IT Compliance

IT Compliance works collaboratively with multiple functional teams throughout the GitLab organization to ensure compliannce with various requirements related to financial reporting and security.

Who We Are

The IT Compliance function at GitLab is here to ensure as a company we are ready to pass a SOX Audit for our IT General Controls (ITGC). IT compliance builds the processes that allow us to stay compliant over time. We are specialized around Business Technology applications and that is our area of focus.

How to reach out to us?

IT Compliance works collaboratively with multiple functional teams throughout the GitLab organization. We partner with Management and our Business Teams to implement solutions. Our primary focus today is related to identifying and ensuring audit readiness for in scope SOX applications, however, there is a need to continue to expand the body of work into BCP planning, IAM advisory, and assist on other security initiatives.

Our work can be tracked in the IT Compliance GitLab Group.

Our Mission

  1. Identify and secure applications that are deemed to fall under SOX compliance.
  2. Ensure that only current employees have access to the applications and the appropriate actions.
  3. Monitor all changes to SOX systems to ensure auditability and compliance with SOX level change management.
  4. Constantly iterate to simplify processes and drive automation for efficiency. Goal is to weave these processes into the fabric of work so they are not noticed.
  5. Work to reduce audit scope by enhancing general controls.

How we work

Our IT Compliance board are where some of our work can be tracked. If you need help with anything or have any questions, you can add our label IT Compliance to the issue. If you are unsure of who you need to engage, IT Compliance, please tag @gitlab-com/business-technology/it-compliance and someone from IT Compliance will assist.

What we do

IT Compliance SOX program responsibilties

  • Single point of contact for IT owned applications for ITGCs
  • Participate in walkthroughs
  • Support operating effectiveness testing by KPMG and IA
  • Facilitate ITGC remediations
  • Onboarding new application for ITGCs owned by IT
  • Facilitate SOX UARs for systems and key reports
  • Facilitate SOD reviews for key SOX financial applications

IT General Controls

Most Common:

The most common ITGCs:

  • Logical access controls over infrastructure, applications, and data
  • System development life cycle controls
  • Program change management controls
  • System and data backup and recovery controls
  • Computer operation controls

GitLab’s IT Complaince Function will focus on the following for the next 3 months:

  • Continuing to mature our access and change management programs
  • System development life cycle controls
  • Program change management controls
  • System data backup and recovery controls

Business Continuity Plan

IT Compliance works closely with our Security Compliance team to ensure that GitLab’s Business Continuity Plan is up to date. In the future, we will look to expand or capabilities to further ensure we are doing more in the area of BCP and resiliency to ensure we are meeting all requirements.

Business Technology Change Management

IT Compliance works closely with our internal business partners for all Enterprise Application Change Management. More information can be found in our Business Technology Change Management handbook page.

Last modified March 22, 2024: IT Compliance R&R changes (a124dfe3)