Our applications are developed for Atlassian’s Forge platform. Forge provides an access control mechanism that ensures only authorized users have access to the application. Only Jira Administrators having access to the Admin Panel can view our applications. The access controls are provided by Atlassian’s Jira Service Management or Atlassian Access depending on our customer’s environment. These are totally controlled by our customers. For example, SSO, strong password policies, multi-factor authentication (MFA), and limiting user access based on the principle of least privilege are some of the capabilities available to Atlassian customers.
Pio Software will adhere to industry best practices for secure coding and testing. We will perform regular code reviews. Our code is stored in Bitbucket and executed on Forge platform which allows limited libraries to be used and vulnerability scans are performed to detect and remediate any security issues that arise. We do not have other third-party dependencies or libraries in our applications.
Pio Software provides an open portal for the customers to inform in case they observe an incident. The incident management process is well documented and outlines how we respond to security incidents, including breach detection, containment, and recovery. We will notify affected customers promptly in the event of a data breach or security incident.
Pio Software will comply with all applicable security and privacy regulations, such as GDPR, CCPA, and HIPAA, as applicable in the future. We will regularly review and update our security policies to ensure that we are in compliance with any changes in regulations.
Pio Software will provide users with clear instructions on how to use the application securely. We will provide educational materials, documents, and videos to help users understand security best practices and encourage users to report any security incidents or vulnerabilities they encounter.
Pio Software will periodically engage third-party security experts to conduct penetration tests and security audits of the application in the future. We will review the findings of these audits and take appropriate action to remediate any identified vulnerabilities.