It is the goal of the GitLab Security Compliance teams to:
A member of the Security Assurance organization, these are the primary functions of the Security Compliance teams:
Program | DRI | Responsibilities |
---|---|---|
GitLab's Security Control Framework (GCF) | @lcoleman | Establishment, monitoring, and iteration of the GCF control set |
Observations | @madlake | Management overview of the Observation Program including observation documentation, workflows and observation assignment |
SOC | @madlake | SOC preparation and documentation, external audit hosting, remediation activities |
ITGC | @byronboots | ITGC Handover and automation improvements, external audit hosting, remediation activities |
ISO | @lcoleman | ISO preparation and documentation, external audit hosting, remediation activities |
User Access Reviews | @alexfrank09 | Oversight of UAR Program/ Automated UAR Tool to help minimize threats and provide assurance that the right people have access to critical systems and infrastructure |
Gap Analysis | @DanEckhardt | Overseeing & iterating on gap analysis program/procedures, review/assignment of gap analysis requests, gap analysis status tracking |
Program | DRI | Responsibilities |
---|---|---|
GitLab Dedicated | @dchangkuon | Continuous monitoring, gap assessments, and external audit coordination (e.g. SOC 2 Type 2). |
FedRAMP Information System Security Officer (ISSO) | @niben01 | FedRAMP Vulnerability Deviation Requests, monthly Plan of Action & Milestone reporting, and security compliance oversight |
FedRAMP Continuous Monitoring Program | @kbray | Continuous monitoring improvements, significant change identification, and compliance documentation maintenance |
@commerical_compliance
or @sec-compliance-team
to reach the entire Security Compliance team@gitlab-com/gl-security/security-assurance/security-compliance-commercial-and-dedicated/sec-compliance
security-compliance@gitlab.com