Our Mission is to advance customer trust with a focus on customers operating in highly regulated industries or who otherwise have unique security and compliance requirements. We will accomplish this mission by:
For more information on the direction of the GitLab Dedicated category, please see this page.
As a member of the Security Assurance sub-department, and fork of the existing Security Compliance team, we share many of the same core competencies. The difference between our teams is in the product/system scope (GitLab Dedicated and any future offerings for highly regulated markets) and the security certifications we are pursuing.
Some of our work is not public for now. Please see the internal handbook to find out more about what our team is working on, or reach out to us.
Security Compliance is part of the 2nd line of defense and our goal is identify and treat risks early before they have more severe impacts later on (i.e. regulatory or reputational). We strive to partner with the 1st line of defense (Engineering, Product, and other parts of the organization) to shift compliance left where it is both more effective and less burdensome. To achieve that vision, we need to focus on the following areas and solicit feedback from other parts of the organization:
We primarily work out of projects in our Dedicated Compliance team subgroup, the Security Department and Security Assurance parent groups, the GitLab Dedicated issue tracker, and the Security Compliance Observation Management project.
|Security Compliance (Dedicated Markets) team manager||@corey-oas||FedRAMP Authorization Program and compliance/certification roadmap for GitLab Dedicated and GitLab Dedicated for U.S. Government)|
|GitLab Dedicated security compliance||@dchangkuon||Continuous monitoring, gap assessments, and external audit coordination (e.g. SOC 2 Type 2).|
|FedRAMP Information System Security Officer (ISSO)||@niben01||FedRAMP vulnerability posture reporting, maintaining Plan of Action & Milestone reporting, and deviation requests|
|FedRAMP Continuous Monitoring Program||@kbray||Continuous monitoring improvements and automation, significant change identification, and compliance documentation maintenance|
@sec-compliance-teamto reach the entire Security Compliance team
#sec-assuranceslack channel is the best place for questions relating to our team (please add the above tag)
Here are our team's GitLab.com subgroups and projects