Atlassian Cloud - Annual Subscription
Atlassian Cloud delivers the power of collaborative tools such as Jira Software, Confluence, Bitbucket, and Bamboo. This service is hosted and delivered by Atlassian. As a delivery partner in Scotland, we can provide your annual subscriptions and value-add services via PO on payment terms.
- Purchase Atlassian Cloud subscriptions via New Verve
- 30-day payment terms via Purchase Order
- Annual reminders
- Jira Core, Jira Software, Jira Service Desk
- Atlassian apps such as Portfolio for Jira
- Marketplace Apps
- Remove your procurement overhead
- Procure via Purchase Order
- Pay in GBP
- Zero markup and minimal admin fee of 3.5%
- Annual renewal reminders
- Tier-based pricing
- Discount equating to 2 months free on annualized basis
£10 per unit per month
New Verve Consulting
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Service constraints||Annual subscriptions must be purchased via an approved Atlassian Solution Partner such as New Verve.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||We offer flexible SLAs. Our standard offerings are Standard and Premium. Standard = 9-5, Monday-Friday. Premium = 8-8, Monday-Friday. We provide weekend support at additional cost. Refer to our Maintenance and Support services for costs.|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.1 AA or EN 301 549|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||Web chat|
|Web chat support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support accessibility standard||WCAG 2.1 AA or EN 301 549|
|Web chat accessibility testing||We use Slack as our web chat tool. Accessibility was evaluated by Slack’s internal accessibility team, 3rd party accessibility firms, expert testers & assistive technology users. There is guidance online on how to use screen readers with the Slack desktop app - https://get.slack.help/hc/en-us/articles/360000411963-Use-a-screen-reader-with-Slack-s-desktop-app.|
|Onsite support||Yes, at extra cost|
Refer to Maintenance and Support services listing for more details.
Our maintenance and support plans ensure that your Atlassian applications are supported within a solid Service Level Agreement. Your team will gain access to our 24-hour user-friendly service desk for raising and tracking queries in a transparent way. Each of our annual plans include a basic provision of support hours to cover your high priority needs. If you need additional help to set up, configure, and administer your Atlassian applications, you have the option to purchase extra 'bolt-on' support hours at competitive prices. - Standard SLA: Monday - Friday, 09:00 - 17:00 GMT/BST - Premium SLA: Monday - Friday, 08:00 - 20:00 GMT/BST Weekend support available at additional cost. See https://www.newverveconsulting.com/services/support for more details.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||User documentation is provided and included. Onsite training is provided at request and subject to additional charge.|
|End-of-contract data extraction||Backups can be exported in XML format.|
Only annual subscriptions to Atlassian Cloud are in scope for this service listing.
Additional consulting, professional services, support, training, migration, and all other services are additional cost.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
Native mobile apps are available on the App Store and Google Play for Jira, Confluence, Trello. Refer to https://www.atlassian.com/mobile.
Otherwise, all apps are accessed via a web browser with optimized versions of pages displayed automatically on mobile devices.
|What users can and can't do using the API||
All of Atlassian's REST APIs are documented via https://developer.atlassian.com.
REST APIs can be used to build apps for the applications, develop integrations or script interactions with the applications. Full read/write capabilities are available.
|API documentation formats||
|API sandbox or test environment||No|
|Description of customisation||Full admin control is available for power users for adjusting application and project settings, including workflows, processes, look and feel, security, user management etc. Additional Marketplace apps can be installed and configured to extend the native capabilities of the applications.|
|Independence of resources||
Atlassian's cloud hosting infrastructure is designed to meet the product performance and reliability standards that global customers need.
Atlassian has extended its cloud hosting infrastructure to Ireland, Sydney and Singapore. European or APAC customers of Jira or Confluence Cloud will benefit from improved performance and other advantages of local data storage.
European and APAC Jira and Confluence cloud customers will experience improved product performance and reduced latency. That means, viewing issues in Jira and checking out pages in Confluence will be even faster.
|Service usage metrics||No|
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||Atlassian|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||In-house|
|Protecting data at rest||
|Other data at rest protection approach||Refer to https://www.atlassian.com/trust/security/security-practices|
|Data sanitisation process||No|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||Various native exports are available for exporting data - CSV and XML.|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||XML|
|Data protection between buyer and supplier networks||
|Other protection between networks||Dependent on customer needs.|
|Data protection within supplier network||Other|
|Other protection within supplier network||Dependent on customer needs.|
Availability and resilience
There is currently no official uptime SLA agreement.
Priority support is available for Atlassian Cloud at additional cost. See here: https://confluence.atlassian.com/support/atlassian-support-offerings-193299636.html.
|Approach to resilience||
Platform-wide Availability and Redundancy is achieve via multiple geographically diverse data centers. Atlassian's resiliency practices are based on SOC2, ISO 27002 and ISO 22301. Key principles guiding the Disaster Recovery (DR) Program include:
- continual improvement. Atlassian strives to ensure our improvements to resiliency grows through operational efficiencies, automation, new technologies and proven practices.
- assurance through testing. With regularly scheduled testing and continual improvements, Atlassian are able to keep our DR Program at an optimum.
- dedicated resources. Atlassian has dedicated teams to ensure their customer-facing products get the attention they need to make the Disaster Program possible. Atlassian has people on the ground to support their steering committee, risk assessments, business impact analysis, and testing.
In addition, Atlassian's cloud infrastructure is implemented with industry-leading services such as Amazon Web Services, resulting in optimal performance with redundancy and failover options globally.
|Outage reporting||Service availability status is published in real-time via status.atlassian.com|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||All access is based on individual user accounts with password protection. There are various other options depending on customer requirements for restricting access - natively via the applications or via 3rd party Marketplace apps.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||Between 6 months and 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||Between 6 months and 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||EY Certify Point|
|ISO/IEC 27001 accreditation date||23/01/2019|
|What the ISO/IEC 27001 doesn’t cover||
The scope of the Management System is Atlassian Cloud offerings Jira Cloud, Confluence Cloud and Bitbucket Cloud including the micro services used to deliver these applications. Also Corporate functions including Legal, Talent, Policy, Privacy, Procurement, Risk & Compliance, Security, Workplace Experience and Workplace
Excluded are any and all other Atlassian products, and micro services not supporting Jira Cloud, Confluence Cloud or Bitbucket Cloud. Also excluded are other Atlassian locations. Also excluded are other suppliers contracted by Atlassian.
|ISO 28000:2007 certification||No|
|CSA STAR certification||Yes|
|CSA STAR accreditation date||06/03/2019|
|CSA STAR certification level||Level 1: CSA STAR Self-Assessment|
|What the CSA STAR doesn’t cover||All Atlassian applications other than Jira and Confluence Cloud, HipChat and Bitbucket Cloud offerings.|
|Who accredited the PCI DSS certification||QSA - compliant with PCI DSS v3.2, SAQ A|
|PCI DSS accreditation date||01/06/2018|
|What the PCI DSS doesn’t cover||Any application other than Jira, Confluence, Bitbucket, Trello, Statuspage, Hipchat|
|Other security certifications||Yes|
|Any other security certifications||ISO/IEC 27018|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||Available on request|
|Information security policies and processes||We have a formal policy in place for the business and it can be forwarded on request. It applies to all Partners, Employees and Suppliers to New Verve, contractual third parties and agents of New Verve who use New Verve IT facilities and equipment, or have access to, or custody of, customer information or New Verve Consulting information. Events and weaknesses must be reported at the earliest possible stage as they need to be assessed by the data protection officer (defined in a separate Data Protection Policy), who will identify from the information provided when a series of events or weaknesses have escalated to become an incident. All Information Security Events or Weaknesses are reported immediately using our JIRA ticketing system. If an event or weakness is detected, users immediately raise a JIRA ticket with Blocker priority in an internal JIRA project. We have a table which defines risk levels, typical incidents for each along with initial response times and ongoing response obligations. Our policy is governed internally and responsibilities are reviewed every 6 months.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Available on request|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||All application vulnerabilities are identified by Atlassian and forwarded to us. We provide our customers with written notice for all security updates. Once we identify the relevant security risk, we fully complete testing of any updates before rolling out to the customer's production environment according to the recommended and agreed schedule with the customer. Any security advisories issued by AWS are implemented as above.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Refer to Information Security Policy. Full processes available on request.|
|Incident management type||Supplier-defined controls|
|Incident management approach||Refer to Information security policy|
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£10 per unit per month|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||Limited to 7 days.|
|Link to free trial||https://www.atlassian.com/try|