- You are here:
- Financial Services Regulatory Compliance
Examples (TODO remove this before linking from other pages)
GitLab is used extensively to achieve regulatory compliance in the financial services industry. This page details the relevant rules, the principles needed to achieve them, and the features in GitLab that make that possible.
Regulators and regulations
- America: FEB in the US, also see the FFIEC IT Handbook
- Europe: FCA and PRA in the UK, FINMA in Switzerland
- Asia: MASin Singapore and HKMA
TODO Add links to relevant sections of the regulations.
Separation of duties
- You never merge your own code.
- All code needs to be peer reviewed.
- Only authorized people can approve the code.
- You need a log of who approved it
- Protected branches https://docs.gitlab.com/ee/user/project/protected_branches.html
- Merge request approvals https://docs.gitlab.com/ee/user/project/merge_requests/merge_request_approvals.html
- Unprotect permission https://about.gitlab.com/2018/04/22/gitlab-10-7-released/#protected-branch-unprotect-permissions
- Future: Two person rule, https://en.wikipedia.org/wiki/Two-man_rule for admins
- Revert rollout fast
- Automated deploy
- Revert button
Review apps Great for testing algo changes.
- Manual deploy (with audit log)
- Approvers (in branch)
- Prevent vulnerabilities
- Make sure all code is scanned 1.
- Dependency scanning
- Container scanning
- Future: Dashboards
GitLab replaces the following solutions:
- Jfrog X
- HP Fortify
Also see our security paradigm for more information on why GitLab security tools work better.
- Audit logs
- Container image retention
- Artifact retention
- Test result retention
- Future: Disable squash of commits
- Future: Prevent purge
- License manager
- Stay available.
- No SPOF
- Quick recovery.
- Geographic distribution
State of art
- GitLab is in use in financial services.
- Both relevant US regulators run GitLab themselves.
- 2,000 code contributors
- 100,000 organizations
- millions of users
Everyone can contribute
Please email suggestions
MRs are very welcome, assign to.