Frequently Asked Questions
I thought the Atlassian products were designed specifically for software development. My GRC concerns are much larger than just the development process. Can these tools be applied to non-development processes?
The Atlassian tools are utilized in all types of industries and can be applied to all different types of business problems. For example, Isos has adapted the Atlassian products to manufacturing processes that are highly regulated by the FAA. The Atlassian platform is highly customizable, and can be designed to model business processes and documentation requirements in an auditable and repeatable way. This customization generally does not require specialized programming or scripting. It’s all based on the powerful JIRA workflow engine and Confluence’s templating abilities. dictum et.
Strategically, there are two main concerns in any GRC implementation:
Structured evidence of compliance
This usually resides in JIRA and is information about:
- What has changed/moved
- When did the change happen
- Who performed the change
- Who authorized the change
- What workflow was used
Basically It is the creation of repeatable and auditable processes.
Unstructured evidence of compliance
This usually resides in Confluence and includes the narrative around decisions related to compliance issues (i.e. why have specific processes been implemented, accompanying explanations, etc.). Transitioning this information back into a structured work model will complete a full-cycle feedback loop.
Tactically, the Atlassian tools can be used in your GRC processes to:
- Provide a long-term historical record that is easily reproducible for the legal team/compliance officer/auditor.
- Deliver realtime monitoring of GRC processes and alert on any compliance deviations or concerns.
- Predict and forecast future GRC requirements, bottlenecks, negative trends, and potential issues.
Everything you do in JIRA and Confluence is completely logged and traceable. The Atlassian products have powerful reporting engines and tools to create artifacts for your GRC needs.
The Atlassian platform has been successfully deployed in some of the most highly-regulated environments, from the Department of Defense to the world’s largest banks. But this deployment didn’t just magically happen…these organizations needed experts to navigate the waters and help implement the tools in a way that optimizes GRC processes and ensures compliance. This is where Isos Technology enters the equation. We can step in and help companies of any size with a full-scale rollout of Atlassian products that is both efficient and compliant.
Yes. The Atlassian platform is fully extensible and already integrates with many enterprise solutions. And if an integration is needed, our team has many tools at their disposal to create one where it’s needed.
- Marketplace – Atlassian has the world’s second largest marketplace for third-party integrations, just behind Salesforce. There are hundreds of add-ons available that are professionally supported and built on the Atlassian tools foundation.
- Webhooks – The Atlassian products can broadcast and consume Webhooks during various stages of the GRC process.
- API – To integrate with legacy solutions or not widely available solutions, the Atlassian suite has a full Java and REST API available. The API has always been a core part of the platform and has been a first-class citizen since the products were first introduced.
Yes. The configuration controls and security model in the Atlassian tools are fine-grained, limiting the editing and visibility of processes and documents to only the appropriate audiences.
Yes. This is a key aspect of any GRC process and it is easily achievable within the Atlassian tools.