Trust and Security at AssertThat
At AssertThat, we design our products with security, reliability, and compliance at the core. AssertThat BDD and VibeTester are backed by recognised certifications and continuous security validation to ensure your Jira data is protected to high standards
Certifications and Programs
AssertThat operates under a fully audited ISO 27001 Information Security Management System (ISMS) — the international standard for managing and protecting sensitive information.
Our certification confirms that we have:
-
Formal, independently audited security controls
-
Structured risk management processes
-
Strict policies for data access, handling, monitoring, and oversight
-
Secure operational practices across engineering, support, and infrastructure
-
Continuous improvement and annual recertification cycles
ISO 27001 ensures your Jira data is handled securely, consistently, and in accordance with a globally recognised security framework.
AssertThat’s apps are recognised as Atlassian Cloud Fortified, Atlassian’s highest trust tier for Marketplace cloud apps. This designation confirms that we meet enhanced standards for security, reliability, and customer support.
Cloud Fortified status includes:
Security validation through Atlassian’s Bug Bounty Program
Continuous monitoring of uptime and performance
Documented incident response and resilience processes
Operational practices aligned with enterprise expectations
Elevated support SLAs with defined escalation paths
Cloud Fortified ensures our apps meet Atlassian’s most rigorous cloud requirements and are ready for secure, reliable use across teams of all sizes.
AssertThat participates in the Atlassian Marketplace Bug Bounty Program, which provides continuous, real-world security testing by independent, vetted security researchers. This programme ensures our apps are evaluated against emerging threats and potential vulnerabilities on an ongoing basis.
Our participation includes:
Continuous testing across our cloud apps
Prompt investigation and remediation of reported findings
Collaboration with security researchers worldwide
Strengthened security posture beyond automated scanning
Independent validation of our defences
The Bug Bounty Program adds an additional proactive layer of security, helping us maintain strong protection for every customer.
AssertThat builds its cloud apps using Atlassian-recommended architectures designed for security and reliability at scale. VibeTester runs fully on Atlassian Forge, benefiting from its built-in isolation, permission controls, and platform-level security. AssertThat BDD is currently delivered via Cloud Connect and is being migrated to Forge to align with these enhanced security standards.
This approach ensures our apps operate securely and consistently while inheriting the security foundations of the Atlassian Cloud platform.
Each AssertThat cloud app includes a detailed Privacy & Security profile on the Atlassian Marketplace. These pages outline how we handle data, the permissions we request, and the controls we follow to protect customer information.
Access the profiles here:
👉 AssertThat BDD – Privacy & Security
👉 VibeTester – Privacy & Security
These profiles provide transparency for security, compliance, and procurement teams evaluating our apps.
Visit the AssertThat Trust Center
For teams requiring deeper technical detail — including certifications, policies, architecture documentation, security controls, and operational practices — our Trust Center provides a comprehensive, continuously updated view of our security posture.
