New Verve Consulting

Atlassian Cloud - Annual Subscription

Atlassian Cloud delivers the power of collaborative tools such as Jira Software, Confluence, Bitbucket, and Bamboo. This service is hosted and delivered by Atlassian. As a delivery partner in Scotland, we can provide your annual subscriptions and value-add services via PO on payment terms.


  • Purchase Atlassian Cloud subscriptions via New Verve
  • 30-day payment terms via Purchase Order
  • Annual reminders
  • Jira Core, Jira Software, Jira Service Desk
  • Confluence
  • Bitbucket
  • Atlassian apps such as Portfolio for Jira
  • Marketplace Apps


  • Remove your procurement overhead
  • Procure via Purchase Order
  • Pay in GBP
  • Zero markup and minimal admin fee of 3.5%
  • Annual renewal reminders
  • Tier-based pricing
  • Discount equating to 2 months free on annualized basis


£10 per unit per month

Service documents


G-Cloud 11

Service ID

7 3 5 3 0 7 9 3 7 2 1 2 5 0 8


New Verve Consulting

Nigel Rochford


Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
Annual subscriptions must be purchased via an approved Atlassian Solution Partner such as New Verve.
System requirements
  • Microsoft Internet Explorer 11+
  • Microsoft Edge - latest stable version
  • Mozilla Firefox (all platforms) - latest stable version
  • Google Chrome (Windows and Mac)(3) - latest stable version
  • Safari (Mac) - latest stable version
  • Mobile Safari (iOS) - latest stable version
  • Android (Android) - the default browser on Android 4.0.3
  • Chrome (Android and iOS) - latest stable version

User support

Email or online ticketing support
Email or online ticketing
Support response times
We offer flexible SLAs. Our standard offerings are Standard and Premium. Standard = 9-5, Monday-Friday. Premium = 8-8, Monday-Friday. We provide weekend support at additional cost. Refer to our Maintenance and Support services for costs.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
We use Slack as our web chat tool. Accessibility was evaluated by Slack’s internal accessibility team, 3rd party accessibility firms, expert testers & assistive technology users. There is guidance online on how to use screen readers with the Slack desktop app -
Onsite support
Yes, at extra cost
Support levels
Refer to Maintenance and Support services listing for more details.

Our maintenance and support plans ensure that your Atlassian applications are supported within a solid Service Level Agreement. Your team will gain access to our 24-hour user-friendly service desk for raising and tracking queries in a transparent way. Each of our annual plans include a basic provision of support hours to cover your high priority needs. If you need additional help to set up, configure, and administer your Atlassian applications, you have the option to purchase extra 'bolt-on' support hours at competitive prices. - Standard SLA: Monday - Friday, 09:00 - 17:00 GMT/BST - Premium SLA: Monday - Friday, 08:00 - 20:00 GMT/BST Weekend support available at additional cost. See for more details.
Support available to third parties

Onboarding and offboarding

Getting started
User documentation is provided and included. Onsite training is provided at request and subject to additional charge.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Backups can be exported in XML format.
End-of-contract process
Only annual subscriptions to Atlassian Cloud are in scope for this service listing.

Additional consulting, professional services, support, training, migration, and all other services are additional cost.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Native mobile apps are available on the App Store and Google Play for Jira, Confluence, Trello. Refer to

Otherwise, all apps are accessed via a web browser with optimized versions of pages displayed automatically on mobile devices.
Service interface
What users can and can't do using the API
All of Atlassian's REST APIs are documented via

REST APIs can be used to build apps for the applications, develop integrations or script interactions with the applications. Full read/write capabilities are available.
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
Full admin control is available for power users for adjusting application and project settings, including workflows, processes, look and feel, security, user management etc. Additional Marketplace apps can be installed and configured to extend the native capabilities of the applications.


Independence of resources
Atlassian's cloud hosting infrastructure is designed to meet the product performance and reliability standards that global customers need.

Atlassian has extended its cloud hosting infrastructure to Ireland, Sydney and Singapore. European or APAC customers of Jira or Confluence Cloud will benefit from improved performance and other advantages of local data storage.

European and APAC Jira and Confluence cloud customers will experience improved product performance and reduced latency. That means, viewing issues in Jira and checking out pages in Confluence will be even faster.


Service usage metrics


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach
Refer to
Data sanitisation process
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Various native exports are available for exporting data - CSV and XML.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • Other
Other protection between networks
Dependent on customer needs.
Data protection within supplier network
Other protection within supplier network
Dependent on customer needs.

Availability and resilience

Guaranteed availability
There is currently no official uptime SLA agreement.

Priority support is available for Atlassian Cloud at additional cost. See here:
Approach to resilience
Platform-wide Availability and Redundancy is achieve via multiple geographically diverse data centers. Atlassian's resiliency practices are based on SOC2, ISO 27002 and ISO 22301. Key principles guiding the Disaster Recovery (DR) Program include:
- continual improvement. Atlassian strives to ensure our improvements to resiliency grows through operational efficiencies, automation, new technologies and proven practices.
- assurance through testing. With regularly scheduled testing and continual improvements, Atlassian are able to keep our DR Program at an optimum.
- dedicated resources. Atlassian has dedicated teams to ensure their customer-facing products get the attention they need to make the Disaster Program possible. Atlassian has people on the ground to support their steering committee, risk assessments, business impact analysis, and testing.

In addition, Atlassian's cloud infrastructure is implemented with industry-leading services such as Amazon Web Services, resulting in optimal performance with redundancy and failover options globally.
Outage reporting
Service availability status is published in real-time via

Identity and authentication

User authentication needed
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
All access is based on individual user accounts with password protection. There are various other options depending on customer requirements for restricting access - natively via the applications or via 3rd party Marketplace apps.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
EY Certify Point
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
The scope of the Management System is Atlassian Cloud offerings Jira Cloud, Confluence Cloud and Bitbucket Cloud including the micro services used to deliver these applications. Also Corporate functions including Legal, Talent, Policy, Privacy, Procurement, Risk & Compliance, Security, Workplace Experience and Workplace
Technology teams.

Excluded are any and all other Atlassian products, and micro services not supporting Jira Cloud, Confluence Cloud or Bitbucket Cloud. Also excluded are other Atlassian locations. Also excluded are other suppliers contracted by Atlassian.
ISO 28000:2007 certification
CSA STAR certification
CSA STAR accreditation date
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
All Atlassian applications other than Jira and Confluence Cloud, HipChat and Bitbucket Cloud offerings.
PCI certification
Who accredited the PCI DSS certification
QSA - compliant with PCI DSS v3.2, SAQ A
PCI DSS accreditation date
What the PCI DSS doesn’t cover
Any application other than Jira, Confluence, Bitbucket, Trello, Statuspage, Hipchat
Other security certifications
Any other security certifications
ISO/IEC 27018

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Available on request
Information security policies and processes
We have a formal policy in place for the business and it can be forwarded on request. It applies to all Partners, Employees and Suppliers to New Verve, contractual third parties and agents of New Verve who use New Verve IT facilities and equipment, or have access to, or custody of, customer information or New Verve Consulting information. Events and weaknesses must be reported at the earliest possible stage as they need to be assessed by the data protection officer (defined in a separate Data Protection Policy), who will identify from the information provided when a series of events or weaknesses have escalated to become an incident. All Information Security Events or Weaknesses are reported immediately using our JIRA ticketing system. If an event or weakness is detected, users immediately raise a JIRA ticket with Blocker priority in an internal JIRA project. We have a table which defines risk levels, typical incidents for each along with initial response times and ongoing response obligations. Our policy is governed internally and responsibilities are reviewed every 6 months.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Available on request
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
All application vulnerabilities are identified by Atlassian and forwarded to us. We provide our customers with written notice for all security updates. Once we identify the relevant security risk, we fully complete testing of any updates before rolling out to the customer's production environment according to the recommended and agreed schedule with the customer. Any security advisories issued by AWS are implemented as above.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Refer to Information Security Policy. Full processes available on request.
Incident management type
Supplier-defined controls
Incident management approach
Refer to Information security policy

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£10 per unit per month
Discount for educational organisations
Free trial available
Description of free trial
Limited to 7 days.
Link to free trial

Service documents

Return to top ↑