Security

Last updated on 12 November 2024.

Protecting your data and ensuring the security of our platform is our highest priority. We understand the importance of trust and transparency when it comes to safeguarding your personal and business information. That’s why we’ve adopted the “Secure-by-Design” approach, building robust security measures into every layer of our application from the ground up.

Our Secure-by-Design approach

Safeguarding your data is our top priority. We adhere to the Secure-by-Design Foundations established by the Australian Cyber Security Centre (ACSC) to ensure robust security of our organisation and the software we create.

  1. Holistic secure organisation

    Security is a shared responsibility across our entire organisation. Our leadership champions a security-first culture, aligning business objectives with cybersecurity goals to protect your data effectively.

  2. Early and sustained security

    We integrate security considerations from the outset of our development process. By embedding security measures early, we proactively address potential threats and maintain vigilance throughout the product lifecycle. If a security issue is reported, we will resolve them according to Atlassian's Security Bug Fix Policy.

    We chose to build Remediator.app as a pure Forge App, with no external moving pieces. This choice has provided many benefits:

    • Data transfer: using the Jira REST API via Forge means data is only transferred between the user's browser and the Jira server. No intermediary servers or storage are used. Data remains on your instance unless you generate a report and download it to your computer.
    • Data storage/residency: all Remediator.app data is stored against your Jira issues and projects — matching the data residency preference that you specify. An added benefit is that your data will be backed up and restored along with everything else that Atlassian handles.
    • Access to your data: because none of the data leaves your instance there is no way for any of our staff or contractors, regardless of role, to access it.

  3. Secure product development

    Our development practices incorporate secure coding standards, regular code reviews, and threat modelling. This approach ensures that security is a fundamental aspect of our product design and implementation.

  4. Rigorous testing

    We conduct comprehensive testing, including vulnerability assessments and penetration testing, to identify and mitigate security risks before deployment. This thorough evaluation helps us deliver a secure and reliable platform.

  5. Continuous assurance

    Security is an ongoing commitment. We continuously monitor our systems, apply timely updates, and adapt to emerging threats to maintain a resilient security posture.

  6. Secure deprecation

    When decommissioning features or services, we follow secure deprecation practices to ensure that retired components do not pose security risks. This careful management protects your data even as our platform evolves.

By aligning with these Secure-by-Design Foundations, we strive to provide a platform that not only meets but exceeds industry security standards, ensuring your data remains protected at all times.