BaFin compliance: Atlassian achieves next major milestone in Cloud Compliance

Atlassian is making an EU Financial Services Addendum available to European financial services customers (banking, insurances etc.).
03.12.2021
Tags

Atlassian is making an EU Financial Services Addendum (“EU FSA”) available to European financial services customers (banking, insurances etc.). This is great news for banks and insurance companies because by signing an EU FSA, Atlassian will be able to deliver compliance with EBA and BaFin outsourcing regulations. To benefit from this, Atlassian customers need to meet a few requirements. You can learn more in this blog post. But feel free to contact us as well.





How do we get there and what does it mean?

Since the announcement of retiring Server kreuzwerker has worked closely with Atlassian to achieve a compliant Cloud application landscape that can be used by all of our customers - including those in highly regulated environments.

Atlassian just announced the release of an updated DPA (data processing addendum) incorporating standard contract clauses in September following an announcement on the Schrems II ruling.

If you haven’t switched to the new DPA you might want to take action to take advantage of the new DPA - existing DPAs remain compliant until December 27th, 2022.

After shipping Data Residency controls for customers in the EU across all paid plans and announcing an EAP for selective bring-your-own-key encryption Atlassian now announced the availability of their wider financial services industry compliance for Europe (EBA), Germany (BaFin), the US and Australia.

Why is BaFin compliance a milestone?

Financial services institutions that operate in the European Economic Area (“EEA”) are regulated by the European Banking Authority (“EBA”). National authorities may impose additional or more detailed requirements on their financial services institutions on top of those provided by EBA on the regional level: the German Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht or “BaFin”) is one of the strictest and most demanding national regulatory authorities.

The EBA has issued the EBA Guidelines on outsourcing arrangements (“EBA Guidelines”), which is the primary regulation regarding the procurement of Cloud services by financial services institutions in the EEA. The German regulator BaFin has issued its own Guidance on outsourcing to cloud service providers (“BaFin Guidance”), that financial institutions operating in Germany have to abide by.

Atlassian’s EU Financial Services Addendum (“EU FSA”) has been implemented to be equally applicable to the EBA Guidelines and the BaFin Guidance.

The EU Financial Services Addendum covers Jira Software Cloud, Jira Services Management Cloud, Confluence Cloud and Jira Align Cloud in the Enterprise Plan - at the time of writing Standard or Premium version of the Cloud Product are not covered.

What is the EU FSA and why do I need it?

The EU FSA provides our customers with additional terms and conditions to ensure compliance with EBA guidelines and BaFin guidelines. As mentioned above: This is required to migrate these Atlassian instances to the cloud. When a customer enters into an EU FSA with Atlassian, Atlassian provides them with the following additional rights:

  • Comprehensive audit rights for the customer and their auditors and regulators, at the Atlassian level and downstream for our key service provider AWS;
  • Enhanced record-keeping and reporting obligations for Atlassian;
  • Commitment by Atlassian to cooperate with the customer’s regulators;
  • Continuity of service following bankruptcy or termination.

The EU FSA provides customers with the level of oversight and supervision over Atlassian’s cloud products required by the EBA guidelines and BaFin guidelines. If you want to learn more about the new EU Financial Services Addendum, check out the updated page in the Atlassian Trust Center , here specifically for the financial industry or simply reach out to leverage the EU FSA.

You want to know more? Get in contact!

You think you aren’t ready to move to Cloud? This assumption may now be outdated. We have helped many banks, insurers and other highly regulated companies make better-informed decisions. As an Atlassian Platinum Solution Partner, we are offering Cloud Migration and Compliance Assessments to identify potential roadblocks and unblock your path to Atlassian Cloud. In order to be able to guide you on your journey to the Cloud, we work closely with Atlassian.