The above are for GitLab Team Members only. Customers should contact their GitLab Account Owner to initiate their requests. If a customer doesn't know their Account Owner or does not yet have an assigned Account Owner, they can contact the sales team. Once you have submitted the issue, it is now in our queue and will be assigned to one of our Field Security Engineers when it is next up (please see SLA's listed below).
It's no surprise that GitLab Customers and Prospects conduct Security due diligence activities prior to contracting with GitLab. We recognize the importance of these reviews and have designed this procedure for GitLab Team Members to request Customer Assurance Activities.
We will start all CAA requests (with the exception of Contract Reviews) by sending the Customer Assurance Package to the customer. The CAP will answer many of the customers questions and will enable us to provide the customer with a more efficient and comprehensive experience. Please select the appropriate box for your request below, it will direct you to an issue template on our board.
Please be sure to complete all of the requested information in the template, and please reach out to us in #sec-fieldsecurity with any questions.
Please do not assign the issue. Field Security will assign the issue to the appropriate team member. Thank you!
Please use the Customer Request Box above and follow the instructions.
Please follow the directions above for submission, and for more information about our RFP process please view our RFP page here.
Please use the Contract Review Box above and follow the instructions.
The Field Security Team also maintains the following resources for GitLab Team Members to collaborate with us!
For information on how Field Security uses AnswerBase and how it can support your workflows, please visit our AnswerBase page.
The Field Security Team has the unique privilege of conversing with and receiving feedback from both customers and fellow GitLab team members. To ensure we always support our customers, Field Security follows GitLab's observation creation procedure to relay customers' requirements or concerns internally to the appropriate teams. To proactively request feedback from Field Security, use the Internal Feedback button to open a request.
Note: Field Security's observations must follow the Field Security Observation and OFI Quality Guide
NDA Required Customer Assurance Pacakge (that includes our SOC2 report), utilize the Request by Email option.In the spirit of iteration, GitLab is continuously evolving our list of compliance self-attestations. Completed self-attestations are reviewed annually for continued applicability and can be found in our Customer Assurance Package. Customers can submit suggestions and requests for new self-attestations through their Account Manager. GitLab team members can submit recommendations for future compliance assessments through the Regulatory Security Compliance Feedback and Field Research epic.
Security Questionnaires: 10 Business Day. SA or CSM will utlize AnswerBase and/or other self-service resources prior to requesting Field Security assistance. SA or CSM will ensure everyone on the Field Security team has access to any files or portals.
Contract Reviews: 5 Business Days. The VP of Security must be engaged in all Contract Reviews.
Customer Calls: SA or CSM will provide context to the Customer or Prospects questions or concerns prior to the meeting. Field Security will provide a PowerPoint presentation with critical information about GitLab Security and specifics to the Customer or Prospect's request. The VP of Security must be invited to all Customer Meetings.
Security Documents: 2 Business Days. SA or CSM must provide the name and email address of the recipient.
If the Account Owner or Customer Success point of contact feel they have sufficient knowledge and resources to complete a Customer Assessment, this procedure does not have to used. These exceptions will not be tracked.