|Data protection within supplier network||
Availability and resilience
We offer service credits in respect of each calendar month during which the hosted services uptime is less than the monthly uptime percentages listed below. The credit percentage is based on monthly hosted services charges.
- Less than 99.9% but equal to or greater than 99.0%: 10%
- Less than 99.0%: 25%
|Approach to resilience||Available on request.|
|Outage reporting||A password protected dashboard for all planned and unplanned events. All components of the hosting infrastructure are monitored on an ongoing basis for performance, reliability & security metrics using Amazon CloudWatch. Email alerts are sent to pre-configured mailing lists accordingly.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||All access is based on individual user accounts with password protection. All SSH access is strictly controlled through the use of AWS security groups and EC2 key pairs.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||You control when users can access audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||Yes|
|Who accredited the ISO 28000:2007||EY CertifyPoint|
|ISO 28000:2007 accreditation date||November 18, 2010|
|What the ISO 28000:2007 doesn’t cover||See https://d1.awsstatic.com/certifications/iso_27001_global_certification.pdf|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||We have a formal policy in place for the business and it can be forwarded on request. It applies to all Partners, Employees and Suppliers to New Verve, contractual third parties and agents of New Verve who use New Verve IT facilities and equipment, or have access to, or custody of, customer information or New Verve Consulting information. Events and weaknesses must be reported at the earliest possible stage as they need to be assessed by the data protection officer (defined in a separate Data Protection Policy), who will identify from the information provided when a series of events or weaknesses have escalated to become an incident. All Information Security Events or Weaknesses are reported immediately using our JIRA ticketing system. If an event or weakness is detected, users immediately raise a JIRA ticket with Blocker priority in an internal JIRA project. We have a table which defines risk levels, typical incidents for each along with initial response times and ongoing response obligations. Our policy is governed internally and responsibilities are reviewed every 6 months.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Available on request.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||All application vulnerabilities are identified by Atlassian and forwarded to us. We provide our customers with written notice for all security updates. Once we identify the relevant security risk, we fully complete testing of any updates before rolling out to the customer's production environment according to the recommended and agreed schedule with the customer. Any security advisories issued by AWS are implemented as above.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Refer to Information Security Policy. Full processes available on request.|
|Incident management type||Supplier-defined controls|
|Incident management approach||Refer to Information security policy.|
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£100 per unit per month|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||
30 days free for a trial instance for < 50 users.
The trial instance excludes daily backups and monitoring.
|Pricing document||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|