Data classification: The difference between internal data and customer data
We distinguish between data we collect and store and data that customers store on the systems we run for them.
We distinguish between data we ourselves collect and store in the context of our daily work (internal data), and data held in dedicated customer systems in connection with the provision of a service (operation of Atlassian applications), but which we do not otherwise use (customer data). Although all internal information pertaining to customers that we store in CRM, ERP, accounting and invoicing systems or in emails, chats, wikis or ordering software is also data that contains customer information in a broader sense, this information is processed together with purely internal data and is therefore classified as “internal data”.
Since we classify customer data as requiring a higher level of protection, the implemented level of security when customers share information with us in the dedicated customer systems is also higher than if the information is processed in our systems (e.g. emails, Extranet, Jira order processing). We make this difference as clear and transparent to customers as possible, and if customers ask us to work in the higher-security customer systems we respect that, even if it means in limitations for us. Depending on the situation, team and composition, it may be necessary to store specific information on our systems to ensure that processes run smoothly. We always flag these situations in advance and explain the background.
Usability vs. security
An essential guiding principle in how we do business is with the conscious balancing between practical and simple (usability) and highly secure. We try to use technology to simultaneously increase security and usability.
We understand that usability (simplicity for users) and IT security (privacy, integrity and availability of data and services) often conflict with one another. Particularly when working in customer environments, we often realize that stringent security requirements mean we are spending more time trying to gain access to information than we are creating value for the customer. That is why we always strive to take usability into account as well and, where uncertainties arise, to assess which solutions best suit the case in hand (What data are we handling? What is the security classification of that data?). We reach a practical solution through team discussion, and present documentation in central systems that are visible to all staff. We tend to lean in the direction of usability when it comes to handling internal data. This tendency is based on our corporate values and trust in our employees
Customer data is given exceptional protection.
IT security in relation to the data of our customers is a top priority for us.
The security of customer data is the foundation of our integrity and the bedrock on which trusting, long-term collaboration is built. We exclude any forms of use or processing that have not been agreed with our customers, and ensure clear, documented decisions in other cases.
In the event of uncertainty, we always opt for more security rather than more simplicity in relation to our customers’ data. Security goes before usability in this case.
As a general rule, documents should not be printed out, but should instead be and remain digitized.
We are confident in our policy of storing all data in digital format because this is the only way we can be in a position to guarantee the IT security of this information. Where possible, we try to keep the data and information within the company in digital format. If we use paper, we do so solely to speed up our work processes. Paper is a temporary tool used to strengthen our visibility, presence or interaction. We are actively working on digitizing all information that is currently documented in paper form, and wherever possible we avoid storing paper unless legally required to do so. Paper is disposed of in a manner appropriate to the protection class of the information it contains.