Introduction
Vansah is committed to safeguarding customer and product data through a comprehensive framework of policies, controls, and governance practices that align with industry-leading standards such as ISO/IEC 27001, NIST Cyber security Framework, and GDPR.
This document consolidates Vansah’s approach to Information Security, Data Security, Data Residency, Data Privacy and Vansah Intelligence (AI) providing customers with a transparent view of how Vansah protects, manages, and controls access to their data across its products and services, including Vansah Test Management for Jira.
Governance and Relationship to the EULA
All Vansah security and data protection commitments operate under the terms and conditions defined in the End User License Agreement (EULA). Each policy outlined herein forms an integral part of Vansah’s overall compliance and assurance framework.
Information Security Management
Security Objectives
Vansah maintains an Information Security Management System (ISMS) aligned with ISO/IEC 27001 standards. Core objectives include:
Achieving 100% security vulnerability scan success across CI/CD deployments
Maintaining >99.9% uptime for customer-facing systems
Responding to verified security incidents within 24 hours
Conducting quarterly privileged access reviews
Delivering annual information security awareness training for all employees and contractors
Application and Infrastructure Security
All Vansah software is deployed via a Continuous Integration and Deployment (CI/CD) pipeline, incorporating vulnerability scanning, version validation, and automated testing.
Builds are only released after all validation checks pass successfully.
Hosting is provided by AWS and DigitalOcean, both certified under ISO/IEC 27001, ISO/IEC 27018, and SOC 1/2/3 standards.
Vansah maintains full ownership and control over all hosted data.
Threat Detection and Response
Vansah employs Network Security Monitoring (NSM) tools with Intrusion Detection (IDS) and Intrusion Prevention Systems (IPS).
A Security Information and Event Management (SIEM) platform continuously monitors logs and events for anomalies.
All workstations are protected by enterprise-grade antivirus and anti-spyware tools.
Learn more: Information Security
Data Security Framework
Core Security Controls
Vansah’s data security framework incorporates technical, administrative, and physical controls designed to ensure the confidentiality, integrity, and availability of customer data:
Control Area | Measures Implemented |
Encryption | AES-256 encryption for data at rest, TLS 1.3 for data in transit, end-to-end encryption for sensitive exchanges |
Access Control | Zero-Trust architecture, role-based access management, quarterly access audits, immediate revocation of unnecessary privileges |
Monitoring & Resilience | 24/7 monitoring for performance, uptime, and security; SLA-backed 99.9% service availability |
Backup & Recovery | Automated daily encrypted backups within the pinned data region; disaster recovery tested regularly |
Employee Awareness | Annual security awareness training covering secure handling, incident response, and data protection |
Compliance & Audits | Periodic independent audits and adherence to global standards (ISO 27001, NIST CSF, GDPR) |
Continuous Improvement
Security controls are periodically reviewed, updated, and tested to address emerging threats and evolving compliance requirements.
Learn more: Data Security
Data Residency and Sovereignty
Regional Hosting
Vansah provides Data Residency support aligned with Atlassian’s regional policies. Customer data is pinned to the geographic region corresponding to their Jira instance, such as:
Location | Region | Status |
Default (USA) | North America (New York) | Available |
Australia | Sydney | Available |
Canada | Central | Available |
Singapore | Asia Pacific | Available |
Germany | Frankfurt | Available |
EU | Frankfurt | Available |
United Kingdom | London | Available |
Customers in regulated industries (e.g., finance, healthcare, government) can request data residency changes to comply with jurisdictional or organisational data governance requirements.
In-Scope Data
The following data categories are pinned to the customer’s Jira region:
Customer Data: Test Cases, Scripts, Runs, Plans, Reports, and related attachments
Product Data: Atlassian Account IDs, Jira Issue Keys, Identifiers, Labels, Custom Fields
All in-scope data remains within the chosen region unless explicitly migrated at the customer’s request.
Learn more: Data Residency
Data Privacy and GDPR Compliance
Transparency and Purpose
Vansah collects and processes only the data necessary to deliver test management, scheduling, execution, and reporting services.
Data types include Test Cases, Test Scripts, Test Runs, Test Plans, Test Reports, and attachments.
Data Retention
Customer data is retained for six months after subscription expiry or cancellation to allow license renewal continuity.
Customers may request earlier deletion at any time via the Vansah Support Portal.
Personal Data and PII
Vansah does not process or store Personally Identifiable Information (PII). All PII is handled by Atlassian in accordance with its privacy practices. Vansah complies with GDPR obligations for data handling, hosting, and deletion.
Hosting
All data is hosted securely on AWS and DigitalOcean infrastructure. Data residency is enforced based on Jira’s pinned location settings.
Learn more: Data Privacy
Data Classification
Data within Vansah systems is classified based on multiple criteria:
Category | Example |
Type | Numerical, categorical, textual |
Source | Primary (collected directly) or secondary (derived) |
Format | Structured, unstructured, semi-structured |
Domain | Customer, operational, or system data |
Accessibility | Public, private, or confidential |
Purpose | Transactional, analytical, operational |
This classification ensures appropriate handling, retention, and access control.
Vansah Intelligence (AI) Policy
Definition and Scope
Vansah Intelligence refers to all machine learning or AI-driven features provided by Vansah, whether standalone or embedded within other Vansah products (e.g., test case generation, defect analysis, and data summarization).
The policy applies to all “Input” (user prompts, data, text, or uploads) and “Output” (responses or insights generated by Vansah Intelligence).
Data Ownership and Usage
Customers retain full ownership and intellectual property rights over both Input and Output data.
Vansah does not use customer data for AI model training, tuning, or algorithmic improvement.
All AI data interactions are session-bound processed only to fulfil the request and never retained or stored externally.
Data remains strictly within the pinned Jira region, adhering to Vansah’s Data Residency policy.
All data transmission to Vansah Intelligence occurs over encrypted channels (TLS 1.3) to maintain confidentiality.
Learn more: Vansah Intelligence (AI) Policy
Security Breach Management
In the event of a confirmed data breach, Vansah will:
Assess and contain the incident immediately.
Notify affected customers within 24 hours via email or direct communication.
Provide details on:
Nature and scope of the breach
Data types affected
Actions taken and recommended mitigation steps
Continue to update customers as investigations progress.
Maintain support channels to assist with customer queries and remediation.
Access Control Measures
Access to systems and data is restricted to authorised personnel following least privilege principles.
All administrative actions are logged and reviewed during quarterly audits.
Multifactor authentication (MFA) is required for access to production and administrative environments.
Segregation of duties is enforced between development, testing, and production teams.
Compliance and Oversight
Vansah’s governance framework includes regular third-party audits and continuous compliance alignment with:
ISO 27001 – Information Security Management
GDPR – EU General Data Protection Regulation
Atlassian Cloud Data Residency and Privacy Commitments
Contact Information
If you have any questions about this Information Security policy , please contact us through our support portal.