GitLab develops a security and privacy-minded workforce through continuous user education activities and exercises about evolving threats, compliance obligations and secure workplace practices, in order to refine and improve on existing training and to make sure all GitLab team-members are aligned on the values of the organization.
This control applies to all GitLab team-members with certain trainings focused on product engineers and product security PMs.
This control applies to all product engineers and product security PMs.
Control ownership: People Operations Process Owner:
|Control Number||Control Title||Control Statement||Goal||TOD||TOE|
|SAT-01||Security & Privacy-Minded Workforce||GitLab Inc. has implemented mechanisms for security workforce development and awareness controls.||Does the organization facilitate the implementation of security workforce development and awareness controls?||1. Identify policies and procedures responsible for identification and implementation of security awareness and training programs.
2. Examine policies and procedures for: purpose; scope; roles and responsibilities; management commitment; coordination among organizational entities; compliance; and implementation requirements.
|1. Examine formal policies and procedures to confirm evidence and document they are reviewed and approved in accordance to TOD.
2. Pull a population of all training records.
3. Examine training records, or other relevant records, for a sample of security training completion based on organized-designed frequency.