Kansas House Bill 2039: Tribal Court Judgments Recognition
advertisement
Session of 2019
HOUSE BILL No. 2039
By Committee on Judiciary
1-17
1
2
3
4
5
6
7
8
9
10
11
12
13
AN ACT concerning recognition of tribal court judgments.
Be it enacted by the Legislature of the State of Kansas:
Section 1. (a) Pursuant to rules adopted by the supreme court, the
district courts of this state shall extend full faith and credit to the orders,
judgments and other judicial acts of the tribal courts of any federally
recognized Indian tribe.
(b) In adopting rules under subsection (a), the supreme court shall
only extend recognition to the judgments of tribal courts that grant full
faith and credit to judgments of the courts of the state of Kansas.
Sec. 2. This act shall take effect and be in force from and after its
publication in the statute book.
DESCRIPTI E CATALOGING MAN AL NAME AND SERIES A THORIT
RECORDS
MLA C
M
BIBCO M
cF
C
MLA A
M
2024 (
), 3/7/24
e Re
CTHISMOPEN
, C SOURCE AGREEMENT (“AGREEMENT”) DEFINES THE RIGHTS OF USE, REPRODUCTION,
DISTRIBUTION, MODIFICATION AND REDISTRIBUTION OF CERTAIN COMPUTER SOFTWARE
,M
2023-F
2024
ORIGINALLY RELEASED BY THE UNITED STATES GOVERNMENT AS REPRESENTED BY THE
GOVERNMENT
AGENCY
LISTED BELOW ("GOVERNMENT AGENCY"). THE UNITED STATES
N
F
:
GOVERNMENT, AS REPRESENTED BY GOVERNMENT AGENCY, IS AN INTENDED THIRD-PARTY
M
(E
M
)
BENEFICIARY OF ALL SUBSEQUENT DISTRIBUTIONS OR REDISTRIBUTIONS OF THE SUBJECT
A
(E
M
) REPRODUCES, DISTRIBUTES, MODIFIES OR REDISTRIBUTES THE
SOFTWARE. ANYONE WHO USES,
SUBJECT
SOFTWARE,
ASC DEFINED
OR ANY
PART( THEREOF,
IS,
A
(
L HEREIN,
A
) M
H
.O C
) BY THAT ACTION, ACCEPTING IN
FULL THE RESPONSIBILITIES AND OBLIGATIONS CONTAINED IN THIS AGREEMENT.
O
:
M
F
(
GRANT
We
a e a OF
a RIGHTSf
N
C
-C
H )
add
a
e be ! A
NACO- M
P
(
A. Under Non-PatentMRights:
Subject to the terms
and conditions of this Agreement, each Contributor,
with respect to
NMP)
F
. BIBCO
NMP
its own contribution to the Subject Software, hereby grants to each Recipient a non-exclusive, world-wide, royaltyI free license to engage in the following activities pertaining to the
F Subject Software:
,
1. Use
BIBCO
M
F
(
Ca a g g & Me ada a C
ee - BIBCO - M c L b a A
ca
)
2. Distribution
3. Reproduction
CMC
K
B
A
FAQ
,
4. Modification
AAP
5. Redistribution
6. Display
BIBCO
B. Under Patent Rights: Subject
to the terms and conditions of this Agreement, each Contributor, with respect to its
I ownK contribution
-J
(Eto the Subject Software,
M
) hereby grants to each
PCC
C
Recipient under
Covered Patents a non-exclusive,
world-wide, royalty-free license to engage in the following activities pertaining to the Subject Software:
C
BIBCO
AAP (
1. Use ( C );
)
.
2. Distribution
3. Reproduction
4. Sale
1. 5.
M Offer for Sale
I
14
I
11
I
31 BIBCOM
10
-L
1519201819 1514141211 1213131211 3025232532
M
2019
2020
2021
2022
2023
2024
I
7
2
7
5
5
9
2. BIBCO
N
:
M
(
A
),
CC
BIBC
A
,
F
F
.
L
C
:
BIBCO
F 2019)
D
.
,
-
(
;
M
F
.
BIBCO
CC
F
CC D
.
BIBCO
(382/655/046/
!
-
.), 240
,
.
BIBCO
-
.
C m la i e S a i ic 2015-2023
N
:
CC
2016. C
(
-
)
/
; . .,
LC/NAF,
NA
NA
.
A
:
F
/
,
.A
(
,
,
,
.)
.
. (1)
ha
;
. (2)
;
. (3)
LC
,
,
,
. (4)
N
CON E
OCLC;
, . .,
:C
.
,
, . .,
.$ E
/
NA
:
NA
:
LC/ CC
,
,
, $ 1903-1976. $ F
, $ 1903-1976. $ F
.
.
A
, . .,
3
.
A
/
.A
4
A
1
E a
:
/245
100 1# $ A
.
,I
.$ E
L
,I
.$ E
L
.$ E
B
October 2023
400 1# $ A
(Va a
add d b ca
a
a
d acc
)
Introd ction 3
DE C I
LC
I E CA AL GI G
c ca a
A
ac c : A
AL 1
A
16, 1999,
ALL
,
/
/
/
.
.
S
a
c d (SAR )
LC
ac c : A
PCC
J
1, 2006, LC
A
.
ac c :
.
,
,
.
C
CC
,
.F
CC
-
(8
)
,
CC
,
.
A
-
, . .,
1
.
A
: 1)
,
,
), 4)
/
, 5)
, 7)
( . .,
,
), 2)
LC
,
, 3)
,
(
,
, 6)
( )
, 8)
/
.A
.C
.
1983,
LC,
,
,
LC
LC
.H
,
A
,
. A
.
( )
.
.A
,
,
;
.
I A
, 2008,
CC
C
-
.
October 2023 Introd ction 4
DE C I
I E CA AL GI G
A
AL 1
.
.P
,
.
SAR
,
-
,
,
.I
.
.
.
S
.C
.E
FRBR
-
.F
,
(380
( . .,
(
MARC 21 046
3
)
)
E
,
).
(
)
.
,
J
ca
acc
.
a
,
046
,
3
046
1
,
670
.
670
.
,
.F
,
"S
B
"
F
,
380
046
3
.
,
670
.
A
a
c a
a
c
A
.N
( . .,
,
)
.
October 2023 Introd ction 5
DESCRIP I E CA ALOGING MAN AL 1
N
.M
.
I
/
1
/
,
.A
LC-PCC PS
RDA
,
(
,
). A
.
C
.
CIP
,
,
.C
,
CIP
NACO
,
;
CIP
,
670
,
.
a a
4
.A
NAR,
LC/NAF
Learning ra e
Costs are in 2010 US dollars as per Lovering et al. [14].
This paper presents evidence of the disruption of a transition from fossil fuels to nuclear po er, and finds the benefits forgone as a
consequence are substantial. Learning rates are presented for nuclear po er in seven countries, comprising 58% of all po er reactors ever
built globall . Learning rates and deplo ment rates changed in the late-1960s and 1970s from rapidl falling costs and accelerating
deplo ment to rapidl rising costs and stalled deplo ment. Historical nuclear global capacit , electricit generation and overnight
construction costs are compared ith the counterfactual that pre-disruption learning and deplo ment rates had continued to 2015. Had the
earl rates continued, nuclear po er could no be around 10% of its current cost. The additional nuclear po er could have substituted for
69,000 186,000 TWh of coal and gas generation, thereb avoiding up to 9.5 million deaths and 174 Gt CO2 emissions. In 2015 alone,
nuclear po er could have replaced up to 100% of coal-generated and 76% of gas-generated electricit , thereb avoiding up to 540,000
deaths and 11 Gt CO2. Rapid progress as achieved in the past and could be again, ith appropriate policies. Research is needed to
identif impediments to progress, and polic is needed to remove them.
2.2. De
e
ae
jec i
To calculate the OCC of nuclear po er in 2015 requires a projection of hat the cumulative global capacit of construction starts ould have
been. Similarl , to calculate the e tra electricit that ould have been generated at the higher deplo ment rates, and the deaths and
emissions that could have been avoided, requires a projection of hat the global capacit of operating reactors ould have been. This
projection assumes that, if not for the disruption, the construction period ould have been five ears 5 and the capacit of po er uprates
and of reactors permanentl shut do n each ear ould have been unchanged from the actual. Three deplo ment rate scenarios ere
anal sed: the actual historical rate and t o projections of earl historical rates.
Ac a
This is the actual historical deplo ment from 1954 to 2015. The cumulative global capacit of construction starts as 486 GW in
2013 [14]; 11 GW as added in 2014 and 2015, making the total 497 GW in 2015. The actual global capacit in operation in 2015 as 383
GW [22] 6.
L ea
The capacit of commercial operation starts peaked at 40 GW in 1985 and averaged 30 GW per ear from 1984 to 1986 [22]. The
capacit in commercial operation in 1985 as 253 GW [26]. The Linear scenario assumes that commercial operation starts continued at 30
GW per ear from 1985 to 2015, and the capacit of po er uprates and reactors permanentl shutdo n each ear as as per the historical
data. (See Appendi A for further e planation of the calculation method and data sources.)
Acce e a
From 1954 to 1976, the capacit of construction starts as accelerating, then slo ed in 1976 (i.e. about 5 to 10 ears after
the reversal points, hich as hen OCC started to increase rapidl ). If the OCC had continued to reduce at the pre-reversal learning rates,
it as assumed the deplo ment rate also ould have continued (all else being equal). A defensible assumption is that the rate continued at
that prevailing from 1960 to 1976. A pol nomial function as fitted to the data points for 1960 to 1976 and projected to 2015. The cumulative
global capacit of commercial operation starts as estimated b subtracting five ears (for the assumed average construction duration) from
the cumulative global capacit of construction starts and subtracting the actual capacit of reactors permanentl shut do n. (See Appendi
A for further e planation).
The Linear and Accelerating scenarios are used to estimate the e tra electricit that ould have been supplied each ear b nuclear
po er from 1985 to 2015 (for the Linear) and from 1980 to 2015 (for the Accelerating) scenarios.
Click here to e pand...
0. 3. Re
a dD c
3.1. Lea i g a e
Figure 2 has a chart for each of the seven countries and one for all seven combined; trendlines ere fitted to the data points before
and after the trend reversal points. The equation for each trendline is sho n on the charts.
6 of 23
Electronic cop available at:
F
N c ea P
e Lea
a d De
e
Ra e : D
a d G ba Be ef
F
e
e 2: OCC (2010 US$/kW) plotted against cumulative global capacit (GW) of nuclear po er reactors, based on construction start
dates; regression lines fitted to points before and after trend reversals.
7 of 23
Electronic cop available at:
N c ea P
e Lea
a d De
e
Ra e : D
a d G ba Be ef
F
e
To compare trends for the seven countries, Figure 3 sho s all the regression lines. Japan and France had the fastest pre-reversal
learning rate; South Korea had a similar rate since it started building reactors in 1972, although it started from a high OCC after the
reversal and initial rapid cost escalation in the other countries.
G ba
C
24% 19% 28% 16% 23% 2%
P e- e e a
P
ec ed OCC a 497 GW $349
$614
$257
$334
$485
$739
N/A
$433
F
e 3: Regression lines for seven countries: OCC plotted against cumulative global capacit of construction starts.
Table 1 lists the learning rates for both periods in each countr for both the cumulative global and the cumulative countr capacit . The
si th column is the reversal point for each countr . The last column is the projected OCC at 497 GW cumulative global capacit if the
pre-reversal learning rates had continued.
Tab e 1: Learning rates for pre-reversal and post-reversal, reversal point and projected overnight construction cost at 497 GW
cumulative global capacit of construction starts.
C
US 23% CA 27% FR 34% DE 28% JP 35% IN 7%
UKRAINE
All 24%
P
- e e a Re e a G ba C
, GW
-94% -102% 32 -23% -20% 64 -28% -10% 64 -82% -62% 64 -56% -35% 100 -54% -8% 100
33% 12% 100 -23% 32
8 of 23
Electronic cop available at:
N c ea P
e Lea
a d De
e
Ra e : D
a d G ba Be ef
F
e
Learning rates are affected b the gro th of cumulative capacit both globall and locall . Follo ing Lovering et al., cumulative global
capacit
as used as the reference. Figure 4 plots the learning rates against the time span of the construction starts for each period in
each countr .
F
e 4: Learning rates pre- and post-reversal points vs time span of construction starts.
Table 1 and Figure 4 sho that, before the reversal, OCC learning rates ere 23% in the US, 27% to 35% in the other countries e cept
India ( here it as 7%), and 24% for all countries combined. At the reversal, learning rates changed abruptl and became negative
(-94% in the US, -82% in German , -23% to -56% in the other countries, e cept in South Korea, and -23% for all seven countries);
South Korea started building nuclear po er plants after the initial rapid cost-escalation period, achieving a 33% learning rate since
1972. The fact that fast learning rates e isted up to about 1970, and in South Korea since, suggests the could be achieved again 9.
The US s post-reversal learning rate as the orst of the seven countries. The reversal occurred t o to four ears later in the other
countries and the real cost increase as not as severe as in the US. This suggests the US ma have negativel influenced the
development of nuclear po er in all seven countries (and probabl all countries). It also sho s that technolog learning and transition
rates can change quickl and disrupt progress, in this case dela ing progress for about half a centur so far.
3.2. De
e
ae a d
jec i
2015
Figure 5 sho s the annual global capacit of construction starts 10 and commercial operation starts from 1954 to 2015 [22]. The
capacit of construction starts as accelerating until about 1970, peaked in 1976, then stalled. The annual capacit of commercial
operation starts peaked in 1985, averaged 30 GW per ear from 1984 to 1986, then declined rapidl and has not recovered. IAEA
9 of 23
Electronic cop available at:
N c ea P
e Lea
a d De
e
Ra e : D
a d G ba Be ef
F
e
[40] sho s grid connections peaked at 31 GW per ear in 1984 and 1985 and declined rapidl thereafter.
1
Lea ning
a e fo
2
Deplo men
a e
3
Ac
4
Linea
p ojec ion
23%
cena io :
al 349
246 Accele a ing 177
27% 34% 28% 35% 7% 24%
F
e 5: Annual global capacit of construction starts and commercial operation starts, 1954 2015.
Figure 6 sho s cumulative global capacit of construction starts and commercial operations starts plotted against time (top panel), and
projections of hat the
ould have been in 2015 if the earl deplo ment rates had continued (bottom panel).
10 of 23
Electronic cop available at:
N c ea P
e Lea
a d De
1
Ac
2
Deplo men
3
Linea
4
3,881 4,000 4,797 5,000 3,676 OCC change f om 2015 ac
e
Ra e : D
a d G ba Be ef
F
e
al OCC
a e
cena io : Ac
al
Accele a ing
al
2,000
4,022
11% 8% 5%
F
e6(
(B
): Cumulative global capacit of construction starts and of commercial operation starts (sorted b construction start date).
): Cumulative global capacit of construction starts (red and green data points); accelerating projection of 1960 1976 data
points (dotted green line); Linear and Accelerating projections of capacit in commercial operation (dashed pink and green lines).
11 of 23
Electronic cop available at:
N c ea P
e Lea
a d De
e
Ra e : D
a d G ba Be ef
F
e
Table 2 summarises the cumulative global capacit of actual and projected construction starts and the capacit in commercial operation
at the end of 2015 for each scenario.
Tab e 2: Actual and projected cumulative global capacit of construction starts and global capacit in commercial operation in 2015 for
the three scenarios.
De
e
a e ce a
Actual
Linear Accelerating
C
c
a
(GW) 497
1,246 2,941
C
e ca
ea
(GW) 383
1,096 2,366
The Linear and Accelerating projections of cumulative global capacit b 2015 in Table 2 represent scenarios calculated on the basis of
the stated deplo ment rate assumptions. The increases in projected cumulative global capacit b 2015 compared ith Actual are large.
It is useful to compare these scenarios ith projections made in the 1970s. For e ample, the Accelerating deplo ment rate projects a
global nuclear capacit of 1,152 GW b 2000. The Workshop on Alternative Energ Strategies (WAES) [12], projected global nuclear
capacit in 2000 at bet een 913 GW and 1,722 GW 11. So the present projection is quite consistent ith the outlook of 40 ears ago.
,$6
,$6
Financial Reporting in Hyperinflationary
Economies
In April 2001 the International Accounting Standards Board adopted IAS 29 Financial
Reporting in Hyperinflationary Economies, which had originally been issued by the
International Accounting Standards Committee in July 1989.
,)56)RXQGDWLRQ
$
,$6
&217(176
IURPSDUDJUDSK
,17(51$7,21$/$&&2817,1*67$1'$5'
),1$1&,$/5(3257,1*,1+<3(5,1)/$7,21$5<
(&2120,(6
6&23(
7+(5(67$7(0(172)),1$1&,$/67$7(0(176
+LVWRULFDOFRVWƂQDQFLDOVWDWHPHQWV
&XUUHQWFRVWƂQDQFLDOVWDWHPHQWV
7D[HV
6WDWHPHQWRIFDVKƃRZV
&RUUHVSRQGLQJƂJXUHV
&RQVROLGDWHGƂQDQFLDOVWDWHPHQWV
6HOHFWLRQDQGXVHRIWKHJHQHUDOSULFHLQGH[
(&2120,(6&($6,1*72%(+<3(5,1)/$7,21$5<
',6&/2685(6
())(&7,9('$7(
)257+(%$6,6)25&21&/86,2166((3$57&2)7+,6(',7,21
%$6,6)25&21&/86,216
$
,)56)RXQGDWLRQ
,$6
International Accounting Standard 29 Financial Reporting in Hyperinflationary
Economies (IAS 29) is set out in paragraphs 1–41. All the paragraphs have equal
authority but retain the IASC format of the Standard when it was adopted by the IASB.
IAS 29 should be read in the context of the Basis for Conclusions, the Preface to IFRS
Standards and the Conceptual Framework for Financial Reporting. IAS 8 Accounting Policies,
Changes in Accounting Estimates and Errors provides a basis for selecting and applying
accounting policies in the absence of explicit guidance.
,)56)RXQGDWLRQ
$
,$6
,QWHUQDWLRQDO$FFRXQWLQJ6WDQGDUG
)LQDQFLDO5HSRUWLQJLQ+\SHULQƃDWLRQDU\(FRQRPLHV
6FRSH
1
This Standard shall be applied to the financial statements, including the
consolidated financial statements, of any entity whose functional currency
is the currency of a hyperinflationary economy.
2
In a hyperinflationary economy, reporting of operating results and financial
position in the local currency without restatement is not useful. Money loses
purchasing power at such a rate that comparison of amounts from
transactions and other events that have occurred at different times, even
within the same accounting period, is misleading.
3
This Standard does not establish an absolute rate at which hyperinflation is
deemed to arise. It is a matter of judgement when restatement of financial
statements in accordance with this Standard becomes necessary.
Hyperinflation is indicated by characteristics of the economic environment of
a country which include, but are not limited to, the following:
(a)
the general population prefers to keep its wealth in non-monetary
assets or in a relatively stable foreign currency. Amounts of local
currency held are immediately invested to maintain purchasing power;
(b)
the general population regards monetary amounts not in terms of the
local currency but in terms of a relatively stable foreign currency.
Prices may be quoted in that currency;
(c)
sales and purchases on credit take place at prices that compensate for
the expected loss of purchasing power during the credit period, even if
the period is short;
(d)
interest rates, wages and prices are linked to a price index; and
(e)
the cumulative inflation rate over three years is approaching, or
exceeds, 100%.
4
It is preferable that all entities that report in the currency of the same
hyperinflationary economy apply this Standard from the same date.
Nevertheless, this Standard applies to the financial statements of any entity
from the beginning of the reporting period in which it identifies the existence
of hyperinflation in the country in whose currency it reports.
1
As part of Improvements to IFRSs issued in May 2008, the Board changed terms used in IAS 29 to be
consistent with other IFRSs as follows: (a) ‘market value’ was amended to ‘fair value’, and (b)
‘results of operations’ and ‘net income’ were amended to ‘profit or loss’.
$
,)56)RXQGDWLRQ
,$6
7KHUHVWDWHPHQWRIƂQDQFLDOVWDWHPHQWV
5
Prices change over time as the result of various specific or general political,
economic and social forces. Specific forces such as changes in supply and
demand and technological changes may cause individual prices to increase or
decrease significantly and independently of each other. In addition, general
forces may result in changes in the general level of prices and therefore in the
general purchasing power of money.
6
Entities that prepare financial statements on the historical cost basis of
accounting do so without regard either to changes in the general level of
prices or to increases in specific prices of recognised assets or liabilities. The
exceptions to this are those assets and liabilities that the entity is required, or
chooses, to measure at fair value. For example, property, plant and equipment
may be revalued to fair value and biological assets are generally required to be
measured at fair value. Some entities, however, present financial statements
that are based on a current cost approach that reflects the effects of changes
in the specific prices of assets held.
7
In a hyperinflationary economy, financial statements, whether they are based
on a historical cost approach or a current cost approach, are useful only if
they are expressed in terms of the measuring unit current at the end of the
reporting period. As a result, this Standard applies to the financial statements
of entities reporting in the currency of a hyperinflationary economy.
Presentation of the information required by this Standard as a supplement to
unrestated financial statements is not permitted. Furthermore, separate
presentation of the financial statements before restatement is discouraged.
8
The financial statements of an entity whose functional currency is the
currency of a hyperinflationary economy, whether they are based on a
historical cost approach or a current cost approach, shall be stated in
terms of the measuring unit current at the end of the reporting period.
The corresponding figures for the previous period required by IAS 1
Presentation of Financial Statements (as revised in 2007) and any information
in respect of earlier periods shall also be stated in terms of the measuring
unit current at the end of the reporting period. For the purpose of
presenting comparative amounts in a different presentation currency,
paragraphs 42(b) and 43 of IAS 21 The Effects of Changes in Foreign Exchange
Rates apply.
9
The gain or loss on the net monetary position shall be included in profit or
loss and separately disclosed.
10
The restatement of financial statements in accordance with this Standard
requires the application of certain procedures as well as judgement. The
consistent application of these procedures and judgements from period to
period is more important than the precise accuracy of the resulting amounts
included in the restated financial statements.
,)56)RXQGDWLRQ
$
,$6
+LVWRULFDOFRVWƂQDQFLDOVWDWHPHQWV
6WDWHPHQWRIƂQDQFLDOSRVLWLRQ
11
Statement of financial position amounts not already expressed in terms of the
measuring unit current at the end of the reporting period are restated by
applying a general price index.
12
Monetary items are not restated because they are already expressed in terms
of the monetary unit current at the end of the reporting period. Monetary
items are money held and items to be received or paid in money.
13
Assets and liabilities linked by agreement to changes in prices, such as index
linked bonds and loans, are adjusted in accordance with the agreement in
order to ascertain the amount outstanding at the end of the reporting period.
These items are carried at this adjusted amount in the restated statement of
financial position.
14
All other assets and liabilities are non-monetary. Some non-monetary items
are carried at amounts current at the end of the reporting period, such as net
realisable value and fair value, so they are not restated. All other
non-monetary assets and liabilities are restated.
15
Most non-monetary items are carried at cost or cost less depreciation; hence
they are expressed at amounts current at their date of acquisition. The
restated cost, or cost less depreciation, of each item is determined by applying
to its historical cost and accumulated depreciation the change in a general
price index from the date of acquisition to the end of the reporting period. For
example, property, plant and equipment, inventories of raw materials and
merchandise, goodwill, patents, trademarks and similar assets are restated
from the dates of their purchase. Inventories of partly-finished and finished
goods are restated from the dates on which the costs of purchase and of
conversion were incurred.
16
Detailed records of the acquisition dates of items of property, plant and
equipment may not be available or capable of estimation. In these rare
circumstances, it may be necessary, in the first period of application of this
Standard, to use an independent professional assessment of the value of the
items as the basis for their restatement.
17
A general price index may not be available for the periods for which the
restatement of property, plant and equipment is required by this
Standard. In these circumstances, it may be necessary to use an estimate
based, for example, on the movements in the exchange rate between the
functional currency and a relatively stable foreign currency.
18
Some non-monetary items are carried at amounts current at dates other than
that of acquisition or that of the statement of financial position, for example
property, plant and equipment that has been revalued at some earlier date. In
these cases, the carrying amounts are restated from the date of the
revaluation.
$
,)56)RXQGDWLRQ
,$6
19
The restated amount of a non-monetary item is reduced, in accordance with
appropriate IFRSs, when it exceeds its recoverable amount. For example,
restated amounts of property, plant and equipment, goodwill, patents and
trademarks are reduced to recoverable amount and restated amounts of
inventories are reduced to net realisable value.
20
An investee that is accounted for under the equity method may report in the
currency of a hyperinflationary economy. The statement of financial position
and statement of comprehensive income of such an investee are restated in
accordance with this Standard in order to calculate the investor’s share of its
net assets and profit or loss. When the restated financial statements of the
investee are expressed in a foreign currency they are translated at closing
rates.
21
The impact of inflation is usually recognised in borrowing costs. It is not
appropriate both to restate the capital expenditure financed by borrowing and
to capitalise that part of the borrowing costs that compensates for the
inflation during the same period. This part of the borrowing costs is
recognised as an expense in the period in which the costs are incurred.
22
An entity may acquire assets under an arrangement that permits it to defer
payment without incurring an explicit interest charge. Where it is
impracticable to impute the amount of interest, such assets are restated from
the payment date and not the date of purchase.
23
[Deleted]
24
At the beginning of the first period of application of this Standard, the
components of owners’ equity, except retained earnings and any revaluation
surplus, are restated by applying a general price index from the dates the
components were contributed or otherwise arose. Any revaluation surplus
that arose in previous periods is eliminated. Restated retained earnings are
derived from all the other amounts in the restated statement of financial
position.
25
At the end of the first period and in subsequent periods, all components of
owners’ equity are restated by applying a general price index from the
beginning of the period or the date of contribution, if later. The movements
for the period in owners’ equity are disclosed in accordance with IAS 1.
26
This Standard requires that all items in the statement of comprehensive
income are expressed in terms of the measuring unit current at the end of the
reporting period. Therefore all amounts need to be restated by applying the
change in the general price index from the dates when the items of income
and expenses were initially recorded in the financial statements.
6WDWHPHQWRIFRPSUHKHQVLYHLQFRPH
,)56)RXQGDWLRQ
$
,$6
*DLQRUORVVRQQHWPRQHWDU\SRVLWLRQ
27
In a period of inflation, an entity holding an excess of monetary assets over
monetary liabilities loses purchasing power and an entity with an excess of
monetary liabilities over monetary assets gains purchasing power to the
extent the assets and liabilities are not linked to a price level. This gain or loss
on the net monetary position may be derived as the difference resulting from
the restatement of non-monetary assets, owners’ equity and items in the
statement of comprehensive income and the adjustment of index linked assets
and liabilities. The gain or loss may be estimated by applying the change in a
general price index to the weighted average for the period of the difference
between monetary assets and monetary liabilities.
28
The gain or loss on the net monetary position is included in profit or loss.
The adjustment to those assets and liabilities linked by agreement to changes
in prices made in accordance with paragraph 13 is offset against the gain or
loss on net monetary position. Other income and expense items, such as
interest income and expense, and foreign exchange differences related to
invested or borrowed funds, are also associated with the net monetary
position. Although such items are separately disclosed, it may be helpful if
they are presented together with the gain or loss on net monetary position in
the statement of comprehensive income.
&XUUHQWFRVWƂQDQFLDOVWDWHPHQWV
6WDWHPHQWRIƂQDQFLDOSRVLWLRQ
29
Items stated at current cost are not restated because they are already
expressed in terms of the measuring unit current at the end of the reporting
period. Other items in the statement of financial position are restated in
accordance with paragraphs 11 to 25.
6WDWHPHQWRIFRPSUHKHQVLYHLQFRPH
30
The current cost statement of comprehensive income, before restatement,
generally reports costs current at the time at which the underlying
transactions or events occurred. Cost of sales and depreciation are recorded at
current costs at the time of consumption; sales and other expenses are
recorded at their money amounts when they occurred. Therefore all amounts
need to be restated into the measuring unit current at the end of the
reporting period by applying a general price index.
*DLQRUORVVRQQHWPRQHWDU\SRVLWLRQ
31
The gain or loss on the net monetary position is accounted for in accordance
with paragraphs 27 and 28.
7D[HV
32
$
The restatement of financial statements in accordance with this Standard may
give rise to differences between the carrying amount of individual assets and
liabilities in the statement of financial position and their tax bases. These
differences are accounted for in accordance with IAS 12 Income Taxes.
,)56)RXQGDWLRQ
,$6
6WDWHPHQWRIFDVKƃRZV
33
This Standard requires that all items in the statement of cash flows are
expressed in terms of the measuring unit current at the end of the reporting
period.
&RUUHVSRQGLQJƂJXUHV
34
Corresponding figures for the previous reporting period, whether they were
based on a historical cost approach or a current cost approach, are restated by
applying a general price index so that the comparative financial statements
are presented in terms of the measuring unit current at the end of the
reporting period. Information that is disclosed in respect of earlier periods is
also expressed in terms of the measuring unit current at the end of the
reporting period. For the purpose of presenting comparative amounts in a
different presentation currency, paragraphs 42(b) and 43 of IAS 21 apply.
&RQVROLGDWHGƂQDQFLDOVWDWHPHQWV
35
A parent that reports in the currency of a hyperinflationary economy may
have subsidiaries that also report in the currencies of hyperinflationary
economies. The financial statements of any such subsidiary need to be
restated by applying a general price index of the country in whose currency it
reports before they are included in the consolidated financial statements
issued by its parent. Where such a subsidiary is a foreign subsidiary, its
restated financial statements are translated at closing rates. The financial
statements of subsidiaries that do not report in the currencies of
hyperinflationary economies are dealt with in accordance with IAS 21.
36
If financial statements with different ends of the reporting periods are
consolidated, all items, whether non-monetary or monetary, need to be
restated into the measuring unit current at the date of the consolidated
financial statements.
6HOHFWLRQDQGXVHRIWKHJHQHUDOSULFHLQGH[
37
The restatement of financial statements in accordance with this Standard
requires the use of a general price index that reflects changes in general
purchasing power. It is preferable that all entities that report in the currency
of the same economy use the same index.
(FRQRPLHVFHDVLQJWREHK\SHULQƃDWLRQDU\
38
When an economy ceases to be hyperinflationary and an entity
discontinues the preparation and presentation of financial statements
prepared in accordance with this Standard, it shall treat the amounts
expressed in the measuring unit current at the end of the previous
reporting period as the basis for the carrying amounts in its subsequent
financial statements.
,)56)RXQGDWLRQ
$
,$6
'LVFORVXUHV
39
40
The following disclosures shall be made:
(a)
the fact that the financial statements and the corresponding figures
for previous periods have been restated for the changes in the
general purchasing power of the functional currency and, as a
result, are stated in terms of the measuring unit current at the end
of the reporting period;
(b)
whether the financial statements are based on a historical cost
approach or a current cost approach; and
(c)
the identity and level of the price index at the end of the reporting
period and the movement in the index during the current and the
previous reporting period.
The disclosures required by this Standard are needed to make clear the basis
of dealing with the effects of inflation in the financial statements. They are
also intended to provide other information necessary to understand that basis
and the resulting amounts.
(IIHFWLYHGDWH
41
$
This Standard becomes operative for financial statements covering periods
beginning on or after 1 January 1990.
,)56)RXQGDWLRQ
UNDERSTANDING THE COMPANY AND ITS ENVIRONMENT, INCLUDING
ITS INTERNAL CONTROL
Thi empla e p o ide an ea
o e fo ma ha can be ed o doc men he a di o
nde anding
of the company and its environment, including its internal control. It is intended that the template would be
used in conjunction with the Institute of Certified Public Accountants in Ireland publication “AUDIT WORK
PAPERS FOR A NOT FOR PROFIT ENTITY ENGAGED IN COMMUNITY DEVELOPMENT ACTIVITIES .
Some example text is included in the template to illustrate the typical type of content that will be included
in the final document. An example document is also included in the above publication to illustrate the
pical con en of a di pape doc men ing he a di o
nde anding of he compan and i
environment, including its internal control. It is envisaged that this document will be a permanent
document that will be updated annually.
It is important that the auditor should amend the template content to reflect the actual audit risk identified
and the planned audit response to these risks. As it is intended that these work papers will be used on
audit assignments of a small company, it is assumed that the auditor will not place reliance on internal
controls and that consequently control risk is high.
Guide to using the work papers
The name of the firm, client, period end, prepared by and reviewed by can be inserted in the page header
and footer and this detail will then appear on each page printed.
In certain sections of the documents we have included a suggested text (in red text) that may be
appropriate in some assignment cases. The user needs to amend this text to suit the actual assignment
situation faced.
November 10, 2011
SUBJECT: Request for Proposal (RFP) SA1301-12-RP-IANA
Dear Potential Offeror:
The United States Department of Commerce (DoC), National Telecommunications and
Information Administration (NTIA) intends to award a contract to maintain the continuity and
stability of services related to certain interdependent Internet technical management functions,
known collectively as the Internet Assigned Numbers Authority (IANA).
The anticipated period of performance of this contract is April 1, 2012
March 31, 2015.
This solicitation utilizes a Statement of Work (SOW). The SOW describes the work in terms of
the required results and reduces the inherent instr ctions regarding ho
to accomplish the
work.
Please send questions regarding the solicitation electronically via email to mdunn@doc.gov. All
written questions must be received no later than 4PM Eastern Standard Time, November 18,
2011.
The closing date for receipt of proposals is 4PM Eastern Standard Time, December 12, 2011.
Thank you in advance and we look forward to reviewing your responses to this RFP!
Best regards
1
SeriesStatementsandSeriesAuthorityRecords
Session10:MultipartMonographs
Summary
Thissessionprovidesinformationaboutwhatmultipartmonographsareandhowtheydifferfromother
monographicseries.Italsooffersguidelinestohelpthecatalogerdecidewhetherornottoanalyzethe
multipartmonograph.
Objectives
Attheendofthissessionyoushouldbeableto:
x Understandwhatamultipartmonographis
x Determinewhethertoanalyzethemultipartmonograph
x UnderstandthedifferencesbetweenAAPsformultipartmonographsandmonographicseries
x Recognizevariousconfigurationsofrecordsformultipartmonographs
SeriesTrainingforPCCParticipants
Session10:MultipartMonographs
TableofContents
DeterminingThattheResourceisaMultipartMonograph......................................................................... 1
DefinitionofMultipartMonograph.......................................................................................................... 1
HowisaMultipartMonographDifferentFromaMonographicSeries?..................................................
1
CluesWhetheraResourceisaMultipartMonographorNot.................................................................. 1
LCͲPCCPS0.0........................................................................................................................................1
TheDecisiontoAnalyzeorNotAnalyze....................................................................................................... 3
RDAInstructionsandLCͲPCCPractice...................................................................................................... 3
BestPractices............................................................................................................................................4
DifferencesinSARs:MultipartMonographsandMonographicSeries........................................................5
Difference#1:MultipartMonographsHaveFewerSARs......................................................................... 5
Difference#2:TheSeriesAuthorizedAccessPointsforMultipartMonographsMoreOftenBeginwith
aCreator(MARCFields100,110,111)..................................................................................................... 5
Difference#3:TreatmentofaResourceBearingTitlesofTwoMultipartMonographs..........................6
Difference#4:InitialismastheTitleProper............................................................................................. 8
Difference#5:008/12............................................................................................................................... 9
Difference#6:020Field............................................................................................................................ 9
Difference#7:MoreFrequentUseofthe640field..................................................................................
9
Difference#8:“Works,”“Selections,”andTranslationswithParallelTexts..........................................10
“Works”...............................................................................................................................................
10
Selections............................................................................................................................................12
TranslationswithParallelTexts.......................................................................................................... 13
ConfigurationsofRecords...........................................................................................................................
15
PossibleConfigurationsofRecords.........................................................................................................
15
MultipartMonographNotAnalyzed...................................................................................................
15
MultipartMonographAnalyzedandClassedasaCollection.............................................................17
MultipartMonographAnalyzedandClassedSeparately...................................................................18
UpdatingtheCollectiveDescription....................................................................................................... 19
PCCStandingCommitteeonTraining
Pagei
December2015
SeriesTrainingforPCCParticipants
Session10:MultipartMonographs
DeterminingThattheResourceisaMultipartMonograph
DefinitionofMultipartMonograph
“Aresourceissuedintwoormoreparts(eithersimultaneouslyorsuccessively)thatis
completeorintendedtobecompletedwithinafinitenumberofparts(e.g.,adictionary
intwovolumes,threeaudiocassettesissuedasaset).” (RDAGlossary)
HowisaMultipartMonographDifferentFromaMonographicSeries?
Unlikeamonographicseries,whichasaserialhasnopredeterminedconclusion,amultipartmonograph
iscompleteorisexpectedtobecompletewithinafinitenumberofparts.Determinationofthisdepends
somewhatonthecataloger’sjudgment,sincethepublishermaynotstatethatfact,andsomemultipart
monographsarepublishedovermanyyears.Seriesthatarecreatedbyaperson(e.g.theNo.1Ladies’
DetectiveAgencynovelsbyAlexanderMcCallSmith)areassumedtobemultipartmonographssincethe
expectationistheywillcometoanendwhenthepersondies,ifnotbefore.
CluesWhetheraResourceisaMultipartMonographorNot
x
x
x
x
Sometimesthepublisherprovidesinformationaboutaplannedendtotheresource
Sometimestheentireresourceor“set”hasitsownISBN;whilethepresenceofanISBNisnota
whollyreliableindicationofaresource’sfinitenature,itisoneclue
Thescopeoftheresourcemaybenarrow,implyingthatanytreatmentofitsscopecouldnot
continueindefinitely
Ifeachpartoftheresourceiscompleteforitsshareofthegeneraltopic,thiscouldimplythat
eventuallyallaspectsofthegeneraltopicwillbecovered
LCǦPCCPS0.0
LCͲPCCPS0.0givessomepracticaladvicefordeterminingifaseriesisamultipartmonographora
monographicseries(i.e.,aserial)
x Frequencyofpublication.
o Doesithaveastatedfrequencyofpublication(e.g.“weekly”)?Ifsoitisprobablyaserial.
o Isthefrequencystatedintermsofeditions?Ifneweditionscomeouteveryoneortwo
yearsitisprobablyamonographicseries;iftheycomeoutlessfrequentlyitisprobably
amultipartmonograph.
o Note:astatedfrequencyisrareforseries.
x Presenceandtypeofnumbering.Bothmonographicseriesandmultipartmonographsmayexist
withorwithoutnumbering.Howeverifthereisnumbering,thetypeofnumberingmaybeaclue
(e.g.doesitincludechronologicaldesignations?)
x Istherenolikelihoodofapredeterminedconclusion?Ifnot,itisprobablyamonographicseries.
PCCStandingCommitteeonTraining
Page1
December2015
SeriesTrainingforPCCParticipants
Session10:MultipartMonographs
TheDecisiontoAnalyzeorNotAnalyze
RDAInstructionsandLCǦPCCPractice
Onceithasbeendeterminedthataresourceisamultipartmonograph,theseconddecisioniswhether
ornottoanalyzeitsparts.RDA2.1.3providesgeneralinstructionsonhowtocreateanalytical
descriptions,butitdoesnotgiveguidanceonwhethertodoso.
LCͲPCCPS2.1.3presentsLCͲPCCpracticeregardinganalysis:
“WhenapublicationthatisapartofaclassifiedͲseparatelymultipartmonographlacksa
titleotherthanthatofthecomprehensivetitleorhasatitlethatisdependentonthe
comprehensivetitle,prepareaseparatebibliographicrecordforthatpublicationorpart,
regardlessofwhetheritisnumberedornot.”
NOTE: IfaPCCinstitutionchoosestoclassifythesamemultipartmonographtogether
asacollection,thisPSwouldnotapply.
LCͲPCCPS2.1.3alsopresentsLCpractice,statingthatLCanalyzesandclassifiesseparatelyallpartsof
monographicseriesandofmultipartmonographswiththeexceptionofthosecategorieslistedinDCM
M5.OtherPCCinstitutionscanmakeotherseriestreatmentdecisions.
PCCStandingCommitteeonTraining
Page3
December2015
SeriesTrainingforPCCParticipants
Session10:MultipartMonographs
BestPractices
Herearesomebestpracticestoconsiderwhendecidingwhetherornottoanalyzeamultipart
monograph.
x DoesthecomprehensivetitleofthemultipartmonographappearonalessͲprominentsource
thandoesthetitleoftheindividualpart?
o Thenprobablyanalyze.
x Isthetitleoftheindividualpartdistinctive?(Pleasenote:thisisnotthesamequestionas,"Does
theindividualparthaveitsowntitle?")
o Thenprobablyanalyze.
TypesofnonͲdistinctivetitles:
x Alphabeticornumericdivision(e.g.,v.1,2;partA,B,C)
x Chronologicalsubdivision(e.g.,years;centuries)
x Alphabeticsubdivisionofcontent(e.g.,AͲL,MͲZ)
x Geographicsubdivision(e.g.,continents;countries)
x Phrasethatomitsessentialpieceofinformationfoundinthemultipartitemtitle(e.g.,"Teeth"
asapartof"Dinosaurrelics")
x Generalterm(e.g.,atlas,glossary)
NOTE: Catalogingagenciesinsomecountrieshaveanationalbibliographyrequirementtomakean
analyticdescriptionforeachpartofamultipartmonograph
PCCStandingCommitteeonTraining
Page4
December2015
SeriesTrainingforPCCParticipants
Session10:MultipartMonographs
DifferencesinSARs:MultipartMonographsandMonographicSeries
Difference#1:MultipartMonographsHaveFewerSARs
AmultipartmonographwillhaveonlyoneSARregardlessofchangesincreatorand/ortitleproper(RDA
2.3.2.12.1andRDA18.4.2.1).Conversely,suchchangesforamonographicseriescouldnecessitate
additionalSARs.
x
x
x
Formultipartmonographs,basetheseriesauthorizedaccesspoint(1XXinSAR)onthefirst
(numbered)orearliest(unnumbered)part(RDA2.1.2.3)
Givesubsequentchangesincreatorand/ortitleproperforlaterpartsas4XXvariantaccess
pointsintheSAR
Updatethedescriptionofamultipartmonographifanearlierpartisreceivedlater(LCͲPCCPS
2.17.13.3)
Example:OnlyoneSARformultipartmonographwithchanges
1001#$aPhillips,Jolene.$tPreschoolvocabularybuildingactivities
430#0$aPreschoolvocabularybuildingactivities
430#0$aPreschoolvocabularyactivities
4001#$aBolling,Diane.$tPreschoolvocabularyactivities
670##$aPhillips,J._______$b(Preschoolvocabularybuildingactivities;v.1)
670##$aPhillips,J._______$b(Preschoolvocabularyactivities;v.3)
670##$aBolling,D._______$b(Preschoolvocabularyactivities;v.4)
670##$aInfofrompublisher$b(JolenePhillipswasauthorofv.1Ͳ3;v.4Ͳ5byDianeBolling)
Difference#2:TheSeriesAuthorizedAccessPointsforMultipartMonographs
MoreOftenBeginwithaCreator(MARCFields100,110,111)
Duetothedifferentnatureofmonographicandserialresources,multipartmonographsmorelikelyto
havepersons,families,corporatebodies(includingconferences)ascreatorsthanaremonographic
series
x Thefollowingtypesofseriescreatedbycorporatebodiesarelikelytobemultipartmonographs
o Collectiveactivityofasingleconference,etc.(RDA19.2.1.1.1c)
o Cartographicmaterials(RDA19.2.1.1.1e)
o Collectivethoughtofbody(RDA19.2.1.1.1b)
PCCStandingCommitteeonTraining
Page5
December2015
SeriesTrainingforPCCParticipants
Session10:MultipartMonographs
Examples:SeriesAAPsformultipartmonographsthatincludeAAPsofcreator
1112#$aPressureVesselsandPipingConference$d(1985:$cNewOrleans,La).$tProceedings
ofthe1985PressureVesselsandPipingConference
1001#Donegan,Beth.$tCookingmadeeasy!
Difference#3:TreatmentofaResourceBearingTitlesofTwoMultipart
Monographs
Iftheresourcebears,inadditiontotheanalyzabletitleofthemanifestation,titlesoftwomultipart
monographs(andisthereforepartofboth),thesetitlesareusuallynottreatedasmainseriesand
subseries(i.e.,asoneentity).Rather,theyaretreatedastwoseparateseries.
Ifthetwotitlespresentontheresourceinadditiontotheanalyzabletitleofthemanifestationrepresent
twomultipartmonographs,LCͲPCCPS2.12.10tellsustoapplyRDA6.27.2todetermineifthetwotitles
aretobetreatedasoneentityorastwoseparateseries(seeexceptionfornonͲdistinctivetitles).
Iftheyaretreatedastwoseparateseries:
x Recordtwoseriesstatements(intwo490fields)inanalyticrecord
x ThepreferredtitleportionoftheseriesAAPforthesmallermultipartisnottreatedasa
subseriesof(i.e.,subordinateto)thelargermultipartitem’sseriesAAP
PCCStandingCommitteeonTraining
Page6
December2015
SeriesTrainingforPCCParticipants
Session10:MultipartMonographs
Example:largerandsmallermultipartitems
Exploring South America’s History
Looking at Brazil’s Past
Volume 13 in a set of 40 volumes
Brazil’s History and its Future
Volume 1 of 2
by _______
__________
2003
seriestitlepage
analytictitlepage
TheanalyticrecordhastwoseriesstatementsandtwoseriesAAPs:oneforthelargerandoneforthe
smallermultipartmonograph:
4901#$aExploringSouthAmerica’shistory;$vvolume13
4901#$aBrazil’shistoryanditsfuture;$vvolume1
830#0$aExploringSouthAmerica’shistory;$vv.13.
830#0$aBrazil’shistoryanditsfuture;$vv.1.
Not:
4901#$aExploringSouthAmerica’shistory;$vvolume13.
490#1$aBrazil’shistoryanditsfuture;$vvolume1
830#0$aExploringSouthAmerica’shistory;$vv.13.
830#0$aExploringSouthAmerica’shistory.$pBrazil’shistoryanditsfuture;$vv.1.
PCCStandingCommitteeonTraining
Page7
December2015
SeriesTrainingforPCCParticipants
Session10:MultipartMonographs
Difference#4:InitialismastheTitleProper
Forsituationsinwhichthesourceofinformationbearsatitleinmorethanoneform,andbothorallof
thetitlesareinthesamelanguageorscript,thegeneralinstructionat2.3.2.5tellsustochoosethetitle
properonthebasisofthesequence,layout,ortypographyofthetitlesonthesourceof
information.Theexceptionforserialsandintegratingresources(alwaystochoosethefullformasthe
titleproperoveranacronymorinitialism,ifbothappearonthepreferredsource)appliesto
monographicseries,butnottomultipartmonographs.Soformultipartmonographs,unlikefor
monographseries,thefullformwillbechosenasthetitleproperoveranacronymorinitialismalso
appearingonthepreferredsourceonlyifthatchoiceisindicatedbythesequence,layoutortypography.
Examples:
Seriestitlepageofamultipartmonograph:
FCI
FloraoftheCanadianIslands
v.15
Titleproperofmultipartmonograph:FCI.
Seriestitlepageofamonographicseries:
AWE
AdvancesinWorldEconomics
v.11
Titleproperofmonographicseries:Advancesinworldeconomics.
PCCStandingCommitteeonTraining
Page8
December2015
SeriesTrainingforPCCParticipants
Session10:MultipartMonographs
Difference#5:008/12
Usecode“b”(formultipartitem),not“a”(formonographicseries).Beespeciallycarefullytoreviewthis,
becausemanycatalogingtemplatesincludecodingforamonographicseries(i.e.,code“a”).
Difference#6:020Field
Formultipartmonographs,ISBNsforthecomprehensivesetcanberecordedintheSAR’s020field.
TheMARC21FormatforAuthorityDataprovidesthisfielddefinitionandscopefortheSAR020:
“InternationalStandardBookNumber(ISBN),termsofavailability,andany
canceled/invalidISBNcopiedfromfield020ofaMARCbibliographicrecordfora
multipartitemthatiscatalogedasaset.”
Difference#7:MoreFrequentUseofthe640field
Formultipartmonographs,field640intheSAR(SeriesDatesofPublicationand/orVolumeDesignation)
isusedmoreoftentorecordtheextentoftheresource.Suchinformationisespeciallyhelpfultoother
catalogerswhenthemultipartisclassifiedseparately,becausetheSARistheonlyplacetorecordthis
information.
PCCpracticeregardingrecordingdatainthe640isstatedinDCMZ1:
“Donotsearchjusttoprovideinformationforthisfield;givetheinformationifitis
availablefromtheiteminhandorincidentallyfromthepublisher.”
Examples:
6401#$aCompletein15v.
6401#$aProjectedin6v.$zv.1,p.316
PCCStandingCommitteeonTraining
Page9
December2015
SeriesTrainingforPCCParticipants
Session10:MultipartMonographs
Difference#8:“Works,”“Selections,”andTranslationswithParallelTexts
Duetothenatureofmultipartmonographs,acatalogermayencountersomethatare1)compilationsof
worksofoneperson,family,orcorporatebodies;and2)translationswithparalleltexts.Thesetypesof
resourceshavespecialinstructionsforwhichLCͲPCCpracticeisstillevolving.
“Works”
FollowinstructionsinRDA6.2.2.10.1:
“RecordtheconventionalcollectivetitleWorksasthepreferredtitleforacompilationof
worksthatconsistsof,orpurportstobe,thecompleteworksofaperson,family,or
corporatebody.”
Differentresourcescontaininganauthor’scompleteworksareconsideredtobethesameaggregate
work.Differentiationbetweenversions,ifnecessary,isdoneattheexpressionlevel.
x
Datein$f
Donotautomaticallyaddadateafter“Works.”ThiswasaNACOpracticeunderAACR2thatwasnot
extendedintoRDA.Inmostcasesanauthor’scompleteworksarenotproducedmorethanonce,andso
thereisnoneedtodifferentiatebetweenversions(expressions).However,ifthereismorethanone
expressionofanauthor’scompleteworks(e.g.variousseparatepublications,ortranslations),use
judgmentindeterminingthemostappropriatequalifier.Consideringtheneedofdatabaseusersto
recognizeanddistinguishbetweenversions,datemightinfactbetheleastappropriatequalifiertous.
However,ifdateisusedasaqualifier,choosetheearliestdateassociatedwiththeexpression.Thiswill
usuallybethedateoftheearliestknownmanifestationoftheversion(RDA6.10.1.1)
Example:
1001#$aGoethe,JohannWolfgangvon,$d1749Ͳ1832.$tWorks.$f1997
643##$aKöln$bKönemann
670##$aDieLeidendesjungenWerthers,1997:$bser.t.p.(JohannWolfgangvonGoethe/
WerkausgabeinzehnBanden/Band1)
x Provisionalcoding
Ifdatehasbeenusedtodistinguishbetweenexpressionsandthedateofthefirstpartofthemultipart
monographisn’tknownbecausetheearliestpartisn’tavailable,codetheSARasprovisionalandupdate
itwhenthefirstpartisavailable.
PCCStandingCommitteeonTraining
Page10
December2015
SeriesTrainingforPCCParticipants
Session10:MultipartMonographs
x Furtherqualification
Ifmorethanonequalifierisneeded,itmaybeadded.
Example:
“Works”(Samepublisherpublishestwoversionsinthesameyear):
1001#$aTwain,Mark,$d1835Ͳ1910.$tWorks$s(WhitingPublishingCompany)
643##$aNewYork$bWhitingPublishingCompany
1001#$aTwain,Mark,$d1835Ͳ1910.$tWorks$s(WhitingPublishingCompany:Annotated
edition)
643##$aNewYork$bWhitingPublishingCompany
4XXVariantaccesspoints
x
FollowspecificinstructionsinLCͲPCCPS6.27.4foralternativeforms.
Example:
1001#$aTwain,Mark,$d1835Ͳ1910.$tWorks.$f1996
430#0$aOxfordMarkTwain.$f1996
4001#$aTwain,Mark,$d1835Ͳ1910.$tOxfordMarkTwain.$f1996
643##$aNewYork$bOxfordUniversityPress
670##$aThe$30,000bequestandotherstories,1996:$bCIPser.t.p.(TheOxfordMarkTwain)
PCCStandingCommitteeonTraining
Page11
December2015
SeriesTrainingforPCCParticipants
Session10:MultipartMonographs
Selections
Forseriesthatconsistofselectionsofthecompleteworksofacreator,follow6.2.2.10.Iftheseriesis
commonlyidentifiedbyaparticulartitle,usethattitleasthepreferredtitlefortheseries.Ifnot,follow
thealternativetoRDA6.2.2.10.3andusethepreferredtitle,“Works.Selections“.Thisconventional
collectivetitleisusedfortwoormoreworks(butnotall)invariousforms.Donotapplyittotwoor
moreworksinoneform,evenifthecreatorisknowntoworkinonlyoneform;insuchcases,$tconsists
oftheform,listedinRDA6.2.2.10.2.
NOTE: “Selections”shouldnotbeusedbyitself(i.e.,in$t),aswaspermissibleunderAACR2.Selections
mayonlybea‘part’ofsomeform,usedin$a.Assuch,itshouldalwaysbecodedas$k.
Unlikethecaseof“Works”,forwhichdifferentversionsaredifferentiatedattheexpressionlevel,
variouscollectionsofselectedworksofanauthor(asrepresentedby“Works.Selections”)willalwaysbe
differentaggregateworks,andso“Works.Selections”shouldbedifferentiatedattheworklevel.
Variouscollectionsofselectedworksofanauthorinaspecificform(e.g.,“Plays”,“Essays”)aredifferent
aggregateworksaswell,andshouldalsobedifferentiatedattheworklevel.
Examples:
Yan,Lianke,ۥd1958ͲۥtWorks.ۥkSelections(Jiangsurenminchubanshe)
Yan,Lianke,ۥd1958ͲۥtWorks.ۥkSelections(Wanjuanchubangongsi)
RuizNegre,Antoni.ۥtPlays.ۥkSelections(ComediasdeAntonioRuizNegre)
RuizNegre,Antoni.ۥtPlays.ۥkSelections(OtrascomediasdeAntonioRuizNegre)
NameAuthorityRecordorSeriesAuthorityRecord?
Becausecatalogerssometimeshaveachoiceofcatalogingmultipartmonographsasacollectedset(with
theauthorizedaccesspointforthemultipartmonographasarelatedwork)orcatalogingthemon
analyticrecords(withanauthorizedaccesspointforthemultipartmonographasaseries),anonͲseries
authorityrecordmayhavebeencreatedforthesamemultipartmonographyounowwanttotreatasa
series.Thiscanhappenwithanyseries.Whatdoyoudo?
x IftheNARyoudiscoverisforthesamemultipartmonographyouarecataloging,reviseittobe
anSAR.Therecordcanthenbeusedtoauthorizetheauthorizedaccesspointeitherasaseries
accesspointinananalyticrecordorasa“name”accesspointinacollectedsetrecord.
x IftheNARisforadifferentmultipartmonograph,addaqualifyingterminsubfield$sinthe
seriesAAPinanewSAR
x Youmayneedtoconsultbibliographicrecordstodeterminewhichoftheabovesituationsyou
have,sincetheNARmaynotprovideenoughinformation(e.g.,nameofpublisher)
PCCStandingCommitteeonTraining
Page12
December2015
SeriesTrainingforPCCParticipants
Session10:MultipartMonographs
Example:
ExistingNAR(thebibliographicrecordhas260:$aDenver$bM.Smith):
1001#$aTwain,Mark,$d1835Ͳ1910.$tWorks.$f2002
ThenewSARforadifferentmultipartmonographpublishedthesameyearneedsadifferent
qualifier:
1001#$aTwain,Mark,$d1835Ͳ1910.$tWorks$s(IngesonPublishingCompany)
643##$aEvanston,IL$bIngesonPublishingCompany
TranslationswithParallelTexts
Whentheoriginalexpressionandonetranslationareinacompilation,giveananalytical
authorizedaccesspointforeachexpression.Ifacompilationcontainstheoriginal
expressionandmorethanonetranslation,giveanalyticalauthorizedaccesspointsfor
theoriginalexpressionandatleastonetranslation.(LCͲPCCPS6.27.3,labeledLC
Practice)
ThisreplacestheAACR2practiceofprovidinguniformtitleswithsubfield$l“[Language]&[Language]”
additions.TheformerAACR2practiceofrecording“Polyglot”in$lisalsonowobsolete.
Followingthisinstruction(LCpractice),thecomprehensivedescriptionforamultipartmonograph
containingatranslationwithparalleltextswouldlooklikethis:
1000#$aDanteAlighieri,ۥd1265Ͳ1321.
24514$aThedivinecomedyofDanteAlighieri.
300##$a3volumes
546##$aEnglishandItalianonfacingpages.
5050#$apart1.Inferno–part2.Purgatorio–part3.Paradiso.
70002$iContainerof(work):$aDanteAlighieri,$d1265Ͳ1321.$tDivinacommedia.
70002$iContainerof(expression):$aDanteAlighieri,$d1265Ͳ1321.$tDivinacommedia.$l
English.
Applicationofthisinstructiontoseriesmeansthatthedifferentlanguageexpressionsoftheseries
shouldbegivenseparateaccesspointsinanalyticrecords.
CurrentLCpractice,asseenintheaboveexample,isnotinfacttorecordanAAPfortheoriginal
expression,butinsteadtofollowAACR2practiceandusetheAAPfortheworktorepresentall
expressionsintheoriginallanguageandtouseanAAPwiththenameofthelanguageaddedto
representallexpressionsinthatlanguage.ThishasneitherbeenacceptednorrejectedasPCCpractice,
thoughitdoesseeminconsistentwithRDAprinciples.However,theLCpracticeisparticularly
PCCStandingCommitteeonTraining
Page13
December2015
SeriesTrainingforPCCParticipants
Session10:MultipartMonographs
problematicinthecaseofseries,whichhaveinthepastandcontinuetoneeddistinguishingfromother
expressionsinthesamelanguage.TheSeriesPolicyTaskGroupthereforerecommendsthatinthecase
ofseries(includingmultipartmonographs),particularexpressionsofworksalwaysbeassignedunique
AAPs(seeRDA6.27.3).Sotheanalyticrecordforpart1oftheDanteexampleabovewouldlooklikethis:
1000#$aDanteAlighieri,$d1265Ͳ1321,$eauthor.
24010$aInferno.$lEnglish$s([nameoftranslatororanotherdistinguishingelement])
24510$aInferno…
4901#$aThedivinecomedyofDanteAlighieri;$vpart1
546##$aTheItaliantextwithanEnglishversetranslation
8000#$aDanteAlighieri,$d1265Ͳ1321.$tDivinacommedia.$lItalian$s([nameofeditoror
anotherdistinguishingelement]);$vpt.1.
8000#$aDanteAlighieri,$d1265Ͳ1321.$tDivinacommedia.$lEnglish$s([nameoftranslatoror
anotherdistinguishingelement]);$vpt.1.
InthiscasetheseriesworkisDante’sDivinaCommedia,amultipartmonograph.TheSeriesPolicyTask
GrouprecommendsthatcatalogerscreateworkͲlevelauthorityrecordformultipartmonographs,and
asmanyexpressionͲlevelauthorityrecords(createdbyaddingthelanguageandothernecessary
distinguishingelementstotheAAPfortheworkͲlevelrecord)asneeded.TheexpressionͲlevelAAPs
wouldbeaddedasappropriatetobibliographicrecords.TheTaskGroupforwardedthisissuetothePCC
StandingCommitteeonStandardsinfall2015forfurtheranalysisandrecommendations.Staytunedto
PCCcommunicationsaboutpolicies.
PCCStandingCommitteeonTraining
Page14
December2015
SeriesTrainingforPCCParticipants
Session10:MultipartMonographs
ConfigurationsofRecords
PossibleConfigurationsofRecords
Thereareseveralpossibleconfigurationsofrecordsforthedifferenttypesofmultipartmonographs,
dependingonwhetherthemultipartisanalyzedandhowthemultipartitemsareclassified.Someofthe
configurationsareexemplifiedonthefollowingpages.
MultipartMonographNotAnalyzed
Formultipartmonographsthatarenotanalyzed,thesearethepossibleapproaches:
x Acomprehensivedescription(i.e.,acollectedsetrecord)
x Sometimes,a505contentsnote
x Noanalyticdescriptions(i.e.,noanalyticrecords)
x CreationofSARisoptional
Example1:
5th International Symposium on
Plasma Chemistry
5th International Symposium on
Plasma Chemistry
Symposium Proceedings
Symposium Proceedings
Volume 1
Volume 2
Titlepageofv.1
Titlepageofv.2
Approach:Collectivedescriptionwithoutacontentsnote:
1112#$aInternationalSymposiumonPlasmaChemistry$n(5th:$d1981:$cEdinburgh,
Scotland)
24510$a5thInternationalSymposiumonPlasmaChemistry...
300##$a2volumes:$billustrations;$c21cm
PCCStandingCommitteeonTraining
Page15
December2015
SeriesTrainingforPCCParticipants
Session10:MultipartMonographs
Example2:
StudiesinMediterraneanArchaeology
Vol.LXXII
ͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲ
SurveyofRockͲCutChamber
TombsinCaria
PART1
SouthͲEasternCariaandthe
LycoͲCarianBorderland
ByPaavoRoos
Göteborg
P.Åströms
1985
Approach:Collectivedescriptionwithacontentsnote:
1001#$aRoos,Paavo.
24510$aSurveyofrockͲcutchambertombsinCaria/$cbyPaavoRoos.
264#1$aGöteberg:P.Åstroms,1985Ͳ
4901#$aStudiesinMediterraneanarcheology;$vvol.LXXII
5051#$apt.1.SouthͲeasternCariaandtheLycoͲCarianborderland.
830#0$aStudiesinMediterraneanarcheology;$vv.72.
PCCStandingCommitteeonTraining
Page16
December2015
SeriesTrainingforPCCParticipants
Session10:MultipartMonographs
MultipartMonographAnalyzedandClassedasaCollection
Formultipartmonographsthatareanalyzedandclassedasacollection,thesearethepossible
approaches:
x Comprehensivedescription(i.e.,acollectedsetrecord)
x 505contentsnote
x Analyticdescriptions(i.e.,analyticrecords)
x SARoptionalforPCC(unlesstheauthorizedaccesspointfortheseriesisrecordedin8XX)
Example:
HANDBOOKOF
CHEMICALNEUROANATOMY
Volume1:
MethodsinChemical
Neuroanatomy
Göteborg
P.Åströms
1985
Approach:Threerecords:SAR,Analyticdescription,Comprehensivedescription:
SAR:
130#0$aHandbookofchemicalneuroanatomy
642##$av.1$5DLC
644##$af$5DLC
646##$ac$5DLC
Analyticdescription:
24500$aMethodsinchemicalneuroanatomy...
4901#$aHandbookofchemicalneuroanatomy;$vvolume1
830#0$aHandbookofchemicalneuroanatomy;$vv.1.
Comprehensivedescription:
24500$aHandbookofchemicalneuroanatomy...
5051#$avolume1.Methodsinchemicalneuroanatomy.
PCCStandingCommitteeonTraining
Page17
December2015
SeriesTrainingforPCCParticipants
Session10:MultipartMonographs
MultipartMonographAnalyzedandClassedSeparately
Formultipartmonographsthatareanalyzedandclassedseparately,thesearethepossibleapproaches:
x Analyticdescriptions(i.e.,analyticrecords)
x SARoptionalforPCC(unlesstheauthorizedaccesspointfortheseriesisrecordedin8XX)
Example:
THESOLARSYSTEM
Volume4:
TheMysteriesofMars
ByKentJacobsson
[city
publisher]
[date]
Approach:Tworecords:SAR,Analyticdescription:
SAR:
130#0$aSolarsystem
642##$av.4$5DLC
644##$af$5DLC
646##$as$5DLC
Analyticdescription:
1001#$aJacobsson,Kent.
24514$aThemysteriesofMars...
4901#$aThesolarsystem;$vvolume4
830#0$aSolarsystem;$vv.4.
PCCStandingCommitteeonTraining
Page18
December2015
SeriesTrainingforPCCParticipants
Session10:MultipartMonographs
UpdatingtheCollectiveDescription
Ifthemultipartmonographisclassedasacollectionandacomprehensivebibliographicdescription(i.e.
acollectedsetrecord)exists,addand/orupdatethefollowinginformationonthecomprehensive
descriptionaslaterpartsarereceived:
x 020
x 246forchangesintitleproper
x 264$c–and008Dates
x 300$a
x 362ifyouhaveinformationaboutthebeginningdate
x 4XX/8XXsubfield$vifthemultipartmonographisinaseries
x 505
x 5XX/7XXforchangesintheresponsibleperson,family,orbody
Example:
24500$aFloraandfaunainthecentralUnitedStates/$cMidwesternBiologicalSociety.
2460#$iVolumes3Ͳ7havetitle:$aMidwesternfloraandfauna
264#1$aAmes,Iowa:$bRLPPublishingCompany,$c1999Ͳ2004.
300##$a7volumes:$billustrations;$c29cm.
4901#$aMidwesternbiologicalpublications;$vv.13Ͳ14,22,25Ͳ28
550##$aVolumes1Ͳ4issuedbytheMidwesternBiologicalSociety;volumes5Ͳ7bytheSociety
forMidwesternBiology.
5050#$a________________________
7102#$aMidwesternBiologicalSociety.
7102#$aSocietyforMidwesternBiology.
830#0$aMidwesternbiologicalpublications;$vv.13Ͳ14,22,25Ͳ28.
PCCStandingCommitteeonTraining
Page19
December2015
LAW ENFORCEMENT REQUEST FOR EMERGENCY DISCLOSURE OF ATLASSIAN
CUSTOMER INFORMATION
Please complete the form below in detail to assist Atlassian in evaluating whether to disclose
customer information pursuant to 18 U.S.C. § 2702(b)(8) and § 2702(c)(4) and send this form to
lawenforcement@atlassian.com.
Requesting Law Enforcement Agency
Agency Name
City/State/Province/Country
Phone Number
Requesting Officer
Officer Name
Title/Rank/Badge ID
Email Address
Phone Number
The undersigned law enforcement official hereby requests that Atlassian voluntarily disclose the
customer information requested below based upon the provisions of 18 U.S.C. § 2702.
Specifically, the undersigned hereby represents that there is an emergency involving danger of
death or serious physical injury to a person that requires disclosure without delay of information
relating to the emergency.
The undersigned law enforcement official provides the following information to assist Atlassian
in forming a good faith belief that disclosure of the customer information requested is warranted.
1. What is the nature of the emergency
involving death or serious physical injury?
2. Whose death or serious physical injury is
threatened?
3. What is the imminent nature of the
threat? Please provide information that
suggests there is a specific deadline before
which it is necessary to receive the
requested information and/or that suggests
there is a specific deadline on which the act
stated in response to Question 1 will occur
(e.g., tonight, tomorrow at noon).
4. What specific information are you
requesting from Atlassian? Please identify
the relevant Atlassian products and
accounts (by name, address, email address,
etc.).
5. Please explain how the information you
are requesting will assist in averting the
specified emergency.
ATTESTATION
The undersigned affirms that this request is
made solely as a result of an emergency
involving danger of death or serious physical
injury to a person; that this emergency
requires disclosure without delay of the
accounts (by name, address, email address,
etc.).
5. Please explain how the information you
are requesting will assist in averting the
specified emergency.
ATTESTATION
The undersigned affirms that this request is
made solely as a result of an emergency
involving danger of death or serious physical
injury to a person; that this emergency
requires disclosure without delay of the
information sought above; and that the
information sought relates to the emergency.
The undersigned affirms that the information
shall not be obtained, shared, or disseminated
for any unlawful or harmful purpose.
Signature of Requesting Officer
Date
Atlassian’s Technical and Organisa2onal Security Measures
Introduc2on
Security is an essen-al part of Atlassian’s offerings. This page describes Atlassian’s security program, cer-fica-ons, policies, and physical,
technical, organiza-onal and administra-ve controls and measures to protect Customer Data from unauthorized access, destruc-on, use,
modifica-on or disclosure (the “Security Measures“). The Security Measures are intended to be in line with the commonly-accepted
standards of similarly-situated soHware-as-a-service providers (“industry standard“), including NIST 800-53 controls.
Any capitalized terms used but not defined have the meanings set out in the Agreement or the Data Processing Addendum. Further
details on Atlassian’s security posture can be found in our Trust Center and Compliance Resource Center.
1.
Access Control
Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for the appropriate
access control and protec-on of Customer Data, which include:
•
•
•
•
•
•
•
•
2.
Access management policy addressing access control standards, including the framework and the principles for user
provisioning.
Designated cri-cality -ers based on a Zero Trust Model architecture, including the requirements for mul--factor authen-ca-on
on higher--er services.
User provisioning for the access to Atlassian systems, applica-ons and infrastructure based on the relevant job role and on the
least privilege principle that is enforced through the authen-ca-on processes.
Strict role-based access controls for Atlassian staff, allowing access to Customer Data only on a need-to-know basis.
Segrega-on of du-es including but not limited to (i) access controls reviews, (ii) HR-applica-on managed security groups, and
(iii) workflow controls.
A prior approval of all user accounts by Atlassian’s management before gran-ng access to data, applica-ons, infrastructure, or
network components based on the data classifica-on level; regular review of access rights as required by relevant role.
Use of technical controls such as virtual private network (VPN) and mul--factor authen-ca-on (MFA) where relevant based on
informa-on classifica-on and Atlassian‘s Zero Trust Model architecture.
Centrally managed mobile device management (MDM) solu-on, including defined lockout periods and posture checks for
endpoints and mobile devices.
Awareness and Training
Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for conduc-ng
appropriate trainings and security awareness ac-vi-es, which include:
•
•
•
•
•
•
•
3.
Extensive awareness training on security, privacy, and compliance topics for all employees at induc-on and annually, u-lizing
diverse formats (online, in-person, and pre-recorded sessions, phishing simula-ons).
Targeted role-specific training for employees with elevated privileges to address relevant risks and enhance their specific
knowledge base.
Maintaining of all training records in a designated learning management system.
An automated reminder for training deadlines, with a built-in escala-on process to respec-ve managers.
Con-nuous security awareness trainings (extending to contractors and partners), covering current threats and best security
prac-ces.
Secure coding trainings by security champions embedded within engineering teams.
Annual mandatory security trainings and events to reinforce security principles through different ac-vi-es, emphasizing the
collec-ve responsibility for security.
Audit and Accountability
Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for proper audi-ng and
accountability purposes, which include:
•
•
•
•
Comprehensive logging standards as part of Atlassian's policy management framework, with annual reviews and senior
management approvals.
Secure forwarding and storage of relevant system logs to a centralized log plaaorm of the cloud infrastructure with read-only
access.
Monitoring of security audit logs to detect unusual ac-vity, with established processes for reviewing and addressing anomalies.
Regular updates to the logging scope of informa-on and system events for Cloud Products and related infrastructure in order
to address new features and changes.
1
•
4.
U-lizing -me sync services from relevant cloud service providers (e.g. AWS or MicrosoH Azure) for reliable -mekeeping across
all deployed instances.
Assessment, Authorisation and Monitoring
Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for consistent system
monitoring and security assessments, which include:
•
•
•
•
•
•
•
•
5.
Extensive audit and assurance policies with annual reviews and updates.
A centralized internal policy program categorising the global policies into different domains including annual review, and senior
management approval of the program.
Audit management encompassing the planning, risk analysis, security control assessment, conclusion, remedia-on schedules,
and review of past audit reports.
Internal and independent external audits conduc-ng annual evalua-ons of legal and contractual requirements, as well as
effec-veness of controls and processes to validate compliance.
Ongoing verifica-on of compliance against relevant standards and regula-ons, e.g. ISO 27001 or SOC 2.
Systema-cally addressing any nonconformi-es found through audit findings taking into account the root-cause analysis,
severity ra-ng, and correc-ve ac-ons, all documented and tracked me-culously.
Annual penetra-on tes-ng on Products and proac-ve bug bounty programs for the detec-on and mi-ga-on of vulnerabili-es.
Con-nuous vulnerability scanning, with iden-fied vulnerabili-es remediated in line with Atlassian's policy.
Configuration Management
Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for appropriate
configura-on management, which include:
•
•
•
•
•
•
•
•
•
6.
Change management policies covering the risk management for all internal and external asset changes, reviewed annually.
Standard procedures for change management applicable to encryp-on and cryptography for the secure handling of data (e.g.
encryp-on keys) according to its security classifica-on.
A centralized internal policy program categorising the global policies into different domains including annual review, and senior
management approval of the program.
Stringent policies encompassing (i) encryp-on, (ii) cryptography, (iii) endpoint management, and (iv) asset tracking inline with
industry standards.
Established baselines and standards for change control that require tes-ng documenta-on prior to implementa-on and
authorized approval.
A peer review and green build process requiring mul-ple reviews and successful tes-ng for produc-on code and infrastructure
changes.
A strict post-implementa-on tes-ng and approval process for emergency changes to the code.
Comprehensive automated system supplemented by an Intrusion Detec-on System (IDS), managing and protec-ng against
unauthorized changes.
Me-culous cataloguing and tracking of all physical and logical assets with annual reviews ensuring up-to-date asset
management.
Contingency Planning
Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for appropriate
con-ngency planning for business con-nuity and disaster recovery purposes, which include:
•
•
•
•
•
•
•
•
A skilled workforce and robust IT infrastructure, including telecommunica-ons and technology essen-al for Product delivery.
Business con-nuity and disaster recovery plans (“BCDR Plans”) including defined recovery -me objec-ves (RTOs) and recovery
point objec-ves (RPOs).
Business con-nuity plans encompassing data storage and con-nuity of use, reasonably designed to prevent interrup-on to
access and u-liza-on.
Geographic diversity as a result of our global workforce and cloud infrastructure.
Reinforcing business opera-ons through resilience controls, such as daily backups, annual restora-on tes-ng, and alterna-ve
cloud infrastructure storage sites.
A resilience framework and procedures for response and remedia-on of cyber events to maintain business con-nuity.
Quarterly disaster recovery tests and exercises to enhance the response strategies, with post-test analyses for con-nuous
improvement in line with the applicable BCDR Plans.
Con-nuous capacity management across Products, with internal monitoring and adjustments to maintain service availability
and processing capacity, for example (distributed) denial-of-service akack (DDoS) mi-ga-on for Cloud Products and related
infrastructure.
2
•
•
7.
A centralized internal policy program for annual reviews and updates of all global policies related to business con-nuity.
Robust backup protocols, including (i) data encryp-on, (ii) redundancy across data centers, and (iii) regular tes-ng to bolster
con-ngency planning.
Identification and Authentication
Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for appropriate
iden-fica-on and authen-ca-on purposes which include:
•
•
•
•
•
8.
Employee iden-fica-on uniquely through ac-ve directory, u-lising single sign-on (SSO) for applica-on access.
U-lising of MFA for secure access, specifically for VPN and applica-on launch via SSO based on Atlassian’s Zero Trust Model
architecture.
Password policies following the NIST 800-63B guidelines, focusing on the security aspects of password crea-on and
management.
Ensuring the security of stored creden-als using advanced encryp-on methods, e.g. password and secret management systems.
Documented approvals, regular reviews of users and accounts, and automa-c syncs between the relevant iden-ty system and
HR systems to maintain the integrity and accuracy of iden-fica-on data.
Security Incident Response
Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for appropriate Security
Incident response purposes, which include:
•
•
•
•
•
•
•
•
•
9.
Security Incident response plans emphasizing preparedness, containment, eradica-on and recovery, as well as focus on data
protec-on and other regulatory requirements.
Dedicated cross-func-onal teams handling Security Incidents, ensuring effec-ve communica-on and collabora-on, including
well-defined processes for triaging security events.
Regular tes-ng of response plans with established metrics to track and improve Security Incident management effec-veness.
Annual reviews of company-wide incident response plans and policies to reflect and share current best prac-ces across the
company.
Post-incident review (PIR) with root cause analysis conducted for high-severity Security Incidents, focusing on systemic
improvements and learning.
Incident response procedures and plans embedded in cri-cal business processes to minimize down-me and security risks.
Published system availability informa-on to aid in Security Incident handling and repor-ng at hkps://status.atlassian.com/, and
hkps://www.loomstatus.com/, as applicable.
The ability for Customer to report incidents, vulnerabili-es, bugs, and issues, ensuring prompt aken-on to concerns related to
system defects, availability, security, and confiden-ality.
Commitment to Customer no-fica-on of the Security Incident without undue delay under Atlassian’s Data Processing
Addendum, including the obliga-on to assist the Customer with necessary informa-on for compliance with Applicable Data
Protec-on Laws.
Maintenance
Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for con-nued
effec-veness of its Cloud Products, which include:
•
•
•
10.
Regular tes-ng of BCDR Plans with quarterly evalua-ons, validated by external auditors.
Real--me monitoring of the availability of mul-ple regions with performing of regular tests for infrastructure availability and
reliability.
Measures outlined in Sec-on 4 (Assessment, Authorisa-on and Monitoring), Sec-on 6 (Con-ngency Planning) and Sec-on 18
(System and Communica-ons Protec-on).
Media Protection
Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces to ensure the
protec-on of media (internal and external), which include:
•
•
•
Using reliable 3rd party services (e.g. MicrosoH Azure or AWS) to operate the physical infrastructure for processing Customer
Data as a Sub-processor.
Sani-za-on and degaussing of used equipment by the 3rd party cloud service providers, including hard drives with Customer
Data in line with industry standards (e.g. ISO 27001).
Full disk encryp-on using industry standards (e.g. AES-256) employed for data drives on servers and databases storing Customer
Data, and on endpoint devices.
3
•
•
11.
Internal bring your own device (BYOD) policy ensuring access to Customer Data is only possible via secure and compliant
devices; restric-ng the access with technical controls (e.g. VPN) for all devices following Atlassian’s Zero Trust Model
architecture.
Unakended workspaces are required to have no visible confiden-al data, aligning with the secure workplace guidance.
Physical and Environmental Protection
Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for the physical and
environmental protec-on of Customer Data, which include:
•
•
•
•
•
•
12.
A safe and secure working environment with controls implemented globally at Atlassian's offices.
Employing badge readers, camera surveillance, and -me-specific access restric-ons for enhanced security.
Implemen-ng and maintaining access logs at office buildings for inves-ga-ve purposes.
Mul-ple compliance cer-fica-ons and robust physical security measures, including biometric iden-ty verifica-on and onpremise security, implemented by 3rd party data center providers.
Controlled access points and advanced surveillance systems as well as protec-ve measures for power and telecommunica-on
cables, alongside with environmental control systems, implemented by 3rd party data center providers.
Posi-oning cri-cal equipment in low-risk environmental areas for added safety (both by Atlassian and its 3rd party data center
providers).
Planning
Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for appropriate
planning of business opera-ons, which include:
•
•
•
•
13.
Ac-ve monitoring and documenta-on by legal and compliance teams on regulatory obliga-ons.
A detailed system security plan with comprehensive documenta-on on system boundaries and product descrip-ons.
Communica-on to internal users and customers about significant changes to key products and services.
Periodic reviews and updates of the security management program.
Program Management
Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for appropriate
program management, which include:
•
•
•
•
•
•
•
•
•
•
14.
Suppor-ng the security management program at the execu-ve level, encompassing all security-related policies and prac-ces.
Documented informa-on security policies, including (i) defined roles, (ii) risk mi-ga-on, and (iii) service provider security
management program.
Periodic risk assessments of systems processing Customer Data, with prompt reviews of Security Incidents for correc-ve ac-on.
Formal security controls framework aligning to standards such as SOC 2, ISO27001, and NIST 800-53.
Processes for iden-fying and quan-fying security risks, with mi-ga-on plans approved by the Chief Trust Officer and regular
tracking of implementa-on.
Comprehensive and diverse approach to security tes-ng to cover a wide range of poten-al akack vectors.
Regular review, tes-ng and upda-ng of the security management program (annually, at a minimum).
Development program for security staff with regular trainings; organiza-onal chart that delinea-ng roles and responsibili-es.
Serng and review of strategic opera-onal objec-ves by the execu-ve management.
Annual review of the Enterprise Risk Management (ERM) framework, including the risk management policy, risk assessments,
and fraud risk assessments, by the Head of Risk and Compliance.
Personnel Security
Atlassian has implemented and will maintain a comprehensive set of formal policies, controls and prac-ces for the security of all
Atlassian’s employees who have access to Customer Data, which include:
•
•
•
•
•
Pre-hire background checks, including criminal record inquiries, especially thorough for senior execu-ve and accoun-ng roles
to the extent permissible under applicable local laws.
An extensive onboarding process including confiden-ality agreements, employment contracts, and acknowledgement of
various policies and codes of conduct.
Global and local employment policies, maintained and reviewed annually.
Processes for role changes and termina-ons including automa-c de-provisioning and checklists for employee exits, with
managerial approval required for re-provisioning the access.
Ongoing security and compliance training for employees, with targeted training for specific roles and the presence of security
champions in teams.
4
•
•
15.
Hos-ng of annual security awareness month to reinforce security educa-on and celebrate achievements in maintaining
organiza-onal security.
Established disciplinary processes to manage viola-ons of Atlassian's policies.
Personal Data Processing and Transparency
Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for the compliance of
personal data processing in line with Applicable Data Protec-on Laws, which include:
•
•
•
•
•
•
•
•
16.
A global privacy compliance program for reviewing and adap-ng to data protec-on laws including necessary safeguards and
processes.
Maintaining an internal personal data processing policy with clear defini-ons of personal data categories, processing purposes,
and processing principles.
Detailed standards for processing of various categories of personal data covering the topics such as processing principles,
applicable legal basis, reten-on, destruc-on etc.
An established method to create pseudonymised data sets using industry standard prac-ces and appropriate technical and
organisa-onal measures governing the systems capable of remapping pseudonymous iden-fiers.
Transparent privacy policies for its users and customers, as well as internal guidelines for employees.
Comprehensive compliance documenta-on, including but not limited to (i) processing ac-vi-es, (ii) privacy impact
assessments, (iii) transfer impact assessments, (iv) consents, and (v) data processing agreements with customers and vendors.
Secure development prac-ces across all development lifecycle stages, focusing on security and data protec-on from the ini-al
design phase.
Respec-ng the individual’s rights to access, correct, and delete their personal data in line with relevant data protec-on laws.
Risk Assessment
Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for a robust Informa-on
Security Management System, which include:
•
•
•
•
•
17.
A comprehensive risk management program for iden-fying, assessing, and addressing various risks to support informed risk
management decisions.
A policy program aligning company-wide policies with ISO 27001 and other relevant standards to mi-gate associated risks.
Con-nuous security tes-ng, including (i) penetra-on tests, (ii) bug boun-es, and (iii) proac-ve threat mi-ga-on.
Processes and metrics for repor-ng vulnerability management ac-vi-es.
Thorough security evalua-ons, including independent external and internal audits.
System and Services Acquisition
Atlassian has implemented and will maintain a structured, security-centric methodology for the system development, maintenance,
and change management, which include:
•
•
•
•
•
•
•
•
•
18.
An agile secure soHware development life cycle for the adaptability, and efficiency, as well as thorough review and
documenta-on of system and infrastructure changes.
Secure, standardized applica-on deployment with automated processes for system configura-on changes and deployment.
Defined development process with peer-reviewed pull requests and mandatory automated tests prior to merging.
Segregated responsibili-es for change management among designated employees.
Emergency change processes, including "break glass" procedures, ensuring readiness for rapid response during cri-cal
incidents.
Robust compliance serngs in Atlassian’s source code and deployment systems (e.g. Bitbucket Cloud) preven-ng unauthorized
altera-ons.
Clear documenta-on and monitoring of all configura-on changes, with automa-c alerts for non-compliance or altera-ons in
peer review enforcement.
Strict controls over modifica-ons to vendor soHware.
Regular scanning and updates of third-party or open-source libraries as well as ongoing scanning of the code base.
System and Communications Protection
Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for system and
communica-on protec-on which include:
•
•
Cryptographic mechanisms to safeguard sensi-ve informa-on stored and transmiked over networks, including public internet,
using reliable and secure encryp-on technologies.
Encryp-on of Customer Data at rest and in transit using TLS 1.2+ with Perfect Forward Secrecy (PFS) across public networks.
5
•
•
•
•
•
•
19.
Zone restric-ons and environment separa-on limi-ng connec-vity between produc-on and non-produc-on environments.
Con-nuous management of worksta-on assets including (i) security patch deployment, (ii) password protec-on, (iii) screen
locks, and (iv) drive encryp-on through asset management soHware.
Restric-ng access to only known and compliant devices enrolled in the MDM plaaorm, adhering to the principles of Zero Trust
Model architecture.
Maintaining firewalls at corporate edges for both plaaorm and non-plaaorm hosted devices for addi-onal layers of security.
Network and host defense including opera-ng system hardening, network segmenta-on, and data loss preven-on
technologies.
Established measures to ensure Customer Data is kept logically segregated from other customers' data.
System and Information Integrity
Atlassian has implemented and will maintain formally established policies and prac-ces that include the following controls and
safeguards relevant for system and informa-on integrity, in par-cular:
•
•
•
•
•
•
•
20.
Ongoing vulnerability scans to ensure prompt iden-fica-on and remedia-on of vulnerabili-es.
Adherence to stringent data disposal protocols in line with applicable laws, reasonably ensuring that data from storage media
is irrecoverable post-sani-za-on.
Strict policies to prevent the use of produc-on data in non-produc-on environments, ensuring the data integrity and
segrega-on.
Centrally managed, read-only system logs; monitoring for Security Incidents; reten-on policies aligned with security best
prac-ces.
Managing endpoint compa-bility with systems and applica-ons, enhancing network security and reliability.
Deploying an--malware strategies on the relevant infrastructure and Atlassian devices for robust protec-on against malware
threats with regular updates to malware protec-on policies and detec-on tools.
Unique iden-fiers and token-based access control ensure logical isola-on and secure, limited access to Customer Data.
Supply Chain Risk Management
Atlassian has implemented and will maintain formally established policies and prac-ces for supply chain risk management, which
include:
•
•
•
•
•
•
•
A formal framework for managing vendor rela-onships, aligning the security, availability, and confiden-ality standards of
suppliers throughout their lifecycle.
A robust third party risk management (TPRM) assessment process including risk assessments, due diligence, contract
management, and ongoing monitoring of all third par-es
Dedicated teams, including legal, procurement, security, and risk departments for the review of contracts, SLAs, and security
measures to manage risks related to security and data confiden-ality.
Func-onal risk assessments for suppliers before onboarding and periodically, based on risk levels, with revisions during policy
renewals or significant rela-onship changes.
An inventory of all suppliers detailing ownership and risk levels associated with the services provided to Atlassian.
Yearly review of audit reports (e.g. SOC 2) and regular reviews of IT governance policies and security assessments of supply
chain to ensure controls are both, appropriate and effec-vely compliant.
Measures to secure third-party endpoints, focusing on compliance monitoring and selec-ve restric-ons based on the mobile
& bring your own device policy.
6
Atlassian Data Processing Addendum
Effec%ve star%ng: the earlier of (i) October 6, 2024 and (ii) the date the Atlassian Intelligence and Rovo Product-Specific Terms are effec%ve.
This Data Processing Addendum (“DPA”) supplements the Atlassian Customer Agreement, or other agreement in place between Customer
and Atlassian covering Customer’s use of Atlassian’s Products and related Support and Advisory Services (the “Agreement”). Unless otherwise
defined in this DPA or in the Agreement, all capitalized terms used in this DPA will have the meanings given to them in SecGon 9 of this DPA.
1.
Scope and Term.
1.1. Roles of the ParGes.
(a)
Customer Personal Data. Atlassian will Process Customer Personal Data as Customer’s Processor in accordance
with Customer’s instrucGons as outlined in SecGon 2.1 (Customer InstrucGons).
(b)
(c)
(d)
Atlassian Account Data. Atlassian will Process Atlassian Account Data as a Controller for the following purposes:
(i) to provide and improve the Products; (ii) to manage the Customer relaGonship (communicaGng with Customer
and Users in accordance with their account preferences, responding to Customer inquiries and providing technical
support, etc.), (iii) to facilitate security, fraud prevenGon, performance monitoring, business conGnuity and
disaster recovery; and (iv) to carry out core business funcGons such as accounGng, billing, and filing taxes.
Atlassian Usage Data. Atlassian will Process Atlassian Usage Data as a Controller for the following purposes: (i) to
provide, opGmize, secure, and maintain the Products; (ii) to opGmize user experience; and (iii) to inform Atlassian’s
business strategy.
DescripGon of the Processing. Details regarding the Processing of Personal Data by Atlassian are stated in Schedule
1 (DescripGon of Processing).
1.2. Term of the DPA. The term of this DPA coincides with the term of the Agreement and terminates upon expiraGon or earlier
terminaGon of the Agreement (or, if later, the date on which Atlassian ceases all Processing of Customer Personal Data).
1.3. Order of Precedence. If there is any conflict or inconsistency among the following documents, the order of precedence is: (1)
the applicable terms stated in Schedule 2 (Region-Specific Terms including any transfer provisions); (2) the main body of this
DPA; and (3) the Agreement.
2.
Processing of Personal Data.
2.1. Customer InstrucGons. Atlassian must Process Customer Personal Data in accordance with the documented lawful instrucGons
of Customer as stated in the Agreement (including this DPA) and respecGve Orders, as necessary to (i) provide the Products
and related Support and Advisory Services to Customer and enable the use of various features and funcGonaliGes in
accordance with the DocumentaGon (including as directed by Users through the Cloud Products), (ii) invesGgate Security
Incidents and enforce the Acceptable Use Policy (e.g. enforce the prohibiGon on illegal content such as child sexual abuse
material), or (iii) comply with its legal obligaGons. Atlassian will noGfy Customer if it becomes aware, or reasonably believes,
that Customer’s instrucGons violate Applicable Data ProtecGon Law.
2.2. ConfidenGality. Atlassian must treat Customer Personal Data as Customer’s ConfidenGal InformaGon under the Agreement.
Atlassian must ensure personnel authorized to Process Personal Data are bound by wriVen or statutory obligaGons of
confidenGality.
3.
Security.
3.1. Security Measures. Atlassian has implemented and will maintain appropriate technical and organizaGonal measures designed
to protect the security, confidenGality, integrity and availability of Customer Data and protect against Security Incidents.
Customer is responsible for configuring the Products and using features and funcGonaliGes made available by Atlassian to
maintain appropriate security in light of the nature of Customer Data. Atlassian’s current technical and organizaGonal
measures are described here. Customer acknowledges that the Security Measures are subject to technical progress and
development and that Atlassian may update or modify the Security Measures from Gme to Gme, provided that such updates
and modificaGons do not materially decrease the overall security of the Cloud Products during a SubscripGon Term.
3.2. Security Incidents. Atlassian must noGfy Customer without undue delay and, where feasible, no later than seventy-two (72)
hours a[er becoming aware of a Security Incident. Atlassian must make reasonable efforts to idenGfy the cause of the Security
Incident, miGgate the effects and remediate the cause to the extent within Atlassian’s reasonable control. Upon Customer’s
request and taking into account the nature of the Processing and the informaGon available to Atlassian, Atlassian must assist
Customer by providing informaGon reasonably necessary for Customer to meet its Security Incident noGficaGon obligaGons
under Applicable Data ProtecGon Law. Atlassian’s noGficaGon of a Security Incident is not an acknowledgment by Atlassian of
its fault or liability.
4.
Sub-processing.
1
Atlassian Data Processing Addendum
October 2024 Version
4.1. General AuthorizaGon. By entering into this DPA, Customer provides general authorizaGon for Atlassian to engage Subprocessors to Process Customer Personal Data. Atlassian must: (i) enter into a wriVen agreement with each Sub-processor
imposing data protecGon terms that require the Sub-processor to protect Customer Personal Data to the standard required
by Applicable Data ProtecGon Law and to the same standard provided by this DPA; and (ii) remain liable to Customer if such
Sub-processor fails to fulfill its data protecGon obligaGons with regard to the relevant Processing acGviGes under the
Agreement.
4.2. NoGce of New Sub-processors. Atlassian maintains an up-to-date list of its Sub-processors here, which contains a mechanism
for Customer to subscribe to noGficaGons of new Sub-processors. Atlassian will provide such noGce, to those emails
subscribed, at least thirty (30) days before allowing any new Sub-processor to Process Customer Personal Data (the “Subprocessor No@ce Period”).
4.3. ObjecGon to New Sub-processors. Customer may object to Atlassian’s appointment of a new Sub-processor during the Subprocessor NoGce Period. If Customer objects, Customer, as its sole and exclusive remedy, may terminate the applicable Order
for the affected Cloud Product and related Support and Advisory Services in accordance with SecGon 12.2 (TerminaGon for
Convenience) of the Agreement.
5.
Assistance and Coopera@on Obliga@ons.
5.1. Data Subject Rights. Taking into account the nature of the Processing, Atlassian must provide reasonable and Gmely assistance
to Customer to enable Customer to respond to requests for exercising a data subject’s rights (including rights of access,
recGficaGon, erasure, restricGon, objecGon, and data portability) in respect to Customer Personal Data.
5.2. CooperaGon ObligaGons. Upon Customer’s reasonable request, and taking into account the nature of the Processing, Atlassian
will provide reasonable assistance to Customer in fulfilling Customer’s obligaGons under Applicable Data ProtecGon Law
(including data protecGon impact assessments and consultaGons with regulatory authoriGes), provided that Customer cannot
reasonably fulfill such obligaGons independently with help of available DocumentaGon.
6.
5.3. Third Party Requests. Unless prohibited by Law, Atlassian will promptly noGfy Customer of any valid, enforceable subpoena,
warrant, or court order from law enforcement or public authoriGes compelling Atlassian to disclose Customer Personal Data.
Atlassian will follow its law enforcement guidelines in responding to such requests. In the event that Atlassian receives an
inquiry or a request for informaGon from any other third party (such as a regulator or data subject) concerning the Processing
of Customer Personal Data, Atlassian will redirect such inquiries to Customer, and will not provide any informaGon unless
required to do so under applicable Law.
Dele@on and Return of Customer Personal Data.
6.1. During SubscripGon Term. During the SubscripGon Term, Customer and its Users may, through the features of the Cloud
Products, access, retrieve or delete Customer Personal Data.
7.
6.2. Post TerminaGon. Following expiraGon or terminaGon of the Agreement, Atlassian must, in accordance with the
DocumentaGon, delete all Customer Personal Data. Notwithstanding the foregoing, Atlassian may retain Customer Personal
Data (i) as required by Applicable Data ProtecGon Law or (ii) in accordance with its standard backup or record retenGon
policies, provided that, in either case, Atlassian will maintain the confidenGality of, and otherwise comply with the applicable
provisions of this DPA with respect to retained Customer Personal Data and not further Process it except as required by
Applicable Data ProtecGon Law.
Audit.
7.1. Audit Reports. Atlassian is regularly audited by independent third-party auditors and/or internal auditors, including as
described here. Upon request, and on the condiGon that Customer has entered into an applicable non-disclosure agreement
with Atlassian, Atlassian will supply a summary copy of relevant audit report(s) (“Report”) to Customer, so Customer can verify
Atlassian’s compliance with the audit standards against which it has been assessed, and this DPA. If Customer cannot
reasonably verify Atlassian’s compliance with the terms of this DPA, Atlassian will provide wriVen responses (on a confidenGal
basis) to all reasonable requests for informaGon made by Customer related to its Processing of Customer Personal Data,
provided that such right may be exercised no more than once every twelve (12) months.
7.2. On-site Audits. Only to the extent Customer cannot reasonably saGsfy Atlassian’s compliance with this DPA through the
exercise of its rights under SecGon 7.1 above, or where required by Applicable Data ProtecGon Law or a regulatory authority,
Customer, or its authorized representaGves, may, at Customer’s expense, conduct audits (including inspecGons) during the
term of the Agreement to assess Atlassian’s compliance with the terms of this DPA. Any audit must (i) be conducted during
Atlassian’s regular business hours, with reasonable advance wriVen noGce of at least sixty (60) calendar days (unless
Applicable Data ProtecGon Law or a regulatory authority requires a shorter noGce period); (ii) be subject to reasonable
confidenGality controls obligaGng Customer (and its authorized representaGves) to keep confidenGal any informaGon
disclosed that, by its nature, should be confidenGal; (iii) occur no more than once every twelve (12) months; and (iv) restrict
its findings to only informaGon relevant to Customer.
2
Atlassian Data Processing Addendum
October 2024 Version
8.
Interna@onal Provisions. To the extent Atlassian Processes Personal Data protected by Applicable Data ProtecGon Laws in one of the
regions listed in Schedule 2 (Region-Specific Terms), the terms specified for the applicable regions will also apply, including the
provisions relevant for internaGonal transfers of Personal Data (directly or via onward transfer).
9.
Defini@ons.
“Applicable Data Protec@on Law” means all Laws applicable to the Processing of Personal Data under the Agreement.
“Atlassian Account Data” means Personal Data relaGng to Customer’s relaGonship with Atlassian, including: (i) Users’ account
informaGon (e.g. name, email address, or Atlassian’s account ID (AAID)); (ii) billing and contact informaGon of individual(s) associated
with Customer’s Atlassian account (e.g. billing address, email address, or name); (iii) Users’ device and connecGon informaGon (e.g. IP
address); and (iv) content/descripGon of technical support requests (excluding aVachments) alongside with the Support EnGtlement
Number (SEN).
“Atlassian Usage Data” means Personal Data relaGng to or obtained in connecGon with the use, performance, operaGon, support or
use of the Products, including via their connecGon to Third-Party Products. Atlassian Usage Data may include event name (i.e. what
acGon Users performed), event Gmestamps, browser informaGon, diagnosGc data, data types, file sizes, and similar informaGon
associated with data from the Products and Third-Party Products that Customer connects to the Products. For clarity, Atlassian Usage
Data does not include Customer Personal Data.
“Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines
the purposes and means of the Processing of Personal Data.
“Customer Personal Data'' means Personal Data contained in Customer Data and/or Customer Materials that Atlassian Processes under
the Agreement solely on behalf of Customer. For clarity, Customer Personal Data includes any Personal Data included in the aVachments
provided by Customer or its Users in any technical support requests.
“Personal Data” means informaGon about an idenGfied or idenGfiable natural person, or which otherwise consGtutes “personal data”,
“personal informaGon”, “personally idenGfiable informaGon” or similar terms as defined in Applicable Data ProtecGon Law.
“Processing” (and “Process”) means any operaGon or set of operaGons which is performed on Personal Data or on sets of Personal Data,
whether or not by automated means, such as collecGon, recording, organizaGon, structuring, storage, adaptaGon or alteraGon, retrieval,
consultaGon, use, disclosure by transmission, disseminaGon or otherwise making available, alignment or combinaGon, restricGon,
erasure, or destrucGon.
“Processor” means the enGty which Processes Personal Data on behalf of the Controller.
“Security Incident'' means any breach of security leading to the accidental or unlawful destrucGon, loss, alteraGon, unauthorized
disclosure of, or access to Customer Data Processed by Atlassian and/or its Sub-processors.
“Sub-processor” means any third party (inc. Atlassian Affiliates) engaged by Atlassian to Process Customer Personal Data.
3
Atlassian Data Processing Addendum
October 2024 Version
Schedule 1
Descrip@on of Processing
1.
Categories of data subjects whose Personal Data is Processed: Customer and its Users.
2.
Categories of Personal Data Processed: Atlassian Account Data, Atlassian Usage Data, and Customer Personal Data.
3.
Sensi@ve data transferred: Atlassian Account Data and Atlassian Usage Data do not contain data (i) revealing racial or ethnic origin,
poliGcal opinions, religious or philosophical beliefs, or trade union membership, (ii) geneGc data, biometric data Processed for the
purposes of uniquely idenGfying a natural person, data concerning health, or data concerning a natural person's sex life or sexual
orientaGon, or (iii) relaGng to criminal convicGons and offences (altogether “Sensi@ve Data”). Subject to SecGon 6.3 of the Agreement
(SensiGve Health InformaGon and HIPAA), Customer or its Users may upload content to the Cloud Products which may include
SensiGve Data, the extent of which is determined and controlled solely by Customer.
4.
The frequency of the transfer: ConGnuous.
5.
Nature of the Processing: Atlassian will Process Personal Data in order to provide the Products and related Support and Advisory
Services in accordance with the Agreement, including this DPA. AddiGonal informaGon regarding the nature of the Processing
(including transfer) is described in respecGve Orders for relevant Products and DocumentaGon referring to technical capabiliGes and
features, including but not limited to collecGon, structuring, storage, transmission, or otherwise making available of Personal Data by
automated means.
6.
Purpose(s) of the Processing:
6.1. Customer Personal Data: Atlassian will Process Customer Personal Data as Processor in accordance with Customer’s
instrucGons as set out in SecGon 2.1 (Customer InstrucGons).
6.2. Atlassian Account Data and Atlassian Usage Data: Atlassian will Process Atlassian Account Data and Atlassian Usage Data for
the limited and specified purposes outlined in SecGon 1.1 (Roles of the ParGes).
7.
8.
Dura@on of Processing:
7.1. Customer Personal Data: Atlassian will Process Customer Personal Data for the term of the Agreement as outlined in SecGon
6 (DeleGon and Return of Customer Personal Data).
7.2. Atlassian Account Data and Atlassian Usage Data: Atlassian will Process Atlassian Account Data and Atlassian Usage Data only
as long as required (a) to provide Products and related Support and Advisory Services to Customer in accordance with the
Agreement; (b) for Atlassian’s legiGmate business purposes outlined in SecGon 1.1 (Roles of the ParGes); or (c) by applicable
Law(s).
Transfers to Sub-processors: Atlassian will transfer Customer Personal Data to Sub-processors as permiVed in SecGon 4
(Subprocessing).
4
Atlassian Data Processing Addendum
October 2024 Version
Schedule 2
Region-Specific Terms
Unless otherwise defined in this DPA or in the Agreement, all capitalized terms used in this Schedule will have the meanings given to them in
SecGon 4 of this Schedule.
1.
Europe, United Kingdom and Switzerland.
1.1. Customer InstrucGons. In addiGon to SecGon 2.1 (Customer InstrucGons) of the DPA above, Atlassian will Process Customer
Personal Data only on documented instrucGons from Customer, including with regard to transfers of such Customer Personal
Data to a third country or an internaGonal organisaGon, unless required to do so by Applicable Data ProtecGon Law to which
Atlassian is subject; in such a case, Atlassian shall inform Customer of that legal requirement before Processing, unless that
law prohibits such informaGon on important grounds of public interest. Atlassian will promptly inform Customer if it becomes
aware that Customer's Processing instrucGons infringe Applicable Data ProtecGon Law.
1.2. European Transfers. Where Personal Data protected by the EU Data ProtecGon Law is transferred, either directly or via onward
transfer, to a country outside of Europe that is not subject to an adequacy decision, the following applies:
(a)
The EU SCCs are hereby incorporated into this DPA by reference as follows:
(i)
Customer is the “data exporter” and Atlassian is the “data importer”.
(ii)
Module One (Controller to Controller) applies where Atlassian is Processing Atlassian Account Data or
Atlassian Usage Data.
(iii)
Module Two (Controller to Processor) applies where Customer is a Controller of Customer Personal Data
and Atlassian is Processing Customer Personal data as a Processor.
Module Three (Processor to Processor) applies where Customer is a Processor of Customer Personal Data
and Atlassian is Processing Customer Personal Data as another Processor.
(iv)
(v)
(b)
By entering into this DPA, each party is deemed to have signed the EU SCCs as of the commencement date
of the Agreement.
For each Module, where applicable:
(i)
In Clause 7, the opGonal docking clause does not apply.
(ii)
(iii)
In Clause 9, OpGon 2 applies, and the Gme period for prior noGce of Sub-processor changes is stated in
SecGon 4 (Subprocessing) of this DPA.
In Clause 11, the opGonal language does not apply.
(iv)
In Clause 17, OpGon 1 applies, and the EU SCCs are governed by Irish law.
(v)
In Clause 18(b), disputes will be resolved before the courts of Ireland.
(vi)
The Appendix of EU SCCs is populated as follows:
• The informaGon required for Annex I(A) is located in the Agreement and/or relevant Orders.
•
The informaGon required for Annex I(B) is located in Schedule 1 (DescripGon of Processing) of this
DPA.
•
The competent supervisory authority in Annex I(C) will be determined in accordance with the
Applicable Data ProtecGon Law; and
• The informaGon required for Annex II is located here.
1.3. Swiss Transfers. Where Personal Data protected by the Swiss FADP is transferred, either directly or via onward transfer, to any
other country that is not subject to an adequacy decision, the EU SCCs apply as stated in in SecGon 1.2 (European Transfers)
above with the following modificaGons:
(a)
All references in the EU SCCs to “RegulaGon (EU) 2016/679” will be interpreted as references to the Swiss FADP,
and references to specific ArGcles of “RegulaGon (EU) 2016/679” will be replaced with the equivalent arGcle or
secGon of the Swiss FADP; all references to the EU Data ProtecGon Law in this DPA will be interpreted as references
to the FADP.
(b)
In Clause 13, the competent supervisory authority is the Swiss Federal Data ProtecGon and InformaGon
Commissioner.
(c)
In Clause 17, the EU SCCs are governed by the laws of Switzerland.
(d)
In Clause 18(b), disputes will be resolved before the courts of Switzerland.
(e)
All references to Member State will be interpreted to include Switzerland and Data Subjects in Switzerland are not
excluded from enforcing their rights in their place of habitual residence in accordance with Clause 18(c).
5
Atlassian Data Processing Addendum
October 2024 Version
1.4. United Kingdom Transfers. Where Personal Data protected by the UK Data ProtecGon Law is transferred, either directly or via
onward transfer, to a country outside of the United Kingdom that is not subject to an adequacy decision, the following applies:
(a)
The EU SCCs apply as set forth in SecGon 1.2 (European Transfers) above with the following modificaGons:
(i)
Each party shall be deemed to have signed the UK Addendum.
(ii)
(b)
(iii)
For Table 1 of the UK Addendum, the parGes’ key contact informaGon is located in the Agreement and/or
relevant Orders.
For Table 2 of the UK Addendum, the relevant informaGon about the version of the EU SCCs, modules, and
selected clauses which this UK Addendum is appended to is located above in SecGon 1.2 (European
Transfers) of this Schedule.
(iv)
For Table 3 of the UK Addendum:
•
•
The informaGon required for Annex 1A is located in the Agreement and/or relevant Orders.
The InformaGon required for Annex 1B is located in Schedule 1 (DescripGon of Processing) of this
DPA.
•
The informaGon required for Annex II is located here; and
• The informaGon required for Annex III is located in SecGon 4 (Sub-processing) of this DPA.
In Table 4 of the UK Addendum, both the data importer and data exporter may end the UK Addendum.
1.5. Data Privacy Framework. Atlassian parGcipates in and cerGfies compliance with the Data Privacy Framework. As required by
the Data Privacy Framework, Atlassian (i) provides at least the same level of privacy protecGon as is required by the Data
Privacy Framework Principles; (ii) will noGfy Customer if Atlassian makes a determinaGon it can no longer meet its obligaGon
to provide the same level of protecGon as is required by the Data Privacy Framework Principles, and (iii) will, upon wriVen
noGce, take reasonable and appropriate steps to remediate any unauthorized Processing of Personal Data.
2.
United States of America. The following terms apply where Atlassian Processes Personal Data subject to the US State Privacy Laws:
2.1. To the extent Customer Personal Data includes personal informaGon protected under US State Privacy Laws that Atlassian
Processes as a Service Provider or Processor, on behalf of Customer, Atlassian will Process such Customer Personal Data in
accordance with the US State Privacy Laws, including by complying with applicable secGons of the US State Privacy Laws and
providing the same level of privacy protecGon as required by US State Privacy Laws, and in accordance with Customer's wriVen
instrucGons, as necessary for the limited and specified purposes idenGfied in SecGon 1.1(a) (Customer Personal Data) and
Schedule 1 (DescripGon of Processing) of this DPA. Atlassian will not:
(a)
retain, use, disclose or otherwise Process such Customer Personal Data for a commercial purpose other than for
the limited and specified purposes idenGfied in this DPA, the Agreement, and/or any related Order, or as otherwise
permiVed under US State Privacy Laws;
(b)
"sell" or “share” such Customer Personal Data within the meaning of the US State Privacy Laws; and
(c)
retain, use, disclose or otherwise Process such Customer Personal Data outside the direct business relaGonship
with Customer and not combine such Customer Personal Data with personal informaGon that it receives from
other sources, except as permiVed under US State Privacy Laws.
2.2. Atlassian must inform Customer if it determines that it can no longer meet its obligaGons under US State Privacy Laws within
the Gmeframe specified by such laws, in which case Customer may take reasonable and appropriate steps to prevent, stop, or
remediate any unauthorized Processing of such Customer Personal Data.
2.3. To the extent Customer discloses or otherwise makes available DeidenGfied Data to Atlassian or to the extent Atlassian creates
DeidenGfied Data from Customer Personal Data, in each case in its capacity as a Service Provider, Atlassian will:
3.
(a)
adopt reasonable measures to prevent such DeidenGfied Data from being used to infer informaGon about, or
otherwise being linked to, a parGcular natural person or household;
(b)
publicly commit to maintain and use such DeidenGfied Data in a de-idenGfied form and to not aVempt to reidenGfy the DeidenGfied Data, except that Atlassian may aVempt to re-idenGfy such data solely for the purpose
of determining whether its de-idenGficaGon processes are compliant with the US State Privacy Laws; and
(c)
before sharing DeidenGfied Data with any other party, including Sub-processors, contractors, or any other persons
(“Recipients”), contractually obligate any such Recipients to comply with all requirements of this SecGon 2.3
(including imposing this requirement on any further Recipients).
South Korea.
3.1. Customer agrees that it has provided noGce and obtained all consents and rights necessary under Applicable Data ProtecGon
Law for Atlassian to Process Atlassian Account Data and Atlassian Usage Data pursuant to the Agreement (including this DPA).
3.2. To the extent Customer discloses or otherwise makes available DeidenGfied Data to Atlassian, Atlassian will:
6
Atlassian Data Processing Addendum
October 2024 Version
4.
(a)
maintain and use such DeidenGfied Data in a de-idenGfied form and not aVempt to re-idenGfy the DeidenGfied
Data; and
(b)
before sharing DeidenGfied Data with any other party, including Sub-processors, contractors, or any other persons
(“Recipients”), contractually obligate any such Recipients to comply with all requirements of this SecGon 3.2
(including imposing this requirement on any further Recipients).
Defini@ons.
4.1. Where Personal Data is subject to the laws of one the following regions, the definiGon of “Applicable Data Protec@on Law”
includes:
(a)
Australia: the Australian Privacy Act;
(b)
Brazil: the Brazilian Lei Geral de Proteção de Dados (General Personal Data ProtecGon Act);
(c)
(d)
Canada: the Canadian Personal InformaGon ProtecGon and Electronic Documents Act;
Europe: (i) the RegulaGon 2016/679 of the European Parliament and of the Council on the protecGon of natural
persons with regard to the Processing of Personal Data and on the free movement of such data (General Data
ProtecGon RegulaGon, or GDPR) and (ii) the EU e-Privacy DirecGve (DirecGve 2002/58/EC) as amended,
superseded or replaced from Gme to Gme (“EU Data Protec@on Law”);
(e)
(f)
Japan: the Japanese Act on the ProtecGon of Personal InformaGon;
Singapore: the Singapore Personal Data ProtecGon Act;
(g)
South Korea: the South Korean Personal InformaGon ProtecGon Act (“PIPA”) and the Enforcement Decrees of
PIPA;
(h)
Switzerland: the Swiss Federal Act on Data ProtecGon and its implemenGng regulaGons as amended, superseded,
or replaced from Gme to Gme (“Swiss FADP”);
(i)
The United Kingdom: the Data ProtecGon Act 2018 and the GDPR as saved into United Kingdom law by virtue of
SecGon 3 of the United Kingdom's European Union (Withdrawal) Act 2018 as amended, superseded or replaced
from Gme to Gme (“UK Data Protec@on Law”); and
(j)
The United States: all state laws relaGng to the protecGon and Processing of Personal Data in effect in the United
States of America, which may include, without limitaGon, the California Consumer Privacy Act, as amended by the
California Privacy Rights Act, and its implemenGng regulaGons (“CCPA”), the Colorado Privacy Act, the ConnecGcut
Data Privacy Act, the Utah Consumer Privacy Act and the Virginia Consumer Data ProtecGon Act (“US State Privacy
Laws”).
4.2. “Deiden@fied Data” means data that cannot reasonably be used to infer informaGon about, or otherwise be linked to, a data
subject.
4.3. “Data Privacy Framework” means the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy
Framework, and the Swiss-U.S. Data Privacy Framework self-cerGficaGon program operated by the US Department of
Commerce.
4.4. “Europe” includes, for the purposes of this DPA, the Member States of the European Union and European Economic Area.
4.5. “EU SCCs” means the contractual clauses annexed to the European Commission's ImplemenGng Decision 2021/914 of 4 June
2021 on standard contractual clauses for the transfer of Personal Data to third countries pursuant to RegulaGon (EU) 2016/679
of the European Parliament and of the Council, as amended, superseded, or replaced from Gme to Gme.
4.6. “Service Provider” has the same meaning as given in the CCPA.
4.7. “UK Addendum” means the InternaGonal Data Transfer Addendum to the EU Commission Standard Contractual Clauses issued
by the UK InformaGon Commissioner, Version B1.0, in force 21 March 2022, as amended, superseded or replaced from Gme
to Gme.
7
Atlassian Data Processing Addendum
October 2024 Version
