Security Policy - Marketplace Apps

March 2024

Introduction

At Modus Create, we take information security very seriously. We are committed to protecting the confidentiality, integrity, and availability of our customers' data and ensuring that our applications (โ€œApps") are secure and reliable. This information security policy outlines the measures we take to protect our customers' data and ensure the security of our Apps.

Information Security Responsibilities

All employees, contractors, and third-party vendors involved in the development, deployment, and maintenance of Atlassian Marketplace applications are responsible for ensuring the security and confidentiality of the information they handle. This includes, but is not limited to:

  • protecting customer information and data from unauthorized access, disclosure, alteration, or destruction.
  • following secure coding practices, including using secure coding frameworks and libraries, and testing applications for security vulnerabilities.
  • using secure communication protocols, such as TLS, when transmitting sensitive data.
  • regularly monitoring the security of applications and promptly addressing any identified vulnerabilities.
  • complying with applicable laws, regulations, and industry standards related to information security.

Information Security Management System (ISMS)

We have established an Information Security Management System (ISMS) that includes policies, procedures, and controls to ensure the confidentiality, integrity, and availability of our customers' data. Our ISMS is based on the ISO 27001 standard and includes the following components:

  1. Risk management: We identify, assess, and manage risks to the security of our Apps and our customers' data.
  2. Access control: We implement appropriate access controls to ensure that only authorized personnel can access our systems and data.
  3. Information security awareness and training: We provide information security awareness and training to all our employees to ensure they understand their roles and responsibilities in protecting our customers' data.
  4. Incident management: We have a documented incident management process to ensure that we can respond to security incidents quickly and effectively.
  5. Security testing: We perform regular security testing of our Apps to identify and remediate vulnerabilities.
  6. Compliance: We comply with all relevant laws, regulations, and industry standards relating to information security.

Data Protection

We take appropriate technical and organizational measures to protect our customers' data from unauthorized access, alteration, or destruction. This includes, but is not limited to, the following measures:

  1. Encryption: We use encryption to protect data both in transit and at rest.
  2. Access controls: We implement appropriate access controls to ensure that only authorized personnel can access our customers' data.
  3. Backup and disaster recovery: We have robust backup and disaster recovery processes in place to ensure that our customers' data is protected in the event of a data loss or disaster.
  4. Data retention: We only retain customer data for as long as necessary to provide our services and comply with applicable legal requirements.

Incident Management

In the event of a security incident, our employees, contractors, and third-party vendors follow the incident response plan. This includes:

  • reporting incidents to the appropriate personnel as soon as possible.
  • containing and mitigating the incident to prevent further damage.
  • investigating the incident to determine the root cause and extent of the breach.
  • notifying the parties affected as necessary to comply with the law or regulations

Third-Party Security

We only use third-party vendors who meet our high standards for information security. We require all third-party vendors to undergo a third-party security evaluation and sign an agreement that includes appropriate security measures.

Conclusion

At Modus Create, we are committed to providing secure and reliable Apps to our customers. We regularly review and update our information security policies and procedures to ensure that we are providing the highest level of security possible. If you have any questions about our information security policy, please contact us.