Skip to main content

Security and Compliance Policy

Updated: January 2025

Overview

This document outlines the security and compliance policies for the JupiterOne-Jira Integration Application, ensuring that all customer data and system operations are protected and meet standard compliance requirements.

Security Governance

We maintain a robust security governance framework that includes regular risk assessments, monitoring, and continuous improvement efforts to mitigate threats to the JupiterOne-Jira Integration Application.

Access Control

  • User Authentication: Access to the Jira JupiterOne Application is done via the JIRA Authentication.
  • Role-Based Access Control (RBAC): All users with Jira admin access to the project are granted access to the application based on their roles.
  • Session Management: By default, session timeout is the same as Jira session timeout

Data Protection

  • Data Encryption: All sensitive data is encrypted using in-built methods of JIRA Storage
  • Data Minimization: We adhere to the data minimization principle, collecting only the necessary information required for Jira integration and compliance monitoring.
  • Backup and Recovery: Customers are responsible for backing up state data on the JupiterOne-Jira Integration Application Platform. The Application provides a reflection of Customer Data from Jupiterone and should not serve as the system of record for any novel Customer Data.

Continuous Improvement

We are committed to continuous improvement and the adaptation of new security measures in line with evolving industry best practices. Periodic security reviews and internal audits are conducted to ensure compliance with current standards.

Data Subject Rights

Data Access: Customers can request a copy of all data stored within the Jira JupiterOne Application at any time. Since the app is hosted in JIRA Server itself, this data can be obtained with the collaboration of JIRA Support

Training and Awareness

We conduct regular security and compliance training for all employees and contractors involved in the development, deployment, and maintenance of the Jira JupiterOne Application. Security best practices and compliance obligations are embedded into the onboarding and ongoing training programs.

Review and Updates

This policy is reviewed annually or whenever there are significant changes in regulations, technology, or organizational structure. Updates to the policy will be communicated to all users.

Contact Us

If you have questions about this Policy, please contact us at support@jupiterone.com.

Contents