As a member of the Security department, the Security Assurance sub-department provides GitLab customers with a high level of assurance around the security of GitLab SaaS service offerings.
There are five teams in the Security Assurance sub-department.
Governance & Field Security
The Security Assurance sub department utilizes a variety of tools to carry out day to day activities. The system admin is responsible for the following:
All other actions are the responsibility of the assigned DRI.
|System Name||System Description||Admin||DRI|
|ZenGRC||Key system utilized for initiating, tracking/documenting, and completing Governance, Risk, and Compliance related activities. Access is provided as a standard baseline entitlement for all team members. Refer to the ZenGRC FAQ and ZenGRC Activities handbook pages for additional information.||Donovan Felton||* Security Compliance - Madeline Lake
* Security Risk - Ty Dilbeck
|Anecdotes||Key system utilized for Compliance automation||Donovan Felton||Byron Boots|
|Authomize||Key system utilized by Security Compliance for User Access Reviews||Donovan Felton||Alex Frank|
|OneTrust Vendorpedia QRA||Key system utilized for Privacy, Security, and Data Governance for completing customer questionnaires||Donovan Felton||Marie-Claire Cerny|
|OneTrust Vendorpedia Exchange||System utilized for Privacy, Security, and Data Governance for TPRM||Donovan Felton||Ty Dilbeck|
|ProofPoint||Key system utilized for the creation and distribution of our security training and phishing simulations to provide ongoing testing for adherence of various compliance frameworks.||Donovan Felton||Joe Longo|
|BitSight||Independent Security Rating Platform configured to monitor GitLab's security, identify potential vulnerabilities, and benchmark our security against our competitors. Additionally, BitSight is used to assess and monitor software vendors as part of our Security Third Party Risk Management Program.||Donovan Felton||Jeff Burrows|
|GitLab - Security Assurance Projects||Primarily used to engage stakeholders via issues, updates to Security Assurance related handbook pages, etc.||Julia Lake||Each Team is responsible for their Projects, but everyone can contribute|
Check out these great security resources built with our customers in mind: