using-cloud

Using Confluence Cloud securely

Government staff are responsible for checking the applications they use are secure. This guidance will help you use Confluence Cloud to collaborate securely with colleagues.

Confluence Cloud is a collaboration application for creating, organising, and discuss work in a team. You can use it to create and manage content, comment and suggest changes.

Securing your account

Secure your Confluence Cloud account by using:

• a password made up of 3 random words
• a secure (HTTPS) connection and a modern browser or Confluence mobile app

If you have a corporate Google (G Suite) account use this to log in to Confluence, and enable two factor authentication on that account.

Tell your Confluence administrator if you:

• think someone may have accessed your account
• lose a device that can access your Confluence account (you should also reset your password)

You can also revoke OAuth access if you've enabled it.

Protecting your data

To protect your data when using Confluence, make sure you:

• don't use Confluence to store sensitive, personal, or other high value data (like commercial or financial information) that could cause harm or embarrassment if lost or exposed
• restrict access to pages and spaces when you need to control access

When using Confluence, you should also be aware that content, including archived or private content, can be:

• disclosed publicly under the Freedom of Information Act
• backed up and viewed by administrators in Confluence accounts, including content not shared with them
• subject to legal requests to share data by courts, government agencies, or parties involved in litigation in the US

Atlassian - the company that runs Confluence - have signed up to the EU-US Privacy Shield which requires them to follow European data protection requirements for personal data for their European customers. You own the data you put in Confluence, and their technical security is similar to other popular public cloud services.

Managing information

You must record or summarise important work in a permanent record at regular intervals or at the end of a piece of work.

Make sure you don't lose content by:

• creating a permanent record of shared information at regular intervals or at the end of a piece of work
• using your document storage or email service to capture important discussions or decisions (name the data so it can be found later)

You can export data from Confluence by:

• copying and pasting the text (while noting the date)
• exporting documents to other formats
• asking your administrator for a backup

Getting started

Ensure your account looks official and similar to other government Confluence accounts by:

• setting your @mention name to FirstLastORGANISATION (for example AlexBlackMOJ)
• use a recognisable profile photo
• add your role to the Job title section

Getting help

For help using Confluence, you can read their getting started guide

Confluence offer support through a:

• support page
• status page

You may also get help from your internal IT team if they have agreed to do it.