Merge branch 'nduff/compliance' into 'master'

add items to ensure compliance logging is configured if required See merge request !167

Merge branch 'nduff/compliance' into 'master'
6ea14889 · Nick Duff · 4cd44c35 · 862d385e · 6ea14889
Commit 6ea14889 authored 1 year ago by Nick Duff
--- a/.gitlab/issue_templates/production_readiness.md
+++ b/.gitlab/issue_templates/production_readiness.md
@@ -139,8 +139,10 @@ _This Guide is just that, a Guide. If something is not asked, but should be, it

 - **Logging & Audit**
  - [ ] **Has effort been made to obscure or elide sensitive customer data in logging?**
+  - [ ] **Ensure we are keeping required access and audit logs for compliance, and only what is necessary.**

 - **Compliance**
+    - [ ] **Ensure appropriate logs are being kept for complaince and requirements for retention are met.**
    - [ ] **Is the service subject to any regulatory/compliance standards? If so, detail which and provide details on applicable controls, management processes, additional monitoring, and mitigating factors.**
    - [ ] If the data classification = Red for the new environment, please create a [Security Compliance Intake issue](https://gitlab.com/gitlab-com/gl-security/security-assurance/security-compliance-commercial-and-dedicated/security-compliance-intake/-/issues/new?issue[title]=System%20Intake:%20%5BSystem%20Name%20FY2%23%20Q%23%5D&issuable_template=intakeform).