New Verve Consulting

Atlassian Cloud - Annual Subscription

Atlassian Cloud delivers the power of collaborative tools such as Jira Software, Confluence, Bitbucket, and Bamboo. This service is hosted and delivered by Atlassian. As a delivery partner in Scotland, we can provide your annual subscriptions and value-add services via PO on payment terms.


  • Purchase Atlassian Cloud subscriptions via New Verve
  • 30-day payment terms via Purchase Order
  • Annual reminders
  • Jira Core, Jira Software, Jira Service Desk
  • Confluence
  • Bitbucket
  • Atlassian apps such as Portfolio for Jira
  • Marketplace Apps


  • Remove your procurement overhead
  • Procure via Purchase Order
  • Pay in GBP
  • Zero markup and minimal admin fee of 3.5%
  • Annual renewal reminders
  • Tier-based pricing
  • Discount equating to 2 months free on annualized basis


£10 per unit per month

Service documents

G-Cloud 11


New Verve Consulting

Nigel Rochford


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Annual subscriptions must be purchased via an approved Atlassian Solution Partner such as New Verve.
System requirements
  • Microsoft Internet Explorer 11+
  • Microsoft Edge - latest stable version
  • Mozilla Firefox (all platforms) - latest stable version
  • Google Chrome (Windows and Mac)(3) - latest stable version
  • Safari (Mac) - latest stable version
  • Mobile Safari (iOS) - latest stable version
  • Android (Android) - the default browser on Android 4.0.3
  • Chrome (Android and iOS) - latest stable version

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We offer flexible SLAs. Our standard offerings are Standard and Premium. Standard = 9-5, Monday-Friday. Premium = 8-8, Monday-Friday. We provide weekend support at additional cost. Refer to our Maintenance and Support services for costs.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.1 AA or EN 301 549
Web chat accessibility testing We use Slack as our web chat tool. Accessibility was evaluated by Slack’s internal accessibility team, 3rd party accessibility firms, expert testers & assistive technology users. There is guidance online on how to use screen readers with the Slack desktop app -
Onsite support Yes, at extra cost
Support levels Refer to Maintenance and Support services listing for more details.

Our maintenance and support plans ensure that your Atlassian applications are supported within a solid Service Level Agreement. Your team will gain access to our 24-hour user-friendly service desk for raising and tracking queries in a transparent way. Each of our annual plans include a basic provision of support hours to cover your high priority needs. If you need additional help to set up, configure, and administer your Atlassian applications, you have the option to purchase extra 'bolt-on' support hours at competitive prices. - Standard SLA: Monday - Friday, 09:00 - 17:00 GMT/BST - Premium SLA: Monday - Friday, 08:00 - 20:00 GMT/BST Weekend support available at additional cost. See for more details.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started User documentation is provided and included. Onsite training is provided at request and subject to additional charge.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Backups can be exported in XML format.
End-of-contract process Only annual subscriptions to Atlassian Cloud are in scope for this service listing.

Additional consulting, professional services, support, training, migration, and all other services are additional cost.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Native mobile apps are available on the App Store and Google Play for Jira, Confluence, Trello. Refer to

Otherwise, all apps are accessed via a web browser with optimized versions of pages displayed automatically on mobile devices.
Service interface No
What users can and can't do using the API All of Atlassian's REST APIs are documented via

REST APIs can be used to build apps for the applications, develop integrations or script interactions with the applications. Full read/write capabilities are available.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation Full admin control is available for power users for adjusting application and project settings, including workflows, processes, look and feel, security, user management etc. Additional Marketplace apps can be installed and configured to extend the native capabilities of the applications.


Independence of resources Atlassian's cloud hosting infrastructure is designed to meet the product performance and reliability standards that global customers need.

Atlassian has extended its cloud hosting infrastructure to Ireland, Sydney and Singapore. European or APAC customers of Jira or Confluence Cloud will benefit from improved performance and other advantages of local data storage.

European and APAC Jira and Confluence cloud customers will experience improved product performance and reduced latency. That means, viewing issues in Jira and checking out pages in Confluence will be even faster.


Service usage metrics No


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Atlassian

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach Refer to
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Various native exports are available for exporting data - CSV and XML.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • Other
Other protection between networks Dependent on customer needs.
Data protection within supplier network Other
Other protection within supplier network Dependent on customer needs.

Availability and resilience

Availability and resilience
Guaranteed availability There is currently no official uptime SLA agreement.

Priority support is available for Atlassian Cloud at additional cost. See here:
Approach to resilience Platform-wide Availability and Redundancy is achieve via multiple geographically diverse data centers. Atlassian's resiliency practices are based on SOC2, ISO 27002 and ISO 22301. Key principles guiding the Disaster Recovery (DR) Program include:
- continual improvement. Atlassian strives to ensure our improvements to resiliency grows through operational efficiencies, automation, new technologies and proven practices.
- assurance through testing. With regularly scheduled testing and continual improvements, Atlassian are able to keep our DR Program at an optimum.
- dedicated resources. Atlassian has dedicated teams to ensure their customer-facing products get the attention they need to make the Disaster Program possible. Atlassian has people on the ground to support their steering committee, risk assessments, business impact analysis, and testing.

In addition, Atlassian's cloud infrastructure is implemented with industry-leading services such as Amazon Web Services, resulting in optimal performance with redundancy and failover options globally.
Outage reporting Service availability status is published in real-time via

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels All access is based on individual user accounts with password protection. There are various other options depending on customer requirements for restricting access - natively via the applications or via 3rd party Marketplace apps.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 EY Certify Point
ISO/IEC 27001 accreditation date 23/01/2019
What the ISO/IEC 27001 doesn’t cover The scope of the Management System is Atlassian Cloud offerings Jira Cloud, Confluence Cloud and Bitbucket Cloud including the micro services used to deliver these applications. Also Corporate functions including Legal, Talent, Policy, Privacy, Procurement, Risk & Compliance, Security, Workplace Experience and Workplace
Technology teams.

Excluded are any and all other Atlassian products, and micro services not supporting Jira Cloud, Confluence Cloud or Bitbucket Cloud. Also excluded are other Atlassian locations. Also excluded are other suppliers contracted by Atlassian.
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 06/03/2019
CSA STAR certification level Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover All Atlassian applications other than Jira and Confluence Cloud, HipChat and Bitbucket Cloud offerings.
PCI certification Yes
Who accredited the PCI DSS certification QSA - compliant with PCI DSS v3.2, SAQ A
PCI DSS accreditation date 01/06/2018
What the PCI DSS doesn’t cover Any application other than Jira, Confluence, Bitbucket, Trello, Statuspage, Hipchat
Other security certifications Yes
Any other security certifications ISO/IEC 27018

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Available on request
Information security policies and processes We have a formal policy in place for the business and it can be forwarded on request. It applies to all Partners, Employees and Suppliers to New Verve, contractual third parties and agents of New Verve who use New Verve IT facilities and equipment, or have access to, or custody of, customer information or New Verve Consulting information. Events and weaknesses must be reported at the earliest possible stage as they need to be assessed by the data protection officer (defined in a separate Data Protection Policy), who will identify from the information provided when a series of events or weaknesses have escalated to become an incident. All Information Security Events or Weaknesses are reported immediately using our JIRA ticketing system. If an event or weakness is detected, users immediately raise a JIRA ticket with Blocker priority in an internal JIRA project. We have a table which defines risk levels, typical incidents for each along with initial response times and ongoing response obligations. Our policy is governed internally and responsibilities are reviewed every 6 months.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Available on request
Vulnerability management type Supplier-defined controls
Vulnerability management approach All application vulnerabilities are identified by Atlassian and forwarded to us. We provide our customers with written notice for all security updates. Once we identify the relevant security risk, we fully complete testing of any updates before rolling out to the customer's production environment according to the recommended and agreed schedule with the customer. Any security advisories issued by AWS are implemented as above.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Refer to Information Security Policy. Full processes available on request.
Incident management type Supplier-defined controls
Incident management approach Refer to Information security policy

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £10 per unit per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Limited to 7 days.
Link to free trial

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑