Secure Fields for Jira Cloud: Onboarding Process and Protecting Sensitive Data

By Published On: 28 October 2024

Secure Fields for Jira Cloud is an application designed for the secure management of sensitive data in Jira projects. This tool enables organizations to create special, secured fields that are accessible only to authorized individuals. As a result, companies can effectively protect critical information related to the security and privacy of employees, which in turn helps them comply with personal data protection regulations. Furthermore, the application facilitates the management of processes such as assigning responsibilities to team members. Secure Fields for Jira can prove to be extremely useful in many processes. One of these is the onboarding process for new employees, which often requires the collection and management of sensitive data.

secure fields

What Are the Challenges in the Standard Onboarding Process?

The onboarding process requires the collection and management of a range of personal data, such as salary, contact information, internal notes, and other data that require special protection. This information is exceptionally sensitive and should be adequately protected to prevent accidental leaks and potential legal consequences. In a standard Jira Cloud environment, there is a risk that unauthorized team members may gain access to this data. This is due to the standard access model, where Jira Cloud users can view most of the issues in the system. This leads to several potential threats:

  • Accidental Disclosure of Sensitive Data: Users who do not need access to certain information may accidentally view this data.
  • Non-Compliance with Data Protection Regulations: Organizations must comply with regulations related to personal data protection. If sensitive data is accessible to too many people, there is a risk of violating regulations, which can result in financial penalties and a loss of trust.
  • Potential Internal Misuse: Without control over access to confidential data, it may be used for unauthorized purposes. This can harm both new employees and the organization.

Protecting Sensitive Data with Secure Fields in Jira Cloud – Application in the Onboarding Process

Secure Fields for Jira Cloud allows organizations to create selectively hidden fields that are accessible and editable only by selected project roles. With this feature, the onboarding process can be customized to ensure secure management of information that must remain confidential. In addition to access control that allows only authorized users to view this data, Secure Fields also provides the ability to edit fields and view change history, ensuring full transparency and facilitating the management of sensitive data.

Use Case: Employee Onboarding

To see how the features of Secure Fields for Jira Cloud perform in practice, let’s take a look at a specific use case: employee onboarding. In this scenario, Secure Fields plays a key role in managing confidential data, ensuring both information security and compliance with data protection policies.

By analyzing John’s onboarding, we will examine how Secure Fields impacts the process from different perspectives: the HR team, the Team Leader, and the employee himself. This example illustrates how Secure Fields enables varied access permissions for sensitive data, which not only enhances security but also facilitates information management within the organization.

Standard Onboarding Process

In Jira Cloud, we have the ability to manage the hiring process through a Kanban board. The screen displays the “Onboarding” project board, which includes columns (statuses).

In the “To-Do” column, we can create a new issue, which in the context of onboarding signifies the formal initiation of the hiring process for a new employee.

In the presented example, the HR role has been assigned to Jakub, the Team Leader role to James, while the new employee John has been assigned the Viewer role.

Granting Access

The project administrator has access to the access granting options. In this area, it is possible to assign specific roles to individuals, such as HR, Team Leader, and Viewer. Each of these roles is assigned appropriate permissions concerning data access.

Extension for Sensitive Fields

Next in the onboarding process, we can add sensitive fields such as Salary, Internal Notes, and Buddy. The configuration of Secure Fields in Jira allows for precise management of access to this data. The Read permission enables users to view information such as salaries or internal notes without the ability to edit them. The Write permission lets users make changes, update salaries, or add new notes. Meanwhile, the History permission provides access to the edit history, allowing identification of who made changes and when. With these various permissions, Secure Fields ensures secure management of data, guaranteeing that only authorized individuals have access to sensitive information.

The project administrator (in this case, HR) has full access to sensitive data (salary, internal notes), allowing them to edit and view information related to the onboarding process. However, there is no option to assign a buddy to the new employee. The Team Leader also has the ability to view and edit data, which is crucial in the context of assigning buddies. However, they cannot edit or check the history of the salary. The Viewer role, assigned in this case to the new employee John, restricts access to sensitive information, ensuring compliance with data protection policies and the security of information within the organization.

Use Case: Onboarding Process of John Doe

Creation of an Issue by an HR Person

The next step is to create an issue by the administrator. Let’s return to the Onboarding project board. In the “To-Do” column, the “Create” option is selected, which opens a form where the details of the new task can be entered. We can specify:

  • Summary: The surname of the new employee (e.g., John Doe).
  • Start Date: The start date of employment.

This formalizes the entire onboarding process and facilitates the documentation of each step.

Granting Access and Entering HR-Specific Data

The administrator (HR) opens the issue related to John and enters the appropriate data in the Secure Fields section. They have the option to complete the data with:

  • Salary: An editable amount only for individuals assigned to the HR role.
  • Internal Notes: A note about the employee that is accessible only to HR and the Team Leader.

Next to this, there is a section for granting access (Grant Access), where Jakub, as HR, can provide John with access to tools such as Jira and Confluence.

Handover to the Team Leader

After completing the data entry, Jakub, as HR, hands over the issue to James Lovelance, the Team Leader. James, having access to the Grant Access and Assign Buddy sections, can also grant John access to projects and assign him a buddy.

Buddy Report

As the Team Leader, James has access to the buddy report. Secure Fields lets him check how often individual employees have fulfilled the buddy function. This facilitates the process of selecting a buddy for the next onboarding.

Assigning a Buddy

Secure Fields not only protects confidential information but also streamlines the organization of processes. For example, data regarding the “buddy” — which is not typically sensitive — can be managed more efficiently through the application. Secure Fields makes it easy to define who is responsible for assigning the buddy. This helps to clearly delineate responsibilities and improve the management of the onboarding process. James has the ability to assign a buddy to John. It is also worth noting that as the Team Leader, he has access to view the Salary field, but does not have the ability to edit it. However, he does have access to both view and edit the Internal Notes field.

View from the Perspective of the Onboarding Employee

From John’s perspective, the new employee, the onboarding process is transparent. After logging in, he sees who his buddy is but does not have the ability to edit this information. This setup ensures that sensitive data is protected while John has access only to the necessary information.

HR Reports in Secure Fields for Jira Cloud

Secure Fields for Jira Cloud offers advanced reporting capabilities that align with security policies and respect user permissions for sensitive data. With this feature, the HR department can generate reports that include information about currently employed staff, such as salaries and internal notes, available only to authorized users.

Secure Fields also enables monitoring access to this data, ensuring full control over confidential information and compliance with the organization’s data protection policies. Additionally, this tool integrates with built-in mechanisms in Jira, such as JQL, filtering, and gadgets and dashboards. This enables integration with existing reporting functions, allowing precise customization of reports to meet the organization’s needs. It also facilitates effective analysis and visualization of sensitive information while ensuring full access protection.

HR Report on Currently Employed Employees

Secure Fields allows users to easily create reports based on specific criteria, significantly facilitating the work of HR teams. With Secure Fields, HR can quickly verify salaries and other sensitive data, which is crucial for effective human resource management. As shown in the screenshot, by using the Status=Done function (a native Jira feature and JIRA Query Language), the system filters out employees, leaving only those currently employed along with their salaries and internal notes. In the second example, HR can filter the data to display only those employees whose salaries exceed 100,000. This functionality enables precise analysis and allows for strategic staffing decisions.

Ograniczenia dla Onboardowanego

It is important to emphasize that the onboarded individual, in this case, John (Viewer), does not have access to sensitive data such as salaries or internal notes. Due to his limited permissions, he cannot generate such a report.

Ensure Data Security with Secure Fields

Secure Fields for Jira Cloud is an advanced solution for organizations that wish to secure sensitive data during the onboarding process. With this application, it is possible to manage sensitive information in accordance with best data protection practices. As a result, organizations can enhance the security of internal processes. This also builds a positive reputation among new employees who know their privacy is protected. Protect sensitive data during onboarding new employees. Download Secure Fields for Jira Cloud from the Atlassian Marketplace and secure your onboarding process today!

Share this article

Written by : Marta Rodziewicz

Content Marketing Specialist

post contents