Data Security

Zephyr Scale is compliant with the Atlassian Security Program. Additionally, Zephyr Scale uses HTTPS for data encryption in transit and AWS mechanisms for encryption at rest.

Zephyr Scale is not SOC 2 compliant, however, we participate in and are compliant with the following programs owned by Atlassian:

Zephyr Scale uses HTTPS for data encryption in transit and AWS mechanisms for encryption at rest. The only exception is the storage of attachments which, although is protected by authorization mechanisms, files are not encrypted at rest.

We currently don’t conduct external audits of the app.

As we are compliant with the Atlassian Security Program, a self-assessment is updated and sent to Atlassian every year. This is a company-wide assessment, not per-product assessment.

Yes, more information is available on request.

We do have a Business Continuity Plan, and a Disaster Recovery Plan in place. We are fully hosted on AWS, which is 100% fault tolerant. Additionally, we have redundancies built in, to keep the application running in the event of an outage in the region. Our servers are backed up several times per day; the backup themselves are stored in a different location so that we do not have a single point of failure so we can recover from any outage.

Unfortunately, we do not have a backup mechanism on a per-client basis and do not provide downloadable backups in Zephyr Scale Cloud. We do generate multiple daily backups on our end (AWS) for disaster recovery purposes, but we cannot restore the backup or roll back the database for a single client, as we maintain backups for the whole database rather than per customer.

We are enrolled in the Bug Bounty program run by Bugcrowd as part of the Atlassian “Vendor Security Assessment” program. As part of the program security researchers pen test our application and report back all security vulnerabilities and we fix all the identified vulnerabilities as per the SLA’s setup by Atlassian for the program. If we continue to meet the requirements of the vendor security assessment program Atlassian confers a security badge on the app in the marketplace.

No personal data is stored inside Zephyr Scale. Zephyr Scale only stores user identifiers and any user information displayed in the app comes from Jira. However, we recommend users not to upload sensitive information.

SmartBear has an Information Security Policy. The ISMS is aligned with NIST CSF and CIS Controls. Please see IS 000 – Information Security Policy. Our privacy policy can be accessed on our website at smartbear.com/privacy.

No customer data is stored in Zephyr Scale’s database, but only identifiers including, but not limited to:

All data is encrypted in transit and at rest.

We don’t have any security relevant certificates yet.