Security Policy

Owned by Easy for Jira
Last updated: Jul 20, 2024
2 min read

Security Policy for Default Descriptions for Jira Create Screen

  1. Introduction

This security policy outlines the measures and protocols implemented to ensure the security and integrity of the Default Descriptions for Jira Create Screen app. Our app is designed to create and manage issue default descriptions, pre-populating the description field when a user is about to create an issue. The app operates within Atlassian Forge and is hosted inside each Jira instance, ensuring compartmentalization between customers.

 

  1. Data Handling

Types of Data Handled:

  • The app handles only strings, specifically the templates used for issue descriptions.

Data Encryption:

  • Given the nature of the data handled (non-sensitive string templates), encryption is not required.

 

  1. Access Control

Data Access:

  • Data access is limited to the operational scope within each Jira instance. The app does not require role-based access controls (RBAC) due to the simplicity and non-sensitive nature of the data.

Authentication and Authorization:

  • Authentication and authorization are managed by Jira's built-in security mechanisms.

 

  1. Network Security

Hosting Environment:

  • The app is hosted inside each Jira instance, leveraging Jira's network security protocols, including firewalls and secure communication channels.

 

  1. Application Security

Security Measures:

  • The app follows best practices for secure coding, including input validation and proper error handling to prevent common vulnerabilities.

Third-Party Libraries:

  • The app relies on Atlassian Forge, which ensures that dependencies are up-to-date and secure.

 

  1. Operational Security

Security Audits:

  • Security audits are conducted periodically as part of the development and deployment process within the Atlassian Forge environment.

Patch Management:

  • Patches and updates are managed in accordance with Atlassian Forge's policies and schedules.

Incident Detection and Response:

  • Any security incidents are detected and managed through Atlassian Forge's incident response protocols.

 

  1. User Security

User Training:

  • Users are encouraged to follow Jira’s security guidelines and best practices for maintaining secure environments.

 

  1. Compliance and Legal

Compliance Requirements:

  • The app complies with Atlassian’s security standards and policies. There are no additional industry-specific compliance requirements.

Legal Measures:

  • Legal measures for protecting the app and its data are covered under Atlassian's terms of service and user agreements.

 

  1. Backup and Recovery

Backup Procedures:

  • Backup and recovery procedures are managed by Atlassian, ensuring data integrity and availability.

 

10. Continuous Improvement

Review and Improvement:

  • Security practices are reviewed periodically and improved based on feedback and evolving security landscapes. Metrics and KPIs are used to measure the effectiveness of security policies and protocols.

 

11. Contact Information

For any questions or concerns regarding this security policy, please contact us via email:
easyforjira@protonmail.com

Easy for Jira - Python Automations, 2023