QUICK START GUIDE · FOR JIRA CLOUD · ATLASSIAN FORGE
The NIS2 Compliance Monitor for Jira is a Governance, Risk, and Compliance (GRC) tool that
automatically detects potential cyber incidents in your Jira workflows, enforces the three mandatory reporting
deadlines of Directive (EU) 2022/2555 (NIS2 Article 23), and generates immutable PDF audit
records.
This page covers installation and initial setup. For a complete reference — privilege
levels, all configuration fields, detection logic, update delays, and the full three-stage workflow — see the
Full User Guide →
The Three Legal Deadlines
From the Moment of Awareness (when the breach is confirmed), NIS2 Article 23 mandates three
escalating submissions to your national authority:
Stage 1 — Early Warning: within 24 hours
Stage 2 — Full Notification: within 72 hours
Stage 3 — Final Report: within 30 days
The app tracks all three simultaneously from the moment a breach is confirmed. Deadlines are fixed by law and
cannot be configured.
1. Accessing Global Settings
Before the app can detect incidents, a Jira Administrator must configure it.
In Jira, click Apps in the left sidebar navigation, then select NIS2 Compliance Center.
Click the Configuration tab — fill in the fields and click Save Configuration.
You must be a Global Jira Administrator to access this page. Alternatively, once configured, any
member of the Officer Group you specify also gains access.
2. Required Configuration
Detection Scope
Keywords — Comma-separated terms scanned in issue summaries and descriptions. Example:
ransomware, data breach, unauthorized access, exfiltration
Monitored Projects — Comma-separated Jira project keys (e.g. SEC, IT, OPS).
Leave blank to monitor all projects.
Monitored Issue Types — Comma-separated issue types (default:
Security, Incident). Leave blank to match all types.
Trigger Priorities — A keyword match only activates breach detection if the issue priority
is also on this list (default: High, Highest, Critical, P1).
Escalation Behaviour
Auto-Escalate — When off (default), keyword + priority matches require an officer to
manually confirm the breach. When on, they are treated as confirmed breaches immediately.
Low Priority Failsafe — When on (default), keyword matches on issues below your trigger
priority threshold still add a nis2-review-required label and post a comment for human triage.
Notification Target — The raw Atlassian Account ID of the person @mentioned in
review-required comments. Find this in Jira user management. Leave blank for no mention.
Organisation Identity (pre-fills PDF reports)
Organisation Name, Sector, Jurisdiction — Your company's legal details and EU member state
regulator.
Compliance Contact Name & Email — The person regulators should contact.
Officer Group — A Jira group whose members get NIS2 Officer privileges without needing
full Jira Admin. The group must already exist in Jira.
3. How Detection Works
Anti-Alert Fatigue Logic
What happens on a keyword match depends on two settings — Auto-Escalate and Low Priority Failsafe:
Breach DetectedKeyword + Trigger Priority match, Auto-Escalate ON:
Immediately confirmed — adds nis2-breach and nis2-notified labels and starts the three-stage SLA clock automatically.
Review RequiredKeyword + Trigger Priority match, Auto-Escalate OFF (default):
Posts a review comment and adds nis2-review-required. An officer must click 🚨 Confirm Security Breach to confirm — the SLA clock starts only at that point.
Review RequiredKeyword match, priority NOT in Trigger Priority list, Low Priority Failsafe ON (default):
Silently adds nis2-review-required — no Jira comment, no @mention. The issue appears in the War Room dashboard for passive review. Acts as a safety net for genuine incidents logged with the wrong priority, without generating noise in the issue activity feed.
No action — keyword match, priority not in trigger list, Failsafe OFF: the issue is silently ignored.
Detection runs automatically on every issue create and update event via Atlassian Forge webhooks. If the initial
notification fails (e.g. a temporary Jira outage), a background job retries automatically every hour.
4. The Compliance Panel (Issue Sidebar)
Open any Jira issue. The NIS2 Compliance panel appears in the right sidebar.
When status is REVIEW REQUIRED
Click 🚨 Confirm Security Breach to confirm the incident and start the SLA clock, or
Click Dismiss False Alarm to mark it as a false positive (nis2-dismissed).
When status is BREACH DETECTED
Fill in the incident report form (jurisdiction, impact details, incident type, detection date).
Click Save & Preview Draft to save progress and review the report payload — the draft reloads automatically next time you open the
panel.
Click 📎 Submit & Advance Stage — this generates a structured internal audit record
as a PDF, attaches it directly to the Jira issue from your browser (it never passes through Velozar Labs
servers), advances the compliance stage, and posts an immutable audit comment recording the submitting
officer and timestamp. This PDF is your organisation's internal evidence of process compliance — the formal
submission to your national authority is made separately through their web portal.
Repeat for Stage 2 (72h) and Stage 3 (30 days) as each deadline approaches.
Stage 2 unlocks additional mandatory fields: incident severity, indicators of compromise,
mitigation steps, and affected services. Stage 3 further requires root cause analysis and
lessons learned.
5. The War Room Dashboard
Click Apps in the Jira left sidebar, then select NIS2 Compliance Center to access the central dashboard showing
all active breach issues across your organisation, sorted by urgency:
Review Awaiting human triage — not yet confirmed as a breach.
Overdue A stage deadline has passed without submission.
Pending Active breach, deadline still ahead.
Stage 1 / 2 Done Stage submitted, next stage in progress.
Compliant All three Article 23 stages submitted.
6. Frequently Asked Questions
Does Velozar Labs have access to our Jira data?
No. The app is built on Atlassian Forge — a zero-egress architecture. Your Jira data is never
transmitted to, processed by, or stored on Velozar Labs servers. All processing happens natively inside your
Atlassian Cloud environment.
Why didn't an issue trigger an alert?
Check three things in Global Settings: (1) the issue's Project Key is in Monitored Projects, (2)
the Issue Type is in Monitored Issue Types, and (3) the Priority is in Trigger
Priorities. All three must match. Also verify the keyword appears in the issue summary or description text — not
just in a label or comment.
Can we query NIS2 data in Jira JQL?
Yes. The app writes standard Jira labels you can use in any JQL search:
labels in (nis2-breach, nis2-review-required) ORDER BY created DESC
See the labels reference in the Full User Guide for the complete list.
I need more detail on privilege levels, caching, or the PDF report fields.