/
STAGIL Security Policy

STAGIL Security Policy

STAGIL develops and maintains apps for the Atlassian Marketplace. This policy describes the security practices and controls we have in place across our organisation and products.

STAGIL maintains an Information Security Management System (ISMS) certified to DIN EN ISO/IEC 27001:2022. Our security practices are aligned with this framework and subject to regular internal and external audits, including annual surveillance audits. The certificate is available upon request.

Security Governance

Security at STAGIL is governed through our ISO 27001-certified ISMS. This includes defined security roles and responsibilities, documented policies and procedures, regular risk assessments, and a continuous improvement cycle. The ISMS is reviewed and audited regularly to ensure it remains effective and aligned with evolving requirements.

Secure Development

STAGIL follows secure development practices aligned with industry standards, including OWASP guidelines. Our development process includes code reviews, static analysis, and testing for common vulnerability classes before release.

Vulnerability Management

We actively monitor for and remediate security vulnerabilities in our products and infrastructure.

  • Bug Bounty Program. STAGIL participates in Atlassian's Marketplace Security Bug Bounty Program, operated through Bugcrowd. This program enables independent security researchers to identify and report vulnerabilities in our apps.

  • Dependency Management. We use automated scanning tools to identify known vulnerabilities in third-party libraries and dependencies used in our products.

  • Remediation SLAs. Security vulnerabilities are prioritised by severity and addressed in accordance with the target timelines. These timelines are aligned with Atlassian's Security Bug Fix Policy for Marketplace Apps.

Security Incident Management

STAGIL maintains a documented incident response process covering identification, containment, investigation, remediation, and post-incident review. Service disruptions and operational incidents are communicated through our status page. Security incidents involving customer data will be handled through direct notification in accordance with applicable legal requirements.

Infrastructure and Data Security

Our cloud apps operate within the Atlassian ecosystem. Where app data is processed on Atlassian's infrastructure, it is subject to Atlassian's security and data residency controls. Where we operate our own infrastructure, customer data is protected using industry-standard encryption in transit and at rest, and access is restricted to authorised personnel on a need-to-know basis.

Business Continuity

STAGIL maintains a business continuity plan to ensure the availability and resilience of our services. This plan is reviewed and updated periodically.

Third-Party Security

Where we rely on third-party service providers for hosting, processing, or other services that may involve customer data, we assess their security posture and ensure appropriate contractual safeguards are in place, including data processing agreements where required by applicable law.

Contact

For general security inquiries, please contact us at support@stagil.com