It's no surprise that GitLab Customers and Prospects conduct Security due diligence activities prior to contracting with GitLab. We recognize the importance of these reviews and have designed this procedure for GitLab Team Members to request Customer Assurance Activities.
We will start all CAA requests (with the exception of Contract Reviews) by sending the Customer Assurance Package to the customer. The CAP will answer many of the customers questions and will enable us to provide the customer with a more efficient and comprehensive experience. Please select the appropriate box for your request below, it will direct you to an issue template on our board. Please be sure to complete all of the requested information in the template, and please reach out to us in #sec-fieldsecurity with any questions.
Please use the
Main Template and follow the instructions.
Please use the
Contract Review Template
Once you have submitted the issue, it is now in our queue and will be assigned to one of our Field Security Engineers when it is next up (please see SLA's listed below).
The above processes are for GitLab Team Members only. Customers should contact their GitLab Account Owner to initiate their requests. If a customer doesn't know their Account Owner or does not yet have an assigned Account Owner, they can contact the sales team.
The Field Security Team also maintains the following resources for GitLab Team Members to collaborate with us!
NDA RequiredCustomer Assurance Pacakge (that includes our SOC2 report), utilize the
Request by Emailoption.
In the spirit of iteration, GitLab is continuously evolving our list of compliance self-attestations. Completed self-attestations are reviewed annually for continued applicability and can be found in our Customer Assurance Package. Customers can submit suggestions and requests for new self-attestations through their Account Manager. GitLab team members can submit recommendations for future compliance assessments through the Regulatory Security Compliance Feedback and Field Research epic.
Security Questionnaires: 10 Business Day. SA or TAM will utlize AnswerBase and/or other self-service resources prior to requesting Field Security assistance. SA or TAM will ensure everyone on the Field Security team has access to any files or portals.
Contract Reviews: 5 Business Days. The VP of Security must be engaged in all Contract Reviews.
Customer Calls: SA or TAM will provide context to the Customer or Prospects questions or concerns prior to the meeting. Field Security will provide a PowerPoint presentation with critical information about GitLab Security and specifics to the Customer or Prospect's request. The VP of Security must be invited to all Customer Meetings.
Security Documents: 2 Business Days. SA or TAM must provide the name and email address of the recipient.
If the Account Owner or Customer Success point of contact feel they have sufficient knowledge and resources to complete a Customer Assessment, this procedure does not have to used. These exceptions will not be tracked.