IT Security and Compliance works collaboratively with multiple functional teams throughout the GitLab organization. We partner with our Security and Legal teams to identify and manage privacy, data protection risks, and compliance requirements to help meet stakeholder expectations. We also partner with Management, Business Teams, and our Data Team to implement solutions.
Our work can be tracked in the IT Compliance GitLab Group.
Note The Compliance Access Review Project is where we are logging and storing the main issue IT Compliance uses to complete User Access Reviews. The actual User Access Review issues are still being tracked in our Access Request Project.
The IT Audit and Compliance function at GitLab is here to ensure as a company we are ready to pass a SOX Audit for our IT General Controls (ITGC). IT Audit and compliance builds the processes that allow us to stay compliant over time. The IT Security function at Gitlab is here to reduce the threat landscape to our internal tech stack, report on our existing security posture, and respond to security findings requiring mitigation. We are specialized around Business Technology and that is our area of focus. Our work rolls up to the overall Security portfolio of Audit and Compliance.
Our IT Compliance and IT Security boards are where some of our work can be tracked. If you need help with anything or have any questions, you can add our label
IT Compliance or
IT Security to the issue. If you are unsure of who you need to engage, IT Compliance or IT Security, please tag
@gitlab-com/business-technology/it-compliance and someone will assist. You can also find us hanging around in the #it_security_help slack channel.
The most common ITGCs:
GitLab’s IT Audit Function will focus on the following for the next 3 months:
IT Compliance works closely with our Security Compliance team to ensure that GitLab's Business Continuity Plan is up to date.
IT Compliance works closely with our internal business partners for all Enterprise Application Change Management. More information can be found in our Business Technology Change Management handbook page.
IT Security and Compliance have some tools at our disposal in order to help the company maintain a SAFE and Secure. These tools include a VPN Solution NordLayer and a Google Drive security tool called Nira. Please follow the link above for more information about these tools. If you have any questions about these tools, please reach out in the #it_security_help Slack channel.