Security blog post: Intersection of Transparency and Compliance/Audit Efforts (publishes April 28)

Proposal

This blog discusses how GitLab maintains its culture of transparency when having to undergo an audit. The content will focus on the experience Security Compliance had during our first SOC 2 Type 1 audit (just successfully passed) and how we balanced GitLab's Transparency value will minimizing the overall surface of the audit. More details: https://gitlab.com/gitlab-com/gl-security/security-communications/communications/-/issues/185#note_308161485

Audiences:

• Existing customers: understand our commitment to transparency, and how we manage that while also ensuring we meet our security compliance obligations which demonstrate that the GitLab product they are using is secure. In addition, will educate readers on our Security - Trust Center where our existing enterprise customers will be able to request a copy of our final SOC 2 report.
• Potential customers will understand who we value transparency with our customers and community and that we're dedicated to ensuring we have a mature security compliance, in part evidenced by our undergoing our fist SOC 2 Type 1 audit. This makes the GitLab product more attractive in the marketplace because it further demonstrates our commitment to security.

Checklist

• If you have a specific publish date in mind (please allow 3 weeks' lead time) April 28
  • Include it in the issue title
  • Give the issue a due date of a minimum of 2 working days prior
  • If your post is likely to be >2,000 words, give a due date of a minimum of 4 working days prior
• If time sensitive
  • Added ~"priority" label and supplied rationale in description
  • Mentioned @rebecca to give her a heads up ASAP
• If wide-spread customer impacting or sensitive
  • Add sensitive label
  • Mention @nwoods to give her a heads up ASAP
• If the post is about one of GitLab's Technology Partners, including integration partners, mention @TinaS and see the blog handbook for more on third-party posts
• Indicate if supporting an event or campaign
• Indicate if this post requires additional approval from internal or external parties before publishing (please provide details in a comment)