Cloud Fortified Apps Program approval process

Summary

1. First, familiarize yourself with the documentation, including this page, the program overview, and its sub-pages.
2. Then, review the approval checklist to learn about each area to be addressed for approval. A copy is available here for reference.
3. Next, start working on the requirements. When you're ready to submit an app for approval, please create a ticket on this Service Desk.
4. During the approval process you will be updated on review progress and you may be asked to update your submission and clarify responses.
5. Once approved, apps are automatically updated in the Atlassian Marketplace to indicate the Cloud Fortified app designation and your app will be included in a periodically updated list of Cloud Fortified apps in go-to-market materials for our field teams and channel partners.
6. From time to time we might get in touch to gather feedback, share updates about any upcoming changes that we're exploring or plan to make for the program.
7. Your app has an annual review process where we verify that your app is in good order, and any new requirements are met. There is also an escalation process where Atlassian or customers can raise concerns about an app's compliance with the program requirements.

Tracking submission

After raising your Cloud Fortified app readiness ticket, our team triages and reviews your submission for any missing or incomplete elements. We track these elements and update you as to the requirements that follow. For some requirements, such as security and support, we often need only to verify the status of your app. For other requirements, such as those in the reliability stream, we need to configure your app, give accounts access to new views, and arrange test-runs of some of the processes. Throughout this process, we use the workflow below to reflect where responsibility for the next step lies, and track the individual components of app approval.

Approval process

These pages provide additional details about the requirements for each part of the approval process:

• Cloud Fortified Apps Program reliability requirements
• Cloud Fortified Apps Program security requirements
• Cloud Fortified Apps Program support requirements

Approval timing and review

• Approval process: We endeavor to review and take your app through the approval steps in a timely manner. While we designed the process to avoid idle time, we're keen to learn and improve. Please note that some requirements, however, such as the security program requirements, inherently have some "soak" time before becoming active and approval can be granted.
• Annual review process: We plan to review each Cloud Fortified app's approval status on an annual basis. The details of this will be worked out after the launch of the program.
• Escalation/violation process: We plan to formalize an escalation process for when a Cloud Fortified app fails to meet requirements after approval.

Updates to program requirements

We continue to develop and release improved developer tooling and guidelines on monitoring and improving the reliability and security of Atlassian Cloud products. As we do so, we also update the Cloud Fortified app requirements, documentation, and guidelines. We communicate these alterations ahead of time and release clear guides on how they should be adopted.