Record of Processing Activities 
Transfer Impact Assessment 
Privacy Impact Assessment 
Cybersecurity Controls 
Cybersecurity Risk Management 
Interactive Awareness Program Unicis Cybersecurity Controls for Jira: Enhancing Security Standards - Unicis.Tech OÜ
Unicis Cybersecurity Controls for Jira introduces enhanced security standards, including ISO/IEC 27001:2013 and 2022, aligning with the EU NIS Directive.
We are thrilled to announce the integration of new cybersecurity controls for Jira, aimed at elevating the security posture of your organization. In addition to the default Minimum Viable Secure Product (MVSP), we have incorporated the ISO/IEC 27001 standards for both 2013 and the latest 2022 version. Furthermore, we are aligning our controls with the upcoming EU NIS Directive, contributing to a common and converged level of security in network and information systems.
New Security Standards
ISO/IEC 27001 and 2022
We understand the importance of staying ahead in the ever-evolving landscape of cybersecurity. By integrating the ISO/IEC 27001 standards of 2013 and 2022, we ensure that our cybersecurity controls are in line with the latest industry best practices, providing robust protection against emerging threats.
NIS Cooperation Group Security Measures
To address the requirements of the new EU NIS Directive, we have created a comprehensive table mapping the NIS Cooperation Group Security Measures for Operators of Essential Services (OES) with MVSP and ISO/IEC 27001 standards. This table aims to facilitate a common and converged level of security in network and information systems at the EU level.
| SECURITY DOMAIN / SUB-DOMAIN / MEASURE | MVSP (v1.0) | ISO 27001 | ISO 27001 |
|---|---|---|---|
| Defence / Computer Security Incident Management / Incident Report | MVSP 1.1 Vulnerability reports, MVSP 1.7 Incident handling | A.16.1.1 Responsibilities and procedures, A.16.1.2 Reporting information security events | A.5.2 Information security roles and responsibilities, A.6.8 Information security event reporting |
| Defence / Computer Security Incident Management / Communication with competent authorities | MVSP 1.7 Incident handling | A.6.1.3 Contact with authorities, A.6.1.4 Contact with special interest groups | A.5.5 Contact with authorities, A.5.6 Contact with special interest groups |
| Defence / Detection / Logging | MVSP 2.7 Logging | A.12.4 Logging and monitoring, A.18.1.3 Protection of records | A.8.15 Logging, A.8.16 Monitoring |
| Defence / Detection / Logs correlation and analysis | MVSP 2.7 Logging | A.16.1.4 Assessment of information security events, A.16.1.7 Collection of evidence | A.5.25 Assessment of information security events, A.5.28 Collection of evidence |
| Defence / Detection / Detection | MVSP 1.8 Data handling, MVSP 3.3 Vulnerability prevention | A.12.2 Protection from malware, A.12.6.1 Management of technical vulnerabilities | A.8.7 Protection from malware, A.8.8 Management of technical vulnerabilities |
| Defence / Computer Security Incident Management / Information system security incident response | MVSP 1.7 Incident handling | A.16.1.5 Response to information security incidents, A.16.1.6 Learning from information security incidents | A.5.26 Response to information security incidents, A.5.27 Learning from information security incidents |
| Governance / Human resource security | MVSP 1.5 Training | A.7 Human resource security, A.6.1.1 Information security roles | A.6 People controls, A.6.3 Information security awareness, education and training |
| Governance / Information system security risk analysis | MVSP 1.3 Self-assessment, MVSP 1.4 External testing | A.8.1.1 Inventory of assets, A.12.6.1 Management of technical vulnerabilities | A.5.9 Inventory of information and other associated assets, A.8.8 Management of technical vulnerabilities |
| Governance / Information system security audit | MVSP 1.4 External testing | A.12.7.1 Information systems audit controls, A.18.2 Information security reviews | A.5.35 Independent review of information security, A.8.34 Protection of information systems during audit testing |
| Governance / Ecosystem mapping | MVSP 1.2 Customer testing | A.4.1 Understanding the organization, A.4.2 Interested parties | A.4.1 Organisational context, A.4.2 Interested parties |
| Governance / Information system security policy | MVSP 1.6 Compliance, MVSP 1.5 Training | A.5.1.1 Policies for information security, A.6.1.1 Information security roles | A.5.1 Policies for information security, A.5.2 Information security roles |
| Protection / Authentication and identification | MVSP 2.1 Single Sign-On, MVSP 2.4 Password policy | A.9.1 Business requirements of access control, A.9.4.2 Secure log-on procedures | A.5.15 Access control, A.8.5 Secure authentication |
| Protection / IT security maintenance procedure | MVSP 1.1 Vulnerability reports, MVSP 2.6 Dependency Patching | A.12.6.1 Management of technical vulnerabilities, A.14.2 Security in development and support processes | A.8.8 Management of technical vulnerabilities, A.8.25 Secure development life cycle |
| Protection / System segregation | MVSP 4.2 Logical access | A.12.1.4 Separation of development, testing and operational environments | A.8.31 Separation of development, test and production environments |
| Protection / Cryptography | MVSP 2.2 HTTPS-only, MVSP 2.8 Encryption | A.10.1 Cryptographic controls | A.8.24 Use of cryptography |
| Protection / Administration accounts | MVSP 2.1 Single Sign-On, MVSP 2.4 Password policy | A.9.2.3 Management of privileged access rights | A.8.2 Privileged access rights |
| Protection / Physical and environmental security | MVSP 4.1 Physical access | A.11 Physical and environmental security | A.7 Physical controls |
| Protection / Access rights | MVSP 4.2 Logical access | A.9.2 User access management | A.5.15 Access control, A.8.2 Privileged access rights |
| Resilience / Disaster recovery management | MVSP 4.4 Backup and Disaster recovery | A.17.2 Redundancies | A.8.14 Redundancy of information processing facilities |
| Resilience / Crisis management organisation | MVSP 1.7 Incident handling, MVSP 4.4 Backup and Disaster recovery | A.6.1.1 Information security roles, A.17.1 Information security continuity | A.5.2 Information security roles, A.5.30 ICT readiness for business continuity |
| Resilience / Business continuity management | MVSP 3.3 Vulnerability prevention, MVSP 4.4 Backup and Disaster recovery | A.17.1 Information security continuity, A.17.2 Redundancies | A.5.30 ICT readiness for business continuity, A.8.14 Redundancy of information processing facilities |
ENISA Minimum Security Measures
To achieve these standards and mappings, we have leveraged the expertise of the European ENISA agency and its Minimum Security Measures for Operators of Essential Services. This collaborative effort ensures that our cybersecurity controls not only meet international standards but also align with the specific requirements of essential services.
Conclusion
With the integration of new cybersecurity controls and alignment with ISO/IEC standards and the EU NIS Directive, Unicis Cybersecurity Controls for Jira is committed to providing a robust and comprehensive security solution. This initiative aims to enhance the security posture of organizations, contributing to a safer and more secure digital ecosystem.
Your security is our highest priority.
Unicis Platform
Ready to automate your GRC workflow?
Join teams using Unicis to manage privacy compliance, cybersecurity controls, and regulatory frameworks — all in one open-source platform.