Security Policy for 3+ Level Cascade Fields
- Thiago Manini
Introduction
This document details the measures and protocols available to ensure the security and integrity of the 3+ Level Cascade Fields app. The app enables its users to create cascade fields with three or more levels of specification within Jira. It operates within Atlassian Forge and is hosted within each Jira instance, ensuring compartmentalization between customers.
Data Handling
The data processed within the app is stored in Atlassian Storage. No data is transmitted outside of Atlassian's Cloud environment. The only method to extract data from the app from outside Jira is using the available endpoints. These endpoints function exclusively with the provided API Key.
Since Atlassian Storage is a product managed by Atlassian and operates within Atlassian's Cloud, its Information Security Management Policies (ISMP) are governed by the guidelines outlined in Atlassian's data protection whitepaper. More details about this can be found in Atlassian’s Data Protection Page.
Access Control
Data Access
Access to data is restricted to the operational scope of each Jira instance. The data within the fields created by the app is accessible to users as per the project access permissions assigned to each user.
Authentication and Authorization
Authentication and authorization are handled by the native security mechanisms provided by Atlassian and Jira.
Network Security
The app is securely hosted within each Jira instance, utilizing Atlassian's network security protocols. This includes the implementation of advanced firewalls, secure communication channels, and encryption mechanisms to ensure data confidentiality and integrity.
Application Security
The app to follows the best practices for secure coding. This involves comprehensive input validation, sanitization, and proper error handling to mitigate common vulnerabilities such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF). Regular code reviews and automated security testing are conducted to identify and address potential security flaws proactively.
With Atlassian Forge as a foundational platform, the app benefits from continuous security updates and dependency management. This ensures that all third-party libraries and dependencies remain current and free from known security vulnerabilities, enhancing the overall app security.
Operational Security
Security Audits
Periodic security audits are an integral part of the development and deployment lifecycle within the Atlassian Forge environment. These audits involve thorough assessments of the app’s security posture, including vulnerability scanning, penetration testing, and compliance checks to ensure adherence to industry standards and best practices.
Incident Detection and Response
Any security incidents are detected and managed through Atlassian Forge's incident response protocols.
User Security
Users are encouraged to follow Jira’s security guidelines and best practices for maintaining secure environments.
Compliance and Legal
The app is fully compliant with Atlassian’s security standards and policies. While there are no additional industry-specific compliance requirements, ongoing reviews ensure that the app meets all relevant regulatory and compliance mandates.
Legal Measures
Legal measures for safeguarding the app and its data are covered under Atlassian's terms of service and user agreements. This includes data protection, privacy policies, and adherence to legal obligations, ensuring robust legal protection for all stakeholders.
Backup and Recovery
Atlassian manages all backup and recovery procedures, guaranteeing data integrity and availability. Regular automated backups, coupled with recovery processes, ensure that data can be restored in the event of data loss or corruption, minimizing downtime and operational disruption.
Contact Information
For any questions or concerns regarding this security policy, please contact us via email: <INSERT_HERE_EMAIL>