Actonic Products got ISO/IEC 27001:2022 Certificate
Actonic is certified to ISO/IEC 27001:2022
Our information security management system is independently audited and certified to the international ISO/IEC 27001 standard.
Actonic Products GmbH — maker of Report Builder, the Data Protection and Security Toolkit, and Timesheet Builder — is certified to ISO/IEC 27001:2022. Below is the certificate, its scope, and how it applies to our apps.
What the certificate means for you
ISO/IEC 27001 is the international standard for information security management. Certification means an accredited body has reviewed how we protect data and operate our systems.
An accredited body reviewed our security management system against ISO/IEC 27001 and re-audits it every year.
You can use the certificate to answer many security-questionnaire items up front, instead of assessing us from scratch.
The certified scope is our software development — the process behind Report Builder, the Data Protection and Security Toolkit, and Timesheet Builder.
About +A1:2024: ISO/IEC 27001:2022 was amended in 2024 to add climate-related requirements, and our certificate already includes that amendment. The Statement of Applicability — the list of which controls apply — is dated 5 June 2026 and available on request.
What the certificate covers
An ISO 27001 certificate’s scope defines what it applies to. Ours is software development: how Actonic builds and maintains its products, which is the work behind the apps you install from the Atlassian Marketplace.
Certified scope
Software development
Geltungsbereich: Softwareentwicklung
How this applies to our apps
Our Jira and Confluence apps are developed under the certified process, so the certificate applies to how each one is built.
Report Builder →
Custom Jira reports, charts, and dashboards.
Data Protection & Security Toolkit for Jira →
PII discovery and anonymization for Jira.
Data Protection & Security Toolkit for Confluence →
PII discovery and redaction for Confluence.
Timesheet Builder →
Privacy-aware time tracking for Jira.
Beyond the certificate
ISO 27001 is one part of how we protect customer data. Alongside it:
- ✓Marketplace Security Bug Bounty Program — security researchers can report issues in our apps responsibly.
- ✓Privacy by design in Cloud — our Cloud apps process data in the browser and don’t store customer personal data with third parties.
- ✓Encryption in transit — all traffic to our apps uses TLS with browser-trusted certificates.
- ✓Data Processing Agreement — a DPA covering our processing activities is available to customers.
- ✓GDPR / DSGVO, HIPAA & CCPA — our toolkit helps customers meet these inside Jira and Confluence.
- ✓Marketplace Trust Center — per-app privacy and security details are on our Marketplace listings.
Questions about our security or compliance?
Contact our Information Security team for vendor reviews, certificate requests, or documentation.
Frequently asked questions
Yes. Actonic Products GmbH holds a current ISO/IEC 27001:2022 (+A1:2024) certificate, number 1710DE1184IS, valid until 22 June 2029, subject to annual surveillance audits.
The certified scope is software development — how Actonic designs and develops its products for the Atlassian ecosystem, including Report Builder, the Data Protection and Security Toolkit, and Timesheet Builder.
It is valid until 22 June 2029, maintained across the three-year cycle through annual surveillance audits.
ISO 27001 certifies how Actonic manages information security as an organisation. GDPR is a law for protecting personal data. They work together: our certification covers our own security management, while our apps help customers meet GDPR/DSGVO, HIPAA, and CCPA requirements inside Jira and Confluence.
The certificate is on our Trust Portal. The Statement of Applicability (dated 5 June 2026) is available on request through our ISMS service portal.
Request