AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
98
INTERNATIONAL JOURNAL OF DATA SCIENCE AND MACHINE LEARNING (ISSN: 2692-5141)
Volume 05, Issue 01, 2025, pages 98-126
Published Date: - 28-04-2025
Doi: -
https://doi.org/10.55640/ijdsml-05-01-14
Automating ITSM Compliance (GDPR/SOC 2/HIPAA) in Jira
Workflows: A Framework for High-Risk Industries
Srilatha Samala
Jira Reporting Lead, Apex IT Services,500 Alexander Park Drive, Suite 102, Princeton, NJ.
ABSTRACT
Regulatory compliance is increasingly a fundamental part of a methodology to shield one’s
organization from
unscrupulous practices in enterprise IT. Organizations are bound by these compliance frameworks, such as GDPR,
SOC 2, and the Health Insurance Portability and Accountability Act (HIPAA), to have the most potent data security,
privacy, and integrity controls in place as they pertain to data. Organizations can get integrated options for
handling workflows and ensuring compliance with the automated options of IT Service Management (ITSM) tools
like Jira. With customizable workflows, automated notifications, and task assignments, Jira exposes organizations
to powerful and easy-to-enforce compliance with these regulations across large and distributed teams. This study
explores ways of automating the compliance workflows using Jira and how it would integrate well with other ITSM
tools and perfectly tie with IT service and DevOps processes. It also talks about how complex it is to automate
compliance, including configuring workflows and integrating legacy systems. This will help the organization
automate compliance tasks, lessen human error risk, accelerate the audit, and stay on track with compliance
metrics. Jira case studies are also presented, which explain how Jira is used in high-risk cases, reducing the risk
associated with compliance and improving audit and streamlining of workflow. The paper ends by recommending
industry organizations that want to utilize the best practices of compliance automation as part of their strategies
and predicting trends that will affect compliance automation ITSM practices in the future, including AI and
machine learning, blockchain technology.
KEYWORDS
Compliance Automation, Jira Workflows, GDPR, SOC 2, HIPAA.
INTRODUCTION
Data security, privacy, and system integrity are important nowadays in IT and must be done according to industry
regulations. Compliance frameworks are tools that help an organization adhere to regulatory requirements that it
abides by IT Service Management (ITSM). There are solidly defined regulations that are set as guidelines for the
securement of sensitive nonpublic information, such as the General Data Protection Regulation (GDPR), System and
Organization Controls 2 (SOC 2), and the Health Insurance Portability and Accountability Act (HIPAA). The
frameworks lay out the legal and operational responsibilities of a company that owns, processes, and stores that
owns, processes, and stores that data. As GDPR is related to personal data protection for EU citizens and better
controls on data access, consent, and retention, it is perceived as a tougher regulation than California laws.
Comparatively, SOC 2 involves trust service criteria revolving around data service providers protecting information
using security, availability, confidentiality, processing integrity, and privacy. HIPAA focuses only on patient
information and healthcare organizations about confidentiality and Integrity. Organizations that do not comply with
these frameworks suffer huge damage to their reputation and financial penalties. The continued nature of
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
99
compliance makes it almost impossible for the enterprise to achieve and maintain it, especially if handling large
quantities of sensitive data.
Enterprise environments use Atlassian product Jira to manage software development and IT service management
(ITSM) processes. In terms of its strong feature of handling tracking tasks, automating workflows, and enforcing
compliance in large distributed teams is an ideal tool. This helps organizations use Jira for ITSM compliance and
create secure workflows for compliance with regulatory measures. Jira’s flexibility is essential for its customization
around its workflows to the extent it can help it ‘escape’ to meet its compliance process requirements and
those of
the organization with compliance process requirements. Jira has glaring features, like automated notification, task
assignment, and approval processes. Each uses Jira to clean up compliance issues effectively and guarantee
appointments to the right team members at the right time. It also allows for the integration of its functions with
other ITSM tools and DevOps platforms to achieve visibility across several departments in the context of workflows.
Jira plays a fundamental role in helping Organizations Bridge the gap between IT service management and
development as they move towards DevOps and automate compliance workflows from the application and service
lifecycle.
A robust Compliance Management System is required in high-risk environments, especially where the customer or
patient's health data is sensitive. Manual processes lead to inefficiency as well as human error in these settings.
Because compliance tasks are performed consistently and accurately, there is less chance that oversight or
mishandling of this task will cause noncompliance. Especially in environments where adherence to stringent
regulations such as GDPR, SOC 2, and HIPAA is critical, automation plays a very crucial role. These regulations are
very strict, providing detailed guidance about how data has to be handled, controlled, and so on across the entity.
They need to be implemented firmly and consistently. Implementing automation in Jira helps minimize compliance
risks because compliance tasks are embedded directly into daily workflows, giving organizations better coverage of
their compliance status. Additionally, automation drives up the auditing process and spits real-time metrics into
compliance metrics, especially in high-risk environments where a breach or violation can be catastrophic.
Failing to meet ITSM compliance standards has many ramifications. If an organization does not comply with
regulatory requirements, it can be fined very high financial penalties. For instance, the fines for GDPR violations can
reach $4 million or 4 percent of annual global revenue, whichever is higher. Nonadherence to HIPAA or SOC 2 results
in enormous financial and legal repercussions like losing access to business licenses or contracts, lawsuits, and
undermining reputation. The cost of noncompliance goes well beyond the immediate financial penalty and can go
on to cause irreparable damage to an organization's brand. These days, customers and stakeholders are more aware
of how important it is to keep your data private, and a failure to comply can make you lose trust and confidence.
Once trust is broken, it is very hard to recover old trust; it takes a toll on customers acquiring and keeping them
loyal. For this reason, compliance cannot be over-emphasized, and Jira provides practical tools for reducing the
associated risks.
This study intends to understand how automating the processes related to ITSM compliance frameworks like GDPR,
SOC 2, and HIPAA offered help to organizations facing the complexities. This paper will discuss how Jira is used to
automate compliance workflows, what it entails, how it helps in high-risk environments, and how it integrates with
existing ITSM processes. It also discusses how most organizations face problems when automating compliance and
outlines how to integrate those processes into an enterprise's IT and DevOps strategies. The study generally outlines
the ITSM compliance regulations in the form of an overview and then presents in more detail how Jira can automate
these processes. There will be case studies of successful implementations, the best practices and knowledge, and
the future trends for compliance automation. The study suggests how Jira could strengthen your organization's
compliance automation strategies.
Key ITSM Compliance Regulations: GDPR, SOC 2, and HIPAA
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
100
Organizations that handle sensitive data must adhere to stringent data protection standards to ensure security,
privacy, and data integrity within IT Service Management (ITSM) frameworks. Key regulations that govern these
practices include the General Data Protection Regulation (GDPR), System and Organization Controls 2 (SOC 2), and
the Health Insurance Portability and Accountability Act (HIPAA). These frameworks impose rigorous requirements
for data handling and privacy across various sectors. Ensuring compliance involves embedding security measures
throughout the software development lifecycle, particularly within CI/CD pipelines, using DevSecOps
methodologies that integrate tools such as SAST, DAST, and SCA (Konneru, 2021).
Table 1: Overview of ITSM Compliance Regulations
.
Regulation
Key Focus Areas
Compliance Requirements
GDPR
Data protection, access control, and consent
Data encryption, user access permissions, breach reporting
SOC 2
Security, availability, confidentiality, processing integrity, privacy System security, incident response, access control
HIPAA
Patient data privacy and security
Encryption, access control, risk assessments, audit trails
General Data Protection Regulation (GDPR)
Particularly adopted in 2018, the European Union's (EU) General Data Protection Regulation (GDPR) is a
comprehensive data privacy law. It is also a very high standard to protect personal data and is for any organization
that processes the data of citizens of the EU, wherever this organization is based. In the case of GDPR, all personal
data has to be stored, collected, and erased. There are numerous requirements, including obtaining explicit consent
for any kind of data collection, allowing individuals to access the data they provide, and securing the data at each
stage of its life cycle.
The GDPR has an extremely basic principle regarding the individual right to privacy (Brkan, 2019). The regulation
speaks to the issue of individuals knowing what data is being collected, how it is being used, and who it is being
shared with. To meet GDPR, organizations must ignore encryption and data anonymization because they are not
obliged to provide strong security to protect personal data from data breaches. A further aspect of GDPR is strict
reporting requirements for valid organizations on data leaks and severe punishment for failure to comply.
It may also be essential that Jiran is used to ensure that GDPR will be complied with. An organization can allay fear
regarding handling personal data based on GDPR principles by leveraging Jira's customizable workflows and
automation feature (Sangaroonsilp, 2024). For example, Jira can automate consenting, tracking data access
requests, and retaining data. In this context, Jira audit trails and permission management features allow for the
records of these data processing activities to be maintained, and the only people who have access to that sensitive
data are the audited people. However, Jira's flexibility allows the rules and the automation of reporting to be strict
regarding security and all the GDPR requirements for the process itself.
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
101
Figure 1: An Overview of GDPR
SOC 2 (System and Organization Controls)
The SOC 2 is a group of three compliance guidance objectives based on the elements AICPA developed to complete
a Security, Availability, and Confidentiality assessment of an organization's systems, and the standards are used to
evaluate the system's security, availability, processing Integrity, confidentiality, and privacy. SOC 2 is known in the
world of cross-industries, especially in the IT sector, as a standard that ensures the Integrity and security of data in
cloud environments. SOC 2 consists of the five Trust Services Criteria (TSC): security, availability, processing
integrity, confidentiality, and privacy.
•
Security protects systems or data from unauthorized access or attacks.
•
Availability means that all systems and services are available for operation and use according to the terms
of the service agreements.
•
Processing Integrity ensures that the system's processing does not result in errors in accuracy,
completeness, or timeliness.
•
The protection of confidential information from unauthorized access is called confidentiality.
•
Privacy involves what information can be used for, by whom, and what can happen to that information.
These criteria need to be aligned by the organizations, and they must implement the controls required to fit the
criteria. To prevent the effectiveness of security procedures, it is necessary to establish security procedures such as
secure access protocols, including a monitoring process and proper auditing. Incident response plans must be
created and followed, and organizations must perform risk assessments and constantly monitor vulnerabilities.
Also, these attendance rules are facilitated by automation and the reduced time it takes to meet the ITSM
processes.
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
102
Jira is an excellent SOC 2 control implementation platform where workflow can be handled, access control can be
monitored, and real-time changes can be tracked. Companies can use Jira's customization functionality to automate
security incident monitoring, force service level availability through Service Level Agreements (SLAs), and enforce
processing integrity through a wide raft of auditing measures (Waghmare, 2019). Granulated reporting features,
such as SLAs and audit logs, make Jira very suitable for monitoring confidentiality and privacy compliance tasks
(such as SLAs and audit logs) and base compliance on transparency and verifiability.
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA is a federal law that safeguards patient information. Particularly for healthcare organizations and business
associates, HIPAA is quite important in handling protected health information (PHI) (Abbasi & Smith, 2024). This
website establishes the rules about keeping and passing patient data securely so as not to be given to people who
are not authorized. Since PHI must be protected, implementing the administrative, physical, and technical
safeguards HIPAA prescribes for healthcare organizations is necessary. Consecutive to that, access control
conventions, encryption, data reinforcement methods, and continuous scanning for unlawful access or intrusion.
HIPAA also requires that organizations have a security policy with access to all employees, conduct a continuous
risk assessment, and train all employees to protect the data. Supporting HIPAA with Jira can be done by automating
workflows dealing with PHI and securing PHI only to authorized personnel (Thompson, 2020). Jira's permission
management system can restrict sensitive access to roles so that the user with the right clearance can only access
the data; the auditing capabilities of Jira help organizations provide detailed access and modification records of PHI
that are needed for compliance reporting. In addition, Jira helps healthcare organizations automate compliance
checks so things like encryption and data backup are consistently checked.
Commonalities and Differences between Regulations
GDPR, SOC 2, and HIPAA each require different things, but there are some common parts to all of them. All three
regulations assume the importance of clear data security controls, including strict access controls to sensitive
information. In addition, they must require organizations to keep a record of data access and processing activities
that is detailed enough to be transparent and accountable. Furthermore, each regulation requires organizations to
report data breaches immediately and instigate corrective steps where required. There are, however, important
differences between these two regulations. GDPR is mainly concerned with data privacy and individual rights, which
are strictly regulated about vehicle data subject consent and the right to be forgotten. For example, SOC 2 is about
securing and processing Integrity in the system, which can be applicable if a company is in the business of providing
cloud service and receiving third-party data (Mishachandar et al., 2021). HIPAA has extra prescriptive requirements
for healthcare companies, such as information encryption, backup, and bodily safeguards. In fact, there are many
cases where the organization has to meet several regulations simultaneously. Jira's flexible platform fulfills
companies' requirements covering different compliance requirements. Customizing Jira to meet GDPR, SOC 2, and
HIPAA Compliance while managing different types of sensitive data across different industries will streamline
Compliance and enable task automation, security events, and a comprehensive audit log.
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
103
Figure 2: Difference between PCI DSS and HIPAA Compliance
Automating Compliance Workflows in Jira
Regulatory requirements like GDPR, HIPAA, SOC 2, and others still have to be met by organizations in a dynamic
digital world, including today, and it is critical. Jira is an excellent tool for automating workflows for Compliance,
and ITSM and project management are widely used usages of Jira.
Jira's Built-in Compliance Features
Jira offers several native features that enable organizations to automate compliance workflows effectively. Key
components such as customizable workflows, granular permission settings, and detailed audit logs form the
backbone of Jira’s capability to support regulatory compliance. The flexibility of Jira's workflow engine allows
enterprises to tailor processes to meet specific regulatory needs by defining step-by-step procedures and
embedding review, approval, and escalation logic. For example, a workflow granting access to sensitive resources
can be configured to require prior approval from a compliance officer, ensuring that access is limited to authorized
personnel only. These systems contribute significantly to reducing the manual burden of compliance while
increasing accountability and traceability (Raju, 2017).
Permissions are another very important aspect of compliance management in Jira. The great benefit of the power
is that organizations can have detailed control over user access to set up exactly who has access to what and what
other people can do. The least privilege is also enforced by Jira, where you are assigned permissions based on roles
and responsibilities and have limited access to sensitive information, which puts less risk of exposing the
information needed as part of Compliance with HIPAA (Rehman, 2021). One of Jira's main features of audit log
functionality is its Compliance.
All actions performed in the system
—
creating a task, changing its status, or updating its content
—
are recorded
with the help of timestamped records detailing who acted (Schmid et al., 2023). This allows an organization to see
every activity within the system, which satisfies auditing standards. These audit trails are ideal during regulatory
audits, as they ensure full accountability for organizational actions. Systems like Jira benefit from this by allowing
organizations to generate compliance reports tailored to jurisdictional requirements. Compliance officers can
customize these reports to focus on specific metrics
—
such as data access logs and task completion statuses
—
to
assess adherence to compliance policies. The capacity to automate the creation and distribution of these reports
ensures time efficiency and consistency in compliance tracking. Integrating such features with robust data
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
104
management systems like MongoDB helps bridge the gap between performance and reliability, further
strengthening compliance capabilities through consistent data integrity and traceability (Dhanagari, 2024)
Table 2: Compliance Features of Jira
Jira Feature
Description
Compliance Benefits
Customizable
Workflows
Tailored workflows that map to compliance
regulations
Ensure all tasks meet specific regulatory requirements
Granular Permissions
Control user access to sensitive data
Enforces least-privilege access to comply with GDPR and
HIPAA
Audit Logs
Tracks changes and actions in Jira
Provides transparency for audits and regulatory reporting
Integrating Jira with ITSM Tools for Enhanced Automation
Although Jira has many built-in features for compliance workflow management, its strength lies in integrating with
ITSM tools such as ServiceNow, Cherwell, or Freshservice. When Jira is connected to these platforms, it helps
organizations streamline their Compliance over multiple teams and systems more efficiently and automatically. As
such, it could help you integrate Jira with ServiceNow so that the two processes can work hand in hand smoothly.
ServiceNow services, incident, change management, and Jira to rep the tasks and approvals related to Compliance.
A complementary use case for ServiceNow is responding to dependency requests where, for example, a compliance
check is needed for a service request, and Jira can automatically create a corresponding task if required. Integrating
that allows us to follow compliance workflows without delay and automatically create, assign, and track tasks
between platforms.
Combining Jira with Cherwell will unify IT service management and compliance efforts. Cherwell handles incidents
and service requests, and when a matter of Compliance arises, Jira can automatically create an issue for review
(Tistelgrén, 2023). This integration minimizes the handwork to monitor compliance-related concerns and meet the
task deadline. It aids in streamlining compliance management by shortening the time that business compliance-
related problems should be attended to. Jira and ITSM tools integration increases the integration between IT
systems, making a more integrated IT ecosystem that is not isolated on a single system (Saarela, A. (2017).
Compliance is not isolated in any one system but has seamless transportation between several platforms. This way,
compliance officers and IT teams can work together to achieve Compliance on time with as little manual
intervention as possible.
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
105
Figure 3: IT Service Management
Customizing Jira Workflows for Compliance
Customizing the Jira workflow process and automating compliance processes became easy. By creating workflows
tailored to particular compliance regulations, organizations can enforce their compliance policies consistently. Jira
offers custom workflows in which organizations can automate tasks like approvals, security checks, and data access
controls, among others, to reduce the occurrence of human errors and meet Compliance across the board.
Adapting Jira itself to automate your approval processes is one of the best ways to ensure Compliance. For example,
the customized workflow can notify the right compliance officer to approve a team member's sensitive data access
requests. The compliance officer will approve the access request if it is only granted and authorized people can
access critical information. Furthermore, this reduces unnecessary risk of infringement of regulations such as GDPR
and HIPAA. Security checks can also be automated in Jira workflows performed at a point within a workflow (
Boda,
2021)
. This means that the workflow can perform security checks prior to sending the data or moving it to make
certain it is encrypted, for example, or otherwise in Compliance with a requisite security measure. However, these
checks help avoid manual intervention and thus make the check more efficient and reliable.
Data access policies
—
such as multi-factor authentication or approval from designated team members
—
can be
enforced by procurement teams to regulate access to sensitive information
(Suleski et al., 2023). These measures
ensure that each data point follows a secure lifecycle, with safeguards at every stage to meet compliance
requirements. Additionally, Jira workflows can integrate escalation mechanisms to handle unresolved compliance
issues promptly. For instance, if a compliance-related task remains incomplete beyond a set deadline, the system
can automatically escalate it to a higher authority without requiring manual intervention. This automation ensures
deadlines are respected and deviations are addressed in real-time, enhancing both accountability and compliance
tracking (Kumar, 2019).
Leveraging Automation Rules and Scripts in Jira
Jira's powerful automation rules, as well as its power to script, are extremely useful to speed up Compliance and
other tasks beyond the core features of Jira (indeed, Jira can be extended with plugins and also bespoke scripted
programs to support the most demanding requirements). These distinct features of the system aid organizations in
lowering manual involvement and ensuring that processes are adhered to without errors. Specifically for Jira,
automation and automation rules are built into the product to allow users to create predefined actions that reoccur
when a condition has been met automatically. For example, a compliance report will automatically be created if a
task status reaches a certain point, like Completed or Resolved. These automation rules save tons of time and
eliminate the chance of an error while humans are completing compliance activities (
Biswas & Dutta, 2020)
. The
same rules can also notify the compliance officers if an issue needs attention or when the compliance task status
changes in the workflow.
Scriptrunner is a powerful scripting tool integrated into Jira, enabling the creation of custom scripts to support more
complex automation tasks. These scripts can be leveraged to generate stakeholder compliance reports, issue email
alerts, or perform compliance checks based on predefined criteria. By utilizing Scriptrunner, organizations can
significantly extend Jira's native functionalities to meet highly specific industry or organizational compliance
requirements. Additionally, Jira’s REST API offers further flexibility for automating compliance workflows. This
capability enables seamless integration with other tools and systems, ensuring real-time synchronization and
interactive engagement with compliance tasks across platforms. As a result, organizations can enhance their
compliance posture by centralizing or coordinating compliance management through a single tool or
interconnected system (Singh et al., 2019).
Table 1:
Role of Automation Rules and Scripts in Jira for Compliance
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
106
Automation Rule Type
Description
Compliance Impact
Task Status Change
Triggers automated compliance actions when tasks are
updated
Ensures compliance checks are completed
without delays
Security Incident Alerts
Automates notification to compliance officers when
incidents occur
Immediate action to resolve breaches
Compliance Report
Generation
Automatically generates compliance reports at specified
intervals
Saves time, ensures timely reporting
Data Protection and Security in Jira Workflows
Today, dealing with sensitive data is mandatory (such as using Jira to manage ITSM compliance workflows), which
is why organizations are regulated digitally. Guaranteeing operational integrity is critical, for instance, ensuring
guaranteed data, and this is critical, too, as it is mandatory as per any standards like GDPR and SOC 2 HIPAA.
Access Control and Permissions
Data protection in Jira workflows only concerns granular access control and permissions. The access control
mechanisms employed by organizations make sure except for authorized personnel, sensitive data cannot be
viewed or subjected to malicious access (
Tourani et al., 2017)
. Access control is handled by a role and permission
scheme in Jira so that administrators can assign a certain level of access to specific roles for each user. One example
is that administrators can have the highest level of access and create workflows, set permissions, and see all issues.
However, end users may be limited to only seeing or, at most, editing issues associated with assigned tasks. Access
hierarchy order of order means that only people who need to see this data for the right reason have access to
sensitive data such as personally identifiable information (PII) or one's health records (for instance, HIPAA
compliant).
This is because Jira is made to review periodically and once again reconfigure permission permissions because roles
change inside of the organization, and the GDPR and some other rules make organizations do this
(Block, 2023). In
role-based access control (RBAC), access to sensitive data can also be restricted based on a user's role in the
company, with restricted access given to the users who must not have access to this data like others. With Jira's
permission scheme, compliance officers can now lock down permissions more and only allow users explicitly
authorized to access compliance-critical data. Jira also has two-factor authentication (2FA) as a form of security for
user accounts. It also adds another step that cuts the risk of an unauthorized breach, even with compromised
passwords. By enabling 2FA, people are reducing the number of attacks against sensitive compliance data and their
exposure since only real users can access it
.
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
107
Figure 1: Attribute based access control for PII Protection
Audit Trails and Reporting for Compliance
A detailed audit trail is mandatory for any organization that is in the position of taking care of sensitive data. Audit
logs record who had access to or altered data and when that occurred; they are essential to ensure compliance with
regulations like GDPR, SOC 2, and HIPAA. Jira’s many audit logging capabilities are meant to log each and every user
interaction in the platform. Many of these issues come from these logs, such as login attempts, permission changes,
workflow transitions, and modifications in the sensitive issues. Audit logs are essential to prove to the authorities
that correct measures are in place to regulate access and ensure system security (Ahmad et al., 2019). Fulfilling
regulatory requirements towards data integrity, privacy, and accountability requires that actions be tracked to the
level of ticket creation, deletion, modification, user details, and timestamps.
Jira enables compliance officers to generate detailed reports from audit log data, allowing organizations to filter by
specific actions, users, or time periods to conduct comprehensive internal audits and prepare for external
compliance evaluations (Kamdjoug et al., 2024). This process can be further streamlined with automated report
generation, providing real-time access to required compliance data. These audit trails are vital for probing
unauthorized access attempts, monitoring adherence to security policies, and tracing user actions within the
system. In particular, regulations like the GDPR and HIPAA require verifiable documentation of data protection
practices. For example, GDPR mandates that organizations demonstrate their compliance efforts when requested
by law. Jira’s immutable audit logging feature supp
orts this requirement by maintaining a transparent and tamper-
proof history of all system activity (Sukhadiya et al., 2018).
Table 2: Jira's Compliance Features vs. Regulatory Requirements
Jira Feature
GDPR Requirement
SOC 2 Requirement
HIPAA Requirement
Audit Logs
Tracks data access and changes to ensure
transparency
Monitors system access and data
processing integrity
Ensures complete records of access to
PHI
Access
Control
Limits access to personal data based on
roles
Secures access to systems and data
Restricts access to PHI based on
employee roles
Encryption
Encrypts personal data during storage and Encrypts sensitive information
Encrypts PHI both in transit and at
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
108
Jira Feature
GDPR Requirement
SOC 2 Requirement
HIPAA Requirement
transfer
rest
Data Encryption and Security Measures in Jira
The crucial step to ensure the security of sensitive information both within transit and at rest is the process of data
encryption. Encryption takes data and changes it into code that can only be decrypted by authorized entities,
preventing unauthorized access to the data during transmission or storage. All data transferred from the users to
the platform using Jira is encrypted using strong encryption protocols. Transport Layer Security (TLS) encrypts
communication between Jira servers and clients so that sensitive data such as passwords and issue details cannot
be intercepted or tampered with in transit. This encryption is necessary to meet the security requirements of SOC
2 and HIPAA, as well as regulations that require encrypting sensitive data when transmitted to keep the data from
being leaked. Jira supports encryption in transit as well as encryption at rest (
Loukkaanhuhta, 2021)
. This means
that the data stored on Jira’s servers are encrypted, and even if an unauthorized person success
fully accesses the
storage devices physically, they would not be able to read or manipulate the data.
Canadian regulations that guide wildlife generally require it. HIPAA and SOC 2 are two specific examples of
knowledge that focus on delicate data, including medical information, health-related information, financial data,
etc. Because of this, encryption at rest is fundamentally important when planning for such data, and it has an extra
edge in safeguarding against data breaches and being open to them. Third-party security solutions, such as identity
management and Single Sign-
On (SSO) systems, operate with Jira to further aid Jira’s overall security posture. The
integrations can help you more easily manage who does what in Jira, increasing the security of Jira workflows.
Organizations working in highly regulated industries must ensure that Jira adheres to the encryption standards
required by GDPR, HIPAA, and SOC 2. The same should be performed for Jira’s encryption mechanisms to verify that
they are actually working and that sensitive data cannot be accessed by anyone other than the intended user (Goel
& Bhramhabhatt, 2024).
Data Retention and Deletion Policies
A second important aspect of data protection in Jira workflows is to meet the data retention and deletion policies.
Organizations are required to keep personal data for only as long as needed to fulfill the reason(s) it was gathered
by regulations such as GDPR and HIPAA. Data must be securely eliminated or masked if it is no longer needed not
to be accessed by unauthorized persons. Data retention policies can be implemented in Jira so that sensitive data
should be automatically deleted or anonymized when it has exceeded its retention period. Jira has built-in features
for doing this, like automated workflow transitions or custom scripts that delete the requested data for a particular
period. For instance, if a support ticket containing personal data is ended and then no longer required, Jira can use
the configured retention schedule to archive or purge the associated data automatically (
Koop, 2020)
. Since GDPR,
Jira workflows should be designed to delete personal data once such data becomes not required for processing. It
also includes deleting data and removing all other backups of the data. Jira also has an anonymized tool that enables
administrators to unidentified data, with the functionality still as it would be for statistical or analytic purposes.
Organizations can reduce the risk of non-compliance with regulations and legal obligations in managing sensitive
data if they can automate data retention and deletion processes. Retention policies and practices should be
reviewed periodically to ensure the configuration supports recent regulatory requirements.
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
109
Figure 2: Data Retention and Deletion Policies
Ensuring Continuous Compliance with Jira Automation
Continuous compliance in an organization is an ongoing process of vigilance, consistency, and the ability to adjust
to progressive and evolving regulatory requirements. When properly configured and integrated with automation
features, Jira can have a major situational role in the layer of compliance in IT service management (ITSM)
workflows. With continuous compliance monitoring, the ability to proactively notify compliance officers of possible
issues, the generation of real-time metrics, and the automation of audits and reviews, organizations can handle
compliance risks very effectively and efficiently. Below are some key ways Jira can assist in automating and
continuously complying (Karwa, 2024).
Automated Compliance Monitoring
Furthermore, maintaining compliance becomes one of the primary challenges during which policies and procedures
are repeatedly being followed, not the organization. Jira's ability to have customized workflows enables enterprises
to monitor compliance in real-time through automated monitoring. Jira's automation engine can continuously
check how many compliance tasks have been performed to the dates set down, as per schedules or deadlines.
Organizations can automate the task of compliance monitoring in Jira workflow automation rules and ensure that
each step of the process is done correctly without humans intervening (
Seth & Bagalkoti, 2019)
. One example is
that Jira can track when tasks associated with data protection, access control, and documentation were completed
to comply with GDPR. With these tasks moving through the system, Jira can ensure that the approvals and checks
they need are confirmed and that none of the tasks are skipped or delayed. This continuous monitoring system
greatly minimizes the risk of noncompliance with human error so that organizations have a consistent, verifiable
record of all compliance activities.
Proactive Compliance Alerts and Notifications
Automated monitoring plays a critical role in ensuring that compliance processes are consistently followed.
However, it is the integration of proactive alerts and notifications that serves as an organization’s early warning
system
—
helping to identify and mitigate compliance risks before they escalate into larger issues. Jira enhances this
capability through built-in automation features that allow users to set alerts based on specific triggers or conditions.
For example, stakeholders such as compliance officers or managers can be notified when a regulatory deadline is
approaching or when a required task is overdue. This ensures timely action and accountability, reducing the risk of
non-compliance (Chavan, 2021).
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
110
Preventing potential compliance breaches is important, and these alerts are important to them
(Mohammed, 2023).
For instance, if an employee accesses sensitive data without proper authorization, Jira can alert the relevant parties,
or if the audit trail is not enough, it can raise an issue if the employee has not followed security procedures. Suppose
we are talking about GDPR compliance, for example. In that case, Jira can be configured to send out notifications
to data protection officers regarding approaching deadlines of data access requests or if a data retention policy is
not being followed. By providing real-time notifications, Jira gives compliance officers the ability to perform
corrective action and reduce the possibility of fines, penalties, and decreased reputational damage. Jira's alert
system can also be used for different levels of urgency and importance (
Dona & Nilindi, 2021)
. An example would
be that there might be an alert with high priority when anydiv changes the access permission to the sensitive data
and a lower priority alert when we need to inform the team that we need to do periodic reviews according to
compliance. The degree of customization guarantees that the compliance teams are knowledgeable and equipped
to deal with any issues promptly and efficiently.
Reporting and Dashboards for Compliance Metrics
Compliance also extends to ensuring that those processes are being met with tracking and proving that you are
following the process correctly. Specifically, Jira's dashboard and reporting abilities give companies a strong stick to
visualize compliance metrics and performance. They can be made to display live compliance data so that a team
can quickly assess how much they are achieving regarding regulatory requirements. The same can be used as an
example if the compliance officer wants to create a dashboard showing you some of the metrics around data access
control, audit logs, and workflow adherence (
Fanto, 2016)
. They can see whether compliance tasks are being done
in time or not, whether security policy is being followed, and identify bottlenecks in the compliance process. These
metrics can be updated in real-time and always have an accurate, up-to-date picture of the organization's
compliance status.
In addition, Jira helps generate detailed reports to track how performance ended during the passage of time, thus
enabling the compliance officers to spot the trends and areas for improvement. They are essential for periodic
internal audits and for giving evidence during external audits. The reports can be customized to display detailed
logs of what actions were taken on workflows, which actions were made, and when and whether they were done
in compliance with compliance protocols. As a result of offering these real-time reporting and visualization tools,
Jira helps the organization meet compliance requirements and offers stakeholders transparency on how much
effort the organization is deploying to meet compliance requirements.
Automated Compliance Audits and Reviews
This is where it becomes very important to conduct audits and reviews regularly. However, the manual effort
involved with conducting these audits and reviews is extremely time-consuming and prone to errors. By automating
many tasks when completing their compliance audits, Jira's automation capabilities can help reduce the workload
those tasks take away from compliance audits. Automatic scheduling of compliance audits can be facilitated to meet
the schedule of audits consistently without manual intervention (
Wang et al., 2021)
.
The Jira workflows can be designed to trigger an audit when specific events occur, e.g., when a compliance-related
task is completed or when a set time interval has passed (e.g., monthly, quarterly, or annually). This allows the
system to generate automated compliance reports regarding that audit's findings, including those areas of
compliance and any deviation or violation that may exist. These reports can easily be forwarded to an individual or
a designated group of people who will examine them for further review by compliance managers and executives.
Outside of automated audits, Jira can monitor for compliance against particular rules automatically by checking the
workflows periodically to ensure that the organization has complied with the relevant regulations (Kamath, 2023).
These reviews can be relied on to verify that all audit trails are complete, that no unauthorized access has occurred,
and that all the compliance tasks have been completed in the proper timeframe. Jira automates the audit and
review process and lowers the administrative load on the compliance teams while maintaining the highest degree
of accountability and transparency to ensure the outcome.
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
111
Case Study: Automating ITSM Compliance in a Large Healthcare Organization
Challenges Faced by the Healthcare Organization
Many healthcare organizations, including large ones such as providers of a wide range of medical services (such as
emergency care, outpatient services, and long-term care), faced challenges in the way they had to enforce
compliance with the Health Insurance Portability and Accountability Act (HIPAA) while attempting to define and
implement their IT service management (ITSM). Strict regulations governing data privacy laws regarding the
handling of patient data, and the organization was dealing with very large amounts of sensitive patient data. One
of the organization's biggest problems was securing patient data between different departments while ensuring
the confidentiality of patient data (
Abouelmehdi et al., 2018)
. These departments, billing, patient care, and
administrative services are needed to access different patient data sets. Each department faced the complex task
of HIPAA compliance, and only authorized personnel were allowed to access sensitive data. These workflows were
also not unified because the different departments varied in terms of which tools and processes they used for
compliance and operational tasks, thus splitting and disrupting the workflows in contrast to efficiency.
The fast pace of changes in the realm of healthcare regulations was also another hurdle that the organization
experienced. More often, especially when new regulations such as data encryption, ransom notification, and patient
access rights appear. Keeping up with these changes and ensuring all processes comply with the latest regulatory
standards was overwhelming. Manual compliance tracking with these regulatory changes was more complex due
to human error and variation. The audit processes also involved much manual labor and were heavy regarding audit
data collection and analysis. It was difficult for the healthcare organization to demonstrate compliance when
periodic audits or investigations created consistent and reliable audit trails of every action on sensitive patient
information. Given the critical nature of these audits, there was a significant risk factor for lack of automation.
Implemented Solution
In order to tackle these hindrances, the healthcare organization looked to Jira, a popular tool for IT workflow
management, to make their compliance workflow more automated and sheared. First, HIPAA compliance was
integrated into Jira's ITSM capabilities by adding HIPAA-specific compliance rules in a framework tailored to HIPAA.
Jira was flexible enough to create customized workflows based on organization-specific requirements, which meant
they followed HIPAA standards for handling sensitive data. The most important component of the implemented
Solution was the development of custom Jira workflows that were exactly beholden to the HIPAA compliance
processes (
Ciervo et al., 2019)
. The automated key compliance activities include encrypting patient data, generating
the necessary approval to access patient data, and timely reporting security breaches.
To set up automated alerts and notifications using Jira's powerful workflow engine, we took advantage of the fact
that any deviation from the compliance process immediately flags that deviation for review by the correct
personnel. Moreover, the healthcare organization leveraged several Jira plugins to improve the functionality of the
ITSM compliance workflows. For example, if the Jira Service Management plugin were implemented, IT service
teams would get automated tools to resolve compliance-related tickets and respond faster to compliance violations
or incidents (
Plant, 2019)
. The plugin also included HIPAA-templated templates to assist staff in structuring the
resolution of issues around data breaches and other such incidents.
A second critical part of their approach was the incorporation of Jira Automation to add rules for automating the
approval workflows so that sensitive data access requests are only approved by authorized personnel (Batskihh,
2023). This removed the manual intervention and reduced human error. The Audit Log feature in Jira enabled it to
generate immutable and timestamped records of all interactions with sensitive data, thus fulfilling HIPAA's exacting
requisites of audibility. Therefore, the compliance metrics were seamlessly tracked and reported by integrating Jira
with the organization's other systems (such as patient management and data storage). Integration was achieved at
this point as this integration gave us a unified view of patient data access and security and simplified how to manage
and monitor compliance across several departments.
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
112
Table 3: Workflow Example for Automating HIPAA Compliance in Jira
Workflow Step
Jira Automation Feature
Compliance Outcome
Access Request
Automatic approval process with compliance officer
approval
Ensures only authorized users access sensitive patient
data
Data Encryption
Automates encryption checks before data transfer
Ensures all patient data is encrypted per HIPAA
standards
Breach
Notification
Automated alerts and reports for any data breaches
Provides timely breach reports as required by HIPAA
Results and Benefits
Using Jira as the healthcare organization's main ITSM compliance automation implementation has significantly
impacted operational efficiency and risk management. This helped the organization avoid compliance-related risks,
improve auditability, and streamline the process. Reduction of compliance-related risks was one of the most known
benefits (
Armour et al., 2020)
. The healthcare organization's automated workflows involve data access requests,
encryption, and breach notifications to eliminate any chance of human error when enforcing these processes
consistently. The organization could have automated alerts that would alert it almost instantly if there was any
potential compliance violation, for example, if people were gaining unauthorized access to the patient records so
that it could be addressed immediately. This proactivity of compliance helped minimize the possibility of data
breaches and security incidents.
Another significant advantage of Jira is its built-in Audit Log and reporting capabilities, which facilitate the creation
of automated audit trails. These comprehensive records, readily available to auditors, enable organizations to
present clear, accurate, and up-to-date documentation of compliance-related activities during audits. This not only
saves time and reduces the manual effort involved in collecting and reviewing compliance data but also minimizes
operational costs. For healthcare organizations in particular, this feature enhances accountability
—
an essential
factor in successfully passing regulatory audits and avoiding fines or penalties (Singh et al., 2019).
This type of automation of routine compliance tasks enabled staff to spend more time on more critical and complex
things. For instance, there was automatic routing of data access requests, which previously would have needed to
go through manual approval processes that hit the response times out of the park. In addition, Jira integrated with
other systems, eliminating duplicated data entry and ensuring the information was accurate and updated in other
systems. There was an improvement in the culture of the healthcare organization about compliance. Jira's
compliance workflows provided ease of use and transparency, with staff embracing compliance activities. There
was a lack of ownership and understanding concerning which part of the compliance activity was their
responsibility. This helped to build compliance adherence and trust with patients who can be assured that their
data is being handled securely and performed by HIPAA requirements.
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
113
Figure 3: Jira Service Management ITSM
Overcoming Common Challenges in Automating ITSM Compliance in Jira
Automatically following up on Jira issues with policies using workflows can greatly speed up an organization's
meeting regulatory requirements. Several challenges are encountered during this process. These challenges involve
workflow configuration complexity, integrating legacy systems, organizational resistance, and allowing automation
to grow within the organization.
Complexity of Configuring Compliance Workflows
The problem with automating compliance workflows in Jira is that the workflow is complex, and people need to
configure it to meet various regulatory standards. Despite its flexibility, Jira lacks any automated mechanism for
enforcing compliance because it does not enforce the right thing the first time, and users can easily make mistakes.
Typically, compliance regulations demand a large range of actions to be documented and performed in specific
manners (
Root, 2019)
. The actions include data access restriction, approval process, audit trail logging, and data
encryption. The key catch is associating these regulatory obligations with Jira's workflow automation system. It is
important to plan out all these compliance requirements, such as GDPR data subject rights or SOC 2's confidentiality
requirement, in the Jira workflow configuration.
The challenge lies in navigating regulatory obstacles, which begins with a thorough understanding of applicable
requirements and mapping those to Jira’s capabilities. This process necessitates collaboration between compliance
officers and legal teams to identify all essential steps that can later be automated within Jira workflows. Jira provides
built-in features such as permission schemes, issue security levels, and customizable fields, which support the
creation of automated workflows for compliance-related tasks without the need for manual oversight. Moreover,
plugins like
Jira Compliance
or
Jira Automation
can enhance this process by offering preconfigured templates
aligned with common regulatory standards, thus streamlining implementation in line with industry best practices
(Chavan, 2021).
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
114
Figure 4: Ultimate FAQ: Jira
Handling Legacy Systems and Data Migration
Many organizations, particularly large enterprises, unshackled themselves from the legacy IT systems they depend
on and were not intended to be compliant automation systems. They are difficult to integrate into modern tools
such as Jira (
Dona & Nilindi, 2021)
. Ensuring Jira can play nicely with these older system-based systems without
unloading the compliance requirements is complex. It could also be because how legacy systems can store data is
not by modern compliance frameworks and comes with a high risk of data, security, privacy, or suitability.
Furthermore, data migration from these systems to Jira can further violate compliance as these data are usually not
to be moved over without integrity.
Organizations with a keen strategy for merging legacy systems with Jira must address this challenge. A detailed
review of all the existing systems and the gaps in compliance can be done. IT teams should collaborate with the
access, storage, and transfer rules defined by the laws among the data governance teams. Sensitive data should be
migrated using a secure transfer, so if nothing else, one should legally mandate that end-to-end encryption is used
for data protection while in transit during the transfer. Data migration incrementally and testing it on those levels
will help you identify compliance issues before they go live across the system. Moreover, legacy systems can talk
and update with Jira using API integration, middleware solutions, or partial replacement of the older system.
Integrating these will help fill the gap between old and the latest compliance automation communication tools and
keep compliance workflows intact.
Managing Resistance to Change
The other common hurdle in automating ITSM compliance in Jira is organizational resistance to change
(Ayyash,
2024). Typically, resistance arises from employees familiar with older, manual processes and who are not ready to
embrace new technologies. This resistance can slow down the adoption rate of Jira and make it less likely to achieve
the full Jira automation potential in compliance. Effectively managing the change is the key to fighting this challenge.
This process greatly depends on communication. In order to lean on leaders to utilize automated compliance
workflows and the leads these changes will have for everyone's work. The benefits of automating compliance
workflows must be clearly outlined (
Zayas-Cabán et al., 2021)
. For instance, mentioning that Jira automation will
reduce the time needed to manually review the cases of compliance tasks and address the case of compliance
breach could help gain the support of important stakeholders.
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
115
Training is also crucial. Comprehensive, hands-on training programs will help employees feel more confident using
Jira's compliance automation features. Training sessions for these types of systems should be specific to the needs
of IT personnel preparing the workflows, rented to individuals who will be using the system is responsible on a day-
to-day basis. The aim should be to facilitate a smooth transition by making everyone aware of the value of
automation and how to leverage available tools. Moreover, organizations are also advised to implement a phased
approach. This lets teams gradually get used to the new automated processes so they do not feel overwhelmed.
Early stories can also be very helpful when they help build momentum and are a way to avoid resistance as the
system matures.
Ensuring Scalability of Compliance Automation
It is no secret that growing organizations also have ever-increasing compliance needs. If a solution works for a small
team today, it will not be sufficient to handle an organization's growth or changing regulations. The difficulty of
automating compliance workflows in Jira lies in ensuring a scalable, flexible solution capable of handling future
growth in the number of users, amount of data, or requirements of regulations. One of Jira's greatest strengths is
that it is scalable, but it also is one of the notable aspects that require careful planning when scaling compliance
workflows alongside the organization. Therefore, organizations need to think long-term about the business needs
and the automation frameworks that need to be built that can be adapted to change (
Sarder, 2016)
. It can design
workflows that can be easily updated or modified without upsetting ongoing operations.
One should keep compliance workflows current by checking them regularly and modifying them per new
regulations, business operations, and technological development amendments. Organizations get a governance
framework with regular audits and checks of compliance automation tools and, thus, can make sure Jira workflows
keep up with evolving compliance standards. Jira's cloud and hybrid models can also support scalability. This
solution allows organizations to face increased demand without loss in compliance level and performance.
Additionally, the compliance automation built on Jira can be implemented modularly since plugins and integrations
keep the rules adaptable and scalable as the organization grows.
Automating It from Smoother Compliance towards the Broader DevOps Pipeline
The Role of Compliance Automation in the DevOps Lifecycle
Compliance automation is a key aspect of making compliance a part of the full modern DevOps lifecycle, where it
can be integrated easily with security and regulatory standards in every phase from development to deployment.
Traditionally, compliance checks were performed at the end of the development process or as part of a periodic
audit, slows them down, risks are missed, or fixes are costly. Incorporating compliance into the DevOps lifecycle
allows continuous compliance monitoring, reduces risks, and increases efficiency.
In a DevOps pipeline, the time between a developer and the software's life is fast as developers, operations teams,
and QA work together to build, test, and deliver software (
Mohammed, 2018)
. The development process must be
automated in all stages to comply with regulatory standards like GDPR, SOC 2, and HIPAA. This integration starts at
the code development stage since developers write the code according to the security, privacy, and audit
requirements.
In the continuous deployment integration set, we add compliance checks into the CI and CI D flows. As the code
goes through the pipeline, these checks are stipulated. Automatically, automated security scans, static code
analysis, and policy enforcement can be applied in the build and test phases, and any noncompliant code is flagged
immediately. This practice eliminates the typical one, which is manual compliance checks, which means that the
issues are attended to proactively rather than expanding the release process. Automated reporting tools integrated
with the DevOps pipeline can aid in ensuring compliance in a development process and assist stakeholders in
accomplishing compliance metrics and performance in real time.
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
116
Figure 5: Different Stages of a DevOps Lifecycle
Compliance as Code: Automating Policies with Infrastructure as Code (IaC)
As the name suggests, compliance as code is a game-changing way of thinking about how to think about compliance
requirements and apply them as part of the provisioning of infrastructure using tools that let you be code about it,
the Infrastructure as Code (IaC). As more and more tools such as Terraform, Ansible, or Puppet are used to deploy
and manage the infrastructure and to ensure it complies with our company's policies, we can leverage them to
automate the management of the infrastructure as well as the enforcement of our policies without any human
action.
IaC comes with a code framework that defines the infrastructure and the configurations (
Achar, 2021)
. This means
that infrastructure code can be used to enforce data encryption, access control, and so on in infrastructure code.
IaC tools are hooked into Jira with integrations that automatically provide infrastructure without manual
intervention in a compliant fashion. For example, the compliance policy states that all databases in the production
environment must be encrypted. Terraform or Ansible can code this policy and include it with the provisioning
scripts to ensure this is in place every time new infrastructure is provisioned
(Tripathi, 2023).
The IaC tools can also revalidate the environment against compliance policies, meaning that changes in the
infrastructure will never introduce non-compliance. Jira helps us track compliance status by integrating IaC tools to
see how the infrastructure has performed over time regarding compliance posture. Apart from reducing the
possibility of human errors, automation ensures that every environment, from staging to development to
production, is compliant with the agreed standards right from the time it is first deployed.
Continuous Compliance in DevOps
Another important part of the combination of ITSM compliance automation with the DevOps pipeline is continuous
compliance monitoring. This involves checking the compliance postures of applications, infrastructure, and services
as they go through their lifecycle and then checking them repeatedly. It is crucial in a changing environment that
constantly demands software and infrastructure updates, and compliance requirements may change and evolve.
In DevOps, Dev (Development) and Ops (Operations) are combined to accelerate the delivery of software releases
systematically and automatically test and validate them automatically by automated compliance checks at every
stage of the software release lifecycle. The application and infrastructure configurations can be automatically tested
against compliance policies in the CI/CD pipeline using automation tools. For instance, a tool can automatically scan
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
117
a newly pushed code to find vulnerabilities, misconfigurations, or a security policy violation that may affect
compliance. A violation occurs, the build can be halted, and the problem can be fixed before the code is deployed
(
Nygard, 2018)
.
Runtime monitoring and auditing are also part of the compliance monitoring, not only code scanning. After the
code is deployed for a production environment, automated tools watch infrastructure and applications for
compliance deviation. For example, suppose there is no proper access control measure. In that case, an automated
alert can be triggered, notifying the security or compliance team of a breach when a new server instance is created.
This continuous monitoring insulates you from falling out of compliance over time, such that compliance is always
maintained during the application life cycle, even once the application is deployed. Continuous compliance can be
easily monitored and managed through integrations with different monitoring and alerting tools using Jira. Using
Jira's dashboard and reporting capabilities to have a complete Compliance status picture from the start of the
DevOps pipeline from Development to Production makes it much easier for compliance officers to handle and
provide timely reports.
Bridging IT and DevOps with Compliance Automation
Ensuring collaboration and compliance in a modern enterprise environment between IT and DevOps teams are key
challenges that service providers have to work on. The concern with systems or applications being secure, stable,
and compliant is outside the IT teams' responsibility. At the same time, DevOps should concentrate on application
development testing and deployment at speed. Since these two teams usually do not collaborate, they sometimes
become friction and delay fulfilling the compliance requirements.
Jira bridges the gap between IT and DevOps workflows by enabling compliance automation to become a part of
both workflows. There can be the proper design of Jira workflows to fit IT security and compliance policies, ensuring
seamless communication between IT, security, and development teams while creating the DevOps pipeline's IT
security and compliance policies. For instance, when it comes to compliance, Jira can manage compliance-related
tasks within both teams by tracking compliance violations, tracking remediation efforts, and generating reports
(
Alsaqaf et al., 2017)
.
The centralized system for task management and reporting found in Jira keeps everyone, from the IT and security
officers to the developers and the operations teams, up to speed with compliance. Jira can work as an automated
compliance check, and alerts engine to get the issues routed to Jira so that teams can collaborate and quickly resolve
them. Jira's integration with numerous ITSM tools also provides an overall platform to manage compliance for the
enterprise so that both the IT and DevOps teams can collaborate toward achieving compliance without
compromising the speed and flexibility needed in a DevOps environment.
Through compliance automation between IT and DevOps, organizations can reduce the opportunities for
noncompliance and improve the security and integrity of their applications and infrastructure. Compliance becomes
an inherent aspect of the DevOps culture, continuously monitored, automatically enforced, and collaboratively
managed to avoid hampering innovation or becoming a blocker to delivering software sustainably, securely, and
compliant.
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
118
Figure 6: Platform Engineering Responsibilities
Best Practices for Automating ITSM Compliance in Jira
For enterprises that have to strictly abide by industry regulations such as GDPR, SOC 2, and HIPAA, automating ITSM
compliance in Jira workflow is imperative. While automated workflows can be very useful, holding them up and
ensuring they are both effective and compliant in the future requires work, monitoring, and updating.
Define Clear Compliance Requirements and Workflows
The first step in automating ITSM compliance in Jira includes defining clear compliance requirements and
understanding the laws the whole enterprise needs to follow. With compliance standards such as GDPR, SOC 2, and
HIPAA, there are additional demands about the protection of data, its restricted access, or auditing specifically. Not
knowing or understanding these regulations makes mapping them to Jira workflows impossible. Enterprises must
conduct a complete audit of compliance needs. To fulfill these requirements, firstly, identification of the various
compliance regulations to which their operations must comply and categorizing the sensitive data, and then
determination which workflows need to be automated to comply with the requirements. For instance, in the
healthcare sector, the accessibility to patient data should be restricted to only certain authorized personnel, which
is a basic condition to satisfy under HIPAA (
Moore & Frye, 2019)
. It is also true in the case of financial data that one
must also consider the security and privacy provisions of SOC 2 while dealing with them.
Once the requirements were identified, researchers mapped these regulations to certain Jira workflows. Each Jira
workflow should be designed with the regulation it aims to regulate in mind. For example, the workflows for
managing sensitive data should include automatic jobs for encrypting data, auditing, and controls available to the
data. These workflows further require that permission schemes be integrated so that only the right people can see
or work with the information at their disposal. Establishing compliance requirements from the start, which go hand
in hand with regulatory compliance requirements, organizations set the base to automate ITSM compliance in Jira.
This also means compliance becomes a work in progress that is part of the organization's process rather than
something done after the fact
(Schembera et al., 2023).
Regularly Update Automation Rules
Compliance requirements must always be known and followed, and the regulatory landscape is evolving. This is
why it is recommended that automation rules be checked and updated regularly, as Jira workflows need to be
updated with the industry's existing standards and regulations. Regulatory bodies issue updated guidelines, and
late compliance may result in penalties and damage to the reputation. Enterprises must have a workflow process
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
119
for regularly reviewing their automated workflows and Jira automation rules (
Allard et al., 2019)
. The process should
include monitoring changes to specs and if needed, the impact such changes will have on existing workflows. Such
updates to automation rules keep all aspects of the job related to compliance, for example, data handling, security
measures, and reports, in line with the most recent actuarial.
In addition, automation tools such as Jira Automation, ScriptRunner, or Jira's REST API should be configured to
perform regulatory updates without human intervention. For example, suppose a new GDPR data subject right
requirement is introduced, such as the requirement for the data subject to have the right to obtain data subject
rights. In that case, the automation rule should be updated to process the data subject request according to this
new requirement. Jira can incorporate automated reminders and workflows for data access requests and escalation
rules. Organizations can maintain high compliance assurance and be synchronized with the ever-changing
regulatory requirements by proactively updating automation rules.
User Training and Awareness
One of the most important things to consider for automating ITSM compliance is training the teams responsible for
running Jira workflows and knowing the downstream impact of their actions regarding compliance. Regardless of
the best automation tools, they are only as effective as those using them. If users do not know the compliance
requirements and do not pursue Jira's compliance workflows, they can unintentionally breach compliance
standards, defeating automation's purpose. The main focus for the training programs must be on the employees'
understanding of the compliance regulations they need to be acquainted with and the certain processes already
incorporated into Jira to meet those (
Dona & Nilindi, 2021)
. Training should be tailored to user groups, such as
compliance officers, IT staff, and Jira admins. The knowledge that these actions affect compliance in Jira should be
present in these users, along with understanding how Jira could help facilitate this, such as audit trails, reporting
features, and access control mechanisms.
The company should continuously run awareness initiatives to ensure the implementation of compliance
requirements as part of the company's culture. Training sessions, workshops, or seminars should be regularly
updated to inform employees of compliance regulations and the tools to achieve them. This includes understanding
that automation plays a role in compliance and how automation resolves gaps in compliance when they arise. They
must maintain user training and awareness processes to ensure users continue using the automation workflows
efficiently and securely. This approach to compliance helps maintain compliance in the company and drives a
culture of accountability.
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
120
Figure 7: User Training and Awareness: Ensuring Compliance in Jira Workflows for ITSM Automation
Continuous Monitoring and Review
Compliance automation is vital, but continuous monitoring and review of automated compliance workflows is
equally important to ensure they operate as intended. Compliance automation should not be a set-it-and-forget-it
process. Regular monitoring enables organizations to detect any problem early and stop it from becoming a more
serious compliance violation involving greater resources and efforts (
Russell, 2016)
. Organizations will benefit from
using various Jira monitoring tools and reporting functions available to see the effectiveness of their compliance
workflows. Jira audit logs can be reviewed regularly to see what users are doing on them and if there are any security
gaps or deviations from the standard operating procedure. Jira can also be customized to create compliance
dashboards to display real-time data on compliance metrics, such as the number of open tickets about data access
or unresolved security vulnerabilities.
Organizations may also apply compliance to regular Jira internal audit checks. They should audit to check whether
the automated workflows strictly enforce the compliance policies and comply with regulatory requirements. All
discrepancies or issues that should be addressed as they are shown during these audits could prevent
noncompliance. Continuous monitoring also includes the creation of feedback loops that will allow Jira workflows
to be improved over time. Another example is around automating the ability to update Jira where, for example, if
a particular workflow has been discovered and found to lack the ability to enforce a compliance rule, then we can
modify or enhance the automation rules, and we can also start integrating new tools into Jira where we can.
Organizations can keep their compliance workflows continuously optimized by having the review process on an
ongoing basis, preventing manual intervention or obsolete processes at all costs.
Future Trends in ITSM Compliance Automation
With the explosion of IT Service Management (ITSM) compliance requirements, Jira or any automation tools are
often indispensable for organizations that want to stay compliant and efficient. However, the future of ITSM
compliance automation will be translated into massive leaps with the utilization of new technologies and practices.
Table 4: Trends in ITSM Compliance Automation
Trend
Description
Potential Impact on Compliance Automation
AI and Machine
Learning
Use of AI to predict compliance risks and automate
reporting
More proactive and intelligent compliance monitoring
Blockchain
Using blockchain for tamper-proof audit trails
Enhanced data integrity and security in compliance workflows
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
121
Trend
Description
Potential Impact on Compliance Automation
Technology
Integration with
DevOps
Seamless integration of compliance checks in the
DevOps pipeline
Ensures continuous compliance monitoring throughout the
development lifecycle
The Rise of AI and Machine Learning in Compliance Automation
The automation of ITSM compliance is presented to rely heavily on Artificial Intelligence (AI) and Machine Learning
(ML) technologies in the future. By detecting compliance issues and predicting future problems, Jira's compliance
workflows could be more complaisant with precision and speed. One of the most important AI and ML applications
of ITSM is to predict. Using machine learning-enabled models that use data from previous history and use data to
predict patterns and trends that show compliance risks at an early stage before they become a big issue. For
instance, ML algorithms can take notice of behavior anomalies in Jira. For example, the ML algorithm looks at
behavior within Jira (
Rasiman, 2021)
. It raises the alarm when the user’s access to sensitive data has been
unauthenticated or there is some unusual change in how compliance-related workflows operate. An organization
can then take an early stance against any possible compliance violations leading to a breach, thereby reducing the
chances of a breach.
It also helps to do further data analysis and reporting automation to the compliance audit. AI-driven systems already
exist for generating compliance reports, leaving the need to create these reports purely through manual processes
to quickly analyze a large amount of data and highlight some of the key compliance metrics. This helps reduce
manual audits, improves accuracy, and ensures conformity reviews are carried out consistently and thoroughly. AI
and ML, Jira can be augmented to become a more intelligent self-monitoring platform that adapts more easily to
changing regulatory standards and provides real feedback on how the organization is situated concerning
compliance.
Increasing Integration with Other ITSM and DevOps Tools
Another trend in the future of digital ITSM compliance automation is integrating Jira with other enterprise tools to
create a single integration and compliance ecosystem for IT, security, and operations. ServiceNow, Cherwell, and
Chef are some organizations using ITSM and DevOps tools to handle various aspects of their infrastructure and
workflows. They are no exception. These tools will also ensure a consistent and flawless compliance process that
they must comply with to run smoothly together.
By integrating Jira with other ITSM tools, organizations can automate compliance anywhere other than in the
DevOps and IT pipeline so that compliance checks and policies are adhered to. For example, Jira can be integrated
with Continuous Integration and Continuous Delivery (CI/CD) tools to automatically perform security checks and
compliance verifications during each iteration of the software development lifecycle (SDLC) (
Jawed, 2019)
. By
integrating these tools, the compliance controls can be embedded into the development process so that security
and compliance requirements are embedded into code written, tested, and deployed.
As organizations migrate more of their applications to the cloud and their applications to hybrid cloud
environments, ITSM tools should be integrated with cloud-native tools that enable more efficient compliance
management across various infrastructures. This cross-platform integration will ensure that the same data is
compliant wherever an organization is situated, either in on-prem or cloud environments. Empirically, by
streamlining Jira workflows to other ITSM tools, enterprises can better manage their compliance obligations
without compromising efficiency and security.
Regulatory Changes and the Need for Agile Compliance Solutions
The regulatory environment changes, and awarding bodies have different layers of standards to cater to, changing
as the times do. As such, the compliance processes within said organizations must be adapted accordingly. They
have utmost regulations like the General Data Protection Regulation (GDPR), Health Insurance Portability and
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
122
Accountability Act (HIPAA), or SOC 2, which are updated occasionally to meet new technological developments like
the growing trend of data privacy and cybersecurity threats. That agility in the requirements means they must
develop agile compliance solutions that can quickly adjust to new requirements.
Jira's flexibility and configurability make it an excellent platform to change to these. Automation will come into play
in the future when organizations use it to implement changes to compliance workflows as per changing regulations
quickly (
Kulkarni et al., 2021)
. For example, Jira workflows can be changed so that when a new regulation mandates
how data can be stored or accessed, there is no need for significant manual intervention. This will speed up the
deployment of compliance updates on various teams across the organizations without disrupting their operations.
At the same time, agile compliance solutions will help organizations to more effectively administrate multi-region
and market complexity whilst meeting these compliance frameworks. For instance, global companies need to abide
by local regulations, working in the European Union as an example, such as GDPR, and industry-specific standards,
such as HIPAA in the United States. Through automated compliance management in Jira, customizable workflows
that cater to the particular needs of different regulatory bureaucracies will be facilitated, and these multi-
jurisdictional regulations will be simplified.
Figure 8: Agile Compliance Solutions: Adapting to Evolving Regulations with Flexibility, Automation, and Multi-
Jurisdictional Integration
The Role of Blockchain in ITSM Compliance
Blockchain technology is gaining strength as an effective tool for improving ITSM compliance and automation on
the data integrity and auditability plane. Due to its inherently decentralized nature and unforgeability, Blockchain
is an excellent solution for ensuring compliance data remains secure, transparent, and tamper-proof. Blockchain
can also improve compliance audits in the Jira context by generating an unalterable history of all compliance-related
actions. A specific example is that every action in Jira (new compliance workflow, modification to existing
compliance workflow, approval of a compliance workflow) could be logged into a blockchain ledger. This would
afford a verifiable, tamper-resistant audit trail that would be easily reviewed during a compliance audit. Through
Blockchain, organizations can also ensure compliance records are accurate, confidential, and transparent, giving
them more confidence in how regulators, stakeholders, and buyers view them.
Transactions in Jira workflows, when sensitive data is moved between teams or systems, could be secured by
Blockchain. Real-time encryption of the transactions with Blockchain would allow the sensitive information to be
guarded throughout its lifetime. This ensures that organizations adhere to strict security requirements defined in
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
123
regulations such as GDPR, SOC 2, and HIPAA. A major advantage of Blockchain is that it can mitigate some risks
associated with supply chain compliance. For industries with third-party vendors that play a vital role in compliance
activities like healthcare or finance, Blockchain can be leveraged to verify a vendor's compliance status to affirm
that the vendor adheres to the same regulatory standards (
Shackelford et al., 2017)
. Whenever an organization
wants to incorporate Blockchain into Jira's compliance workflows, this will bring about additional security,
reliability, and transparency in compliance processes.
CONCLUSION
Tools like Jira allow organizations under obligation to maintain the highest level of ITSM compliance workflows,
such as GDPR and HIPAA, to automate the compliance workflows and gain significant benefits from automation. In
the face of higher and higher regulatory pressure for enterprises to protect sensitive data, automate processes, and
maintain certain levels of compliance consistency, Jira has become a benefit and an imperative to leverage for
compliance management. Organizations automate the manual tasks related to compliance, reducing human error,
shortening the process, and assuring that all necessary steps of compliance are done consistently in all parts of the
organization. The automation approach mitigates data breach risks, non-compliance penalties, and reputational
damage. Jira is as flexible and customizable as per the demands that it fits perfectly for the flexibility and complexity
of diverse compliance regulations. Jira features, such as automated task assignments, notification, and approval
processes, help organizations keep track of and manage compliance requirements. Jira’s integration with other
ITSM and DevOps tools helps you get more visibility, accountability, and control when dealing w
ith GDPR’s strict
data privacy rules, SOC 2’s security and processing integrity standards, or HIPAA’s healthcare
-specific mandates.
A proactive approach to automating compliance processes in Jira for high-risk environments where compliance
breaches can be costly. Automation reduces the risk of missing a deadline, forgetting to check for compliance, or
giving people access to sensitive data without permission; rather, compliance is maintained continuously, not
sporadically. Jira also comes with real-time audit logs and reporting tools that ensure transparency and
accountability, and hence, it is easier to follow what actions have been performed and provide proof of compliance
during audits or investigations. Although there are some challenges to automating ITSM compliance workflows in
organizations reliant on legacy systems, entering crafty contracts with the all-knowing ITSM OCRs can be lucrative.
It is important to properly configure Jira workflows to adhere to particular regulations and maintain them, which
requires extensive work. The most problematic integration is between Jira and legacy systems, and middleware
solutions and API integrations are among the most effective ways to fill this gap. Additionally, the compliance
workflows that the organizations have to use need to be scalable and flexible enough such that any regulatory
changes, which tend to be swift updates to existing workflows, can be accommodated. Overcoming these
challenges and maximizing the effectiveness of Jira’s compliance automation cap
abilities will need regular
monitoring, review of automation rules, and continuous staff training.
The next usage of AI, machine learning, and blockchain will be more sophisticated, efficient, and secure compliance
automation. Mathematical techniques such as AI and Machine learning will give rise to deeper insights into
compliance risks, suggesting potential things before they happen and automating more complicated and time-
consuming tasks like data anomaly detection. Blockchain technology promises integrity through tamper-proof audit
trails and more transparent and secure science audits. Jira hackers can automate ITSM compliance workflows to
increase operational efficiency, which helps with the proactive attitude to regulatory compliance in high-risk areas.
Moreover, as standards continue to evolve and technology escalates, Jira will be a cornerstone for supporting and
creating these workflows. Embracing this automation, organizations will not only remain compliant but also cut
down on processes and reduce the risk of penalties, building trust with customers and stakeholders. The faster the
ability to adapt, the more efficient to automate, and the more seamless to integrate in the continuous face of
increasingly complex and different regulatory requirements, the better it is to survive and remain competitive
without letting sensitive data slip unguarded.
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
124
REFERENCE
1.
Abbasi, N., & Smith, D. A. (2024). Cybersecurity in Healthcare: Securing Patient Health Information (PHI), HIPPA
compliance framework and the responsibilities of healthcare providers.
Journal of Knowledge Learning and
Science Technology ISSN: 2959-6386 (online)
,
3
(3), 278-287.
2.
Abouelmehdi, K., Beni-Hessane, A., & Khaloufi, H. (2018). Big healthcare data: preserving security and
privacy.
Journal of big data
,
5
(1), 1-18.
3.
Achar, S. (2021). Enterprise saas workloads on new-generation infrastructure-as-code (iac) on multi-cloud
platforms.
Global Disclosure of Economics and Business
,
10
(2), 55-74.
4.
Ahmad, A., Saad, M., & Mohaisen, A. (2019). Secure and transparent audit logs with BlockAudit.
Journal of
network and computer applications
,
145
, 102406.
5.
Allard, T., Alvino, P., Shing, L., Wollaber, A., & Yuen, J. (2019). A dataset to facilitate automated workflow
analysis.
PloS one
,
14
(2), e0211486.
6.
Alsaqaf, W., Daneva, M., & Wieringa, R. (2017). Quality requirements in large-scale distributed agile projects
–
a
systematic literature review. In
Requirements Engineering: Foundation for Software Quality: 23rd International
Working Conference, REFSQ 2017, Essen, Germany, February 27
–
March 2, 2017, Proceedings 23
(pp. 219-234).
Springer International Publishing.
7.
Armour, J., Gordon, J., & Min, G. (2020). Taking compliance seriously.
Yale J. on Reg.
,
37
, 1.
8.
Ayyash, M. A. I. A. (2024).
Implementing Agile and DevOps at Scale: Identifying Best Frameworks, Practices, and
Success Factors
(Doctoral dissertation, Al-Quds University).
9.
Biswas, A., & Dutta, P. K. (2020, January). Novel approach of automation to risk management: The reduction in
human errors. In
International Conference on Mobile Computing and Sustainable Informatics
(pp. 683-696).
Cham: Springer International Publishing.
10.
Block, S. (2023). How to adapt and implement a large-scale agile framework in your organization. In
Large-Scale
Agile Frameworks: Agile Frameworks, Agile Infrastructure and Pragmatic Solutions for Digital
Transformation
(pp. 65-168). Berlin, Heidelberg: Springer Berlin Heidelberg.
11.
Boda, V. V. R. (2021). Keeping Patient Data Safe in the Cloud: A DevOps Approach.
Journal of Innovative
Technologies
,
4
(1).
12.
Brkan, M. (2019). The essence of the fundamental rights to privacy and data protection: finding the way through
the maze of the CJEU’s constitutional reasoning.
German Law Journal
,
20
(6), 864-883.
13.
Chavan, A. (2021). Eventual consistency vs. strong consistency: Making the right choice in microservices.
International Journal of Software and Applications, 14(3), 45-56.
https://ijsra.net/content/eventual-
consistency-vs-strong-consistency-making-right-choice-microservices
14.
Chavan, A. (2021). Exploring event-driven architecture in microservices: Patterns, pitfalls, and best practices.
International Journal of Software and Research Analysis.
https://ijsra.net/content/exploring-event-driven-
architecture-microservices-patterns-pitfalls-and-best-practices
15.
Ciervo, J., Shen, S. C., Stallcup, K., Thomas, A., Farnum, M. A., Lobanov, V. S., & Agrafiotis, D. K. (2019). A new
risk and issue management system to improve productivity, quality, and compliance in clinical trials.
JAMIA
open
,
2
(2), 216-221.
16.
Dhanagari, M. R. (2024). MongoDB and data consistency: Bridging the gap between performance and reliability.
Journal of Computer Science and Technology Studies, 6
(2), 183-198.
https://doi.org/10.32996/jcsts.2024.6.2.21
17.
Dona, K. L., & Nilindi, C. (2021).
Technology Enabling Requirements Engineer’s Collaboration: The Case of Jira.
18.
Fanto, J. (2016). Dashboard Compliance: Benefit, Threat, or Both.
Brook. J. Corp. Fin. & Com. L.
,
11
, 1.
19.
Goel, G., & Bhramhabhatt, R. (2024). Dual sourcing strategies.
International Journal of Science and Research
Archive
, 13(2), 2155.
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
125
20.
Jawed, M. (2019).
Continuous security in DevOps environment: Integrating automated security checks at each
stage of continuous deployment pipeline
(Doctoral dissertation, Wien).
21.
Kamath, D. (2023). Improving Agile Development Practices.
22.
Kamdjoug, J. R. K., Sando, H. D., Kala, J. R., Teutio, A. O. N., Tiwari, S., & Wamba, S. F. (2024). Data analytics-
based auditing: a case study of fraud detection in the banking context.
Annals of Operations Research
,
340
(2),
1161-1188.
23.
Karwa, K. (2024). The role of AI in enhancing career advising and professional development in design education:
Exploring AI-driven tools and platforms that personalize career advice for students in industrial and product
design.
International Journal of Advanced Research in Engineering, Science, and Management
.
https://www.ijaresm.com/uploaded_files/document_file/Kushal_KarwadmKk.pdf
24.
Konneru, N. M. K. (2021). Integrating security into CI/CD pipelines: A DevSecOps approach with SAST, DAST, and
SCA tools.
International Journal of Science and Research Archive
https://ijsra.net/content/role-
notification-scheduling-improving-patient
25.
Koop, J. (2020). Automated Jira Data Analysis for Optimised Project Supervision and Delay Detection.
26.
Kulkarni, V., Sunkle, S., Kholkar, D., Roychoudhury, S., Kumar, R., & Raghunandan, M. (2021). Toward automated
regulatory compliance.
CSI Transactions on ICT
,
9
, 95-104.
27.
Kumar, A. (2019). The convergence of predictive analytics in driving business intelligence and enhancing DevOps
efficiency. International Journal of Computational Engineering and Management, 6(6), 118-142. Retrieved from
28.
Loukkaanhuhta, M. (2021). Transforming technical IT security architecture to a cloud era.
29.
Mishachandar, B., Vairamuthu, S., & Pavithra, M. (2021). A data security and integrity framework using third-
party cloud auditing.
International Journal of Information Technology
,
13
(5), 2081-2089.
30.
Mohammed, A. (2023). SOC Audits in Action: Best Practices for Strengthening Threat Detection and Ensuring
Compliance.
Baltic Journal of Engineering and Technology
,
2
(1), 62-69.
31.
Mohammed, I. A. (2018). A methodical mapping on the relationship between DevOps and software
quality.
International Journal of Creative Research Thoughts (IJCRT) www. ijcrt. org, ISSN
, 2320-2882.
32.
Moore, W., & Frye, S. (2019). Review of HIPAA, part 1: history, protected health information, and privacy and
security rules.
Journal of nuclear medicine technology
,
47
(4), 269-272.
33.
Nygard, M. (2018). Release it!: design and deploy production-ready software.
34.
Plant, O. H. (2019).
DevOps under control: development of a framework for achieving internal control and
effectively managing risks in a DevOps environment
(Master's thesis, University of Twente).
35.
Raju, R. K. (2017). Dynamic memory inference network for natural language inference. International Journal of
Science and Research (IJSR), 6(2).
https://www.ijsr.net/archive/v6i2/SR24926091431.pdf
36.
Rasiman, R. S. (2021).
A machine learning approach for requirements traceability in model-driven
development
(Master's thesis).
37.
Rehman, N. (2021). Automating Privileged Access Controls to Meet HIPAA and GxP Standards in Healthcare.
38.
Root, V. (2019). The compliance process.
Ind. LJ
,
94
, 203.
39.
Russell, C. S. (2016). Monitoring and enforcement. In
Public policies for environmental protection
(pp. 243-274).
Routledge.
40.
Saarela, A. (2017).
Deployment of the agile risk management with Jira into complex product development
ecosystem
(Bachelor's thesis, A. Saarela).
41.
Sangaroonsilp, P. (2024).
Supporting the Development and Management of Privacy-Aware Software
Applications
(Doctoral dissertation, University of Wollongong).
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijdsml
126
42.
Sarder, R. (2016).
Building an innovative learning organization: A framework to build a smarter workforce, adapt
to change, and drive growth
. John Wiley & Sons.
43.
Schembera, S., Haack, P., & Scherer, A. G. (2023). From compliance to progress: A sensemaking perspective on
the governance of corruption.
Organization Science
,
34
(3), 1184-1215.
44.
Schmid, S. J., Moder, L., Hofmann, P., & Röglinger, M. (2023). Everything at the proper time: Repairing identical
timestamp errors in event logs with Generative Adversarial Networks.
Information Systems
,
118
, 102246.
45.
Seth, S., & Bagalkoti, V. (2019). JIRA report extraction.
46.
Shackelford, S. J., Raymond, A., Charoen, D., Balakrishnan, R., Dixit, P., Gjonaj, J., & Kavi, R. (2017). When
toasters attack: A polycentric approach to enhancing the security of things.
U. Ill. L. Rev.
, 415.
47.
Singh, V., Oza, M., Vaghela, H., & Kanani, P. (2019, March). Auto-encoding progressive generative adversarial
networks for 3D multi object scenes. In
2019 International Conference of Artificial Intelligence and Information
Technology (ICAIIT)
(pp. 481-485). IEEE.
https://arxiv.org/pdf/1903.03477
48.
Singh, V., Unadkat, V., & Kanani, P. (2019). Intelligent traffic management system.
International Journal of
Recent Technology and Engineering (IJRTE)
,
8
(3), 7592-7597.
https://www.researchgate.net/profile/Pratik-
49.
Sukhadiya, J., Pandya, H., & Singh, V. (2018). Comparison of Image Captioning Methods.
INTERNATIONAL
JOURNAL
OF
ENGINEERING
DEVELOPMENT
AND
RESEARCH
,
6
(4),
43-48.
https://rjwave.org/ijedr/papers/IJEDR1804011.pdf
50.
Suleski, T., Ahmed, M., Yang, W., & Wang, E. (2023). A review of multi-factor authentication in the Internet of
Healthcare Things.
Digital Health
,
9
, 20552076231177144.
51.
Thompson, E. C. (2020). Designing a HIPAA-Compliant Security Operations Center. In
Designing a HIPAA-
Compliant Security Operations Center
(pp. 65-92). Apress Berkeley, CA, USA.
52.
Tistelgrén, S. (2023). Utilizing Jira automation tools as a part of value chain in incident management.
53.
Tourani, R., Misra, S., Mick, T., & Panwar, G. (2017). Security, privacy, and access control in information-centric
networking: A survey.
IEEE communications surveys & tutorials
,
20
(1), 566-600.
54.
Tripathi, A. (2023).
Provisioning Secure Cloud Environment Using Policy-as-code and Infrastructure-as-
code
(Doctoral dissertation, Dublin, National College of Ireland).
55.
Waghmare, C. (2019).
Augmenting Customer Experience with SharePoint Online: Building Portals and Practices
to Improve Usability
. Apress.
56.
Wang, K., Zipperle, M., Becherer, M., Gottwalt, F., & Zhang, Y. (2020). An AI-based automated continuous
compliance awareness framework (CoCAF) for procurement auditing.
Big Data and Cognitive Computing
,
4
(3),
23.
57.
Zayas-Cabán, T., Haque, S. N., & Kemper, N. (2021). Identifying opportunities for workflow automation in health
care: lessons learned from other industries.
Applied Clinical Informatics
,
12
(03), 686-697.
