Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

SOC 2 Certifications Update

Overview

System and Organization Controls (SOC) Reports are independent third-party examination reports that provide detailed information and assurance about controls in place at service organizations. Refer to the AICPA for further details.

When outsourcing services, it is critical to verify that the service organization has effective internal controls in place. SOC Reports establish trust and confidence in a service organization by providing assurance their internal controls are designed and operating effectively.

To offer this assurance, Atlassian provides a SOC 2 report relevant to security and availability of the systems Atlassian uses to process users' data and the confidentiality of the information processed by these systems. These reports can be used to evaluate Atlassian systems or products and verify customer requirements are met for Security, Compliance, Internal Audit, Procurement, and other governance needs.

What Atlassian Products have SOC 2 Reports?

Atlassian has published new SOC 2 Type 2 report for Atlassian Cloud Products including Jira Cloud, Confluence Cloud, Atlas, Atlassian Analytics, Bitbucket Cloud, Bitbucket Pipelines, Compass, Data Lake, Forge, Jira Service Management, Jira Work Management, Jira Product Discovery, Opsgenie, Assets, Automation for Jira, Halp, Jira Align, Statuspage, and Trello.

When is the SOC 2 Report Published?

SOC 2 Type 2 audits are a review of control performance over a period of time. This means evidence for all controls throughout the period (which covers October 1st through September 30th) need to be evaluated, tested, and evidence (including samples for the entirety of the period) need to be reviewed.

There are many factors that impact the release of a new report, Atlassian begins our external audit at the start of September, and typically span two to three months dependent on the scope (Atlassian currently evaluates 19 products). Once the audit is completed, the report is prepared and made available to customers around end of  December or early January each year.

How long is the Atlassian SOC 2 report valid?

The reports are applicable for the following 12 months of the last report, when the next audit cycle once again begins.

Bridge Letter

Bridge Letters are used to “bridge the gap” between the end date of the most recently completed SOC 2 report and the date of the letter. Bridge letters typically don’t cover a period of more than three months, and usually state that there have been no significant changes to controls from the end of your reporting period (such as for Atlassian from October 1), or if there have been material changes, explaining what they were and providing assurance to customers that they wouldn't affect the results of your SOC 2 report.

Obtaining Atlassian’s Reports

The SOC 2 report (and bridge letter) can be downloaded from the Compliance Resource Center.

12 comments

Caio Covos January 13, 2025

Hi @Sanika Bhurke

I didn't find the bridge letter in the link mentioned above.
Can you help me with this?
I need coverage from October 1, 2024 until December 31, 2024

Sanika Bhurke
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 13, 2025

Hi @Caio Covos Thank you for reaching out. We plan to publish the Bridge Letter later this month. Thank you for your patience.

Please note that the link mentioned above is from previous year (Jan 2024). We plan on publishing the latest version of this blog for this year (Jan 2025). Please reach out if you have any further questions.

Regards,

Sanika

Like Simon Fishley likes this
Simon Fishley
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
January 21, 2025 edited

Hi Sanika

 

We are currently undergoing an audit and I am not able to produce Atlassian's bridge letter for the current period.

 

Are you able to provide and ETA for when it will be made available? It is quite urgent, we only have the auditors with us for 3 more days.

 

Thank you.

Like lhovismartin likes this
lhovismartin
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
January 22, 2025

We have a need to have the bridge letter too for our SOX audit.  Is there a clearer ETA I can communicate to the auditors?

Like 2 people like this
Claire Miller
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 23, 2025

Hello @Simon Fishley and @lhovismartin - the Bridge Letter is now live on our Compliance Resource Center. 

Like 3 people like this
lhovismartin
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
January 23, 2025

Awesome!  Thanks!

Kathryn Rose April 28, 2025

Hi @Claire Miller & @Sanika Bhurke - I am not able to find the Bridge Letter in the Compliance Resource Center. When I click on the Bridge Letter to download it, it re-displays the SOC 2 report which expires October 1, 2024, I need coverage through April 2025. Thank you in advance for helping me out. And please let me know if this is my own human error. 

Claire Miller
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 28, 2025

Hi @Kathryn Rose - From https://www.atlassian.com/trust/compliance/resources/soc2 you'll want to click on "Download SOC 2 Bridge Letter" from the left side. Once you agree to the NDA, scroll down and the Bridge Letter will be at the bottom of the reports available for download. I've attached a screenshot for your reference. 

Screenshot 2025-04-28 at 4.41.28 PM.png

Kathryn Rose April 29, 2025

Morning @Claire Miller , thank you for the quick response. When I follow your steps this is the PDF that opens - is this the Bridge Letter?

Screenshot 2025-04-29 085227.png

Claire Miller
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 2, 2025

Hi @Kathryn Rose thank you for flagging this, we've sorted out the PDFs on the back end and I've confirmed that the Bridge Letter is viewing correctly again. Can you please try downloading now? Thanks!

Kathryn Rose May 9, 2025

@Claire Miller thank you, thank you!

sunilamara
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
May 19, 2025

Hello @Claire Miller  I have downloaded the latest Soc2 bridge letter from https://www.atlassian.com/trust/compliance/resources/soc2 it still shows the period ending

September 30, 2024, we are looking for a letter which covers until end of March 2025.   Could you be able to provide the latest letter which shows the period until end of March 2025?

 

 

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events