As a member of the Engineering organization and the greater Security department, the Security Assurance sub-department provides GitLab customers with a high level of assurance around the security of GitLab service offerings.
There five teams in the Security Assurance sub-department.
Governance & Field Security
The Security Assurance sub department utilizes a variety of tools to carry out day to day activities. The system admin is responsible for the following:
All other actions are the responsibility of the assigned DRI.
|System Name||System Description||Admin||DRI|
|ZenGRC||Key system utilized for initiating, tracking/documenting, and completing Governance, Risk, and Compliance related activities. Access is provided as a standard baseline entitlement for all team members. Refer to the ZenGRC FAQ and ZenGRC Activities handbook pages for additional information.||Rupal Shah||* Security Compliance - Madeline Lake
* Security Risk - Ty Dilbeck
|Anecdotes||Key system utilized for Compliance automation||Rupal Shah||Byron Boots|
|Authomize||Key system utilized by Security Compliance for User Access Reviews||Rupal Shah||Alex Frank|
|OneTrust Vendorpedia QRA||Key system utilized for Privacy, Security, and Data Governance for completing customer questionnaires||Rupal Shah||Marie-Claire Cerny|
|OneTrust Vendorpedia Exchange||System utilized for Privacy, Security, and Data Governance for TPRM||Rupal Shah||Ty Dilbeck|
|ProofPoint||Key system utilized for the creation and distribution of our security training and phishing simulations to provide ongoing testing for adherence of various compliance frameworks.||Rupal Shah||Rupal Shah|
|BitSight||Independent Security Rating Platform configured to monitor GitLab's security, identify potential vulnerabilities, and benchmark our security against our competitors. Additionally, BitSight is used to assess and monitor software vendors as part of our Third Party Risk Management Program.||Rupal Shah||Jeff Burrows|
|GitLab - Security Assurance Projects||Primarily used to engage stakeholders via issues, updates to Security Assurance related handbook pages, etc.||Julia Lake||Each Team is responsible for their Projects, but everyone can contribute|
Check out these great security resources built with our customers in mind: