Security statement

This security statement applies to the Cloud version of the ITSM Reports.

We are committed to improving our security posture. That’s why we created this page to answer basic questions about security in the ITSM Reports app. For company-level security approach, please refer to the Trust Center.

Architecture

ITSM Reports is built on the Forge platform. The app connects to Jira using OAuth2. It’s written in React and TypeScript.

What customer data does the app process?

We process accountIds, email addresses, display name.

What data does the app store?

The app stores API Token for the integration with Assets.

Where are the data stored?

All data are stored on the Atlassian infrastructure. Templates data is stored in Jira (via UIM entities). The app configuration is stored via Forge Storage.

What permission does the app require?

Permission

Usage

Endpoint(s) in methods

manage:jira-configuration

Creating Template custom field if field doesn’t exist (done in upgrade tasks).

Creating a custom field context. Used when options are updated for template.

Getting mappings for a field in issue for particular project. Used when applying UI modification for the following field types: single select, multi select, checkboxes.

Getting custom field context for a project. Used when updating options for a template and during template deletion.

Getting custom field option for a context. Used when creating a custom field context and during template deletion.

Creating options for a custom field. Done during template creation and update.

Updating options for a custom field. Done during template update.

Deleting a custom field option. Done during template deletion.

Getting issue type screen schemes for projects. Done during adding Template field to create screens.

Getting issue type screen scheme items. Done during adding Template field to create screens.

Getting contexts for a custom field. Used for example when getting predefined options for the select field type.

Getting values for the priority field.

manage:jira-project

Adding template field to create screens for particular projects. This process involves getting list of screen schemes, tabs for a screen, fields for a tab, adding a field to a screen tab and moving a screen tab field.

storage:app

Saving plugin related data in the Storage. For example, custom field config is saved in the Storage and this data is used on create issue screen when reading what kind of fields are supported by our app for UI modifications. Another example is that we save templates names in the Storage so when someone is creating or updating a template we can verify if such template already exists.

read:jira-work

Getting a custom field option. Done during template update and deletion.

Getting UI modifications to display in the table.

Updating UI modifications when template is updated.

Creating UI modifications when template is created.

Getting supported fields to display in the field selector while creating/updating template.

Getting the JQL search auto complete suggestions for the labels field.

Getting components for a project.

Getting versions for a project.

read:jira-user

Getting a user for a user picker field.

Getting users for a user picker field for handling multi selection.

Getting users for a user picker field with specific search conditions.

write:jira-work

Required for loading and applying UI modifications on the create issue screen.

Does the app encode all data in transit and at rest?

Yes.

Does the app support data residency?

No at this moment. Atlassian is working on enabling this for all Forge apps.

Does the app have a data retention policy?

Yes. Upon written request, Appsvio and Atlassian will delete all End User Personal Data (including copies). More information is available in Forge DPA.

Does the app have a data backup policy?

Yes. More information is available in https://www.atlassian.com/trust/security/data-management

Useful links and more information Privacy Policy of Appsvio apps

If you have any questions about the security, e-mail security@appsvio.com.

Last updated