Telesign - Tech Stack - Add New System

Tech Stack - Add New System

Business/Technical System Owner or Delegate to Complete

Please do not merge before the Business Systems Analysts have reviewed and approved.

• Rename this MR's title to [System Name] - Tech Stack - Add New System

General Tech Stack Entry Tasks

1. Link the Procurement Requisition for the New System (if third-party System):
   • https://gitlab.ziphq.com/request/51f98cf4-fe67-446c-aa26-bd1714516271
2. Populate all data fields for the New System within the 'Changes' tab of this MR. Commit when ready. More instructions are here.
3. Is this New System replacing an existing System in the Tech Stack?
   • Yes - Delete that existing System's entry from the Tech Stack using this MR as well. Next, create a Tech Stack Offboarding Issue.
     • [Issue link]
   • No

Access Tasks

1. Create an Issue to add the Provisioner(s) of the New System to the appropriate Google/Slack/GitLab groups. Note: If the Provisioner(s) of this System is already part of the Provisioner groups, skip this step. Please replace the [Issue link] placeholder below with N/A - Already in Provisioner groups.

   • [Issue link]

2. Add the New System to one of two Offboarding templates below. More instructions are here.

   • Option 1 - Main Team Member Offboarding template
     • [MR link]
   • Option 2 - Department-level Offboarding template folder
     • [MR link]

3. Is the New System configured for Okta Single Sign On?

   • Yes
   • No. Please complete this Issue template. Reference the Third Party Minimum Security Standards.
     • [Okta SSO Issue link]

Data Warehouse Question

1. Does data from the New System need to be integrated into Snowflake, the Enterprise Data Warehouse (EDW) for reporting and analytics?
   • Yes - Create a 'New Data Source' Issue in the Data Project to discuss cost, development, etc. with the Data team.
   • No

Examples of System data integrated into Snowflake (EDW):

• The data will be used as part of a new Key Performance Indicator or Performance Indicator.
• The data needs to be part of lead-to-cash analysis.
• The data needs to be joined with Marketo, Salesforce, or NetSuite data for cross-System analysis.

Privacy Team to Complete

If the New System contains Personal Data, has a Privacy Review been completed?:

1. If System contains Orange (internal only)/Red Personal Data:
   • Yes - Link a completed Vendor Privacy Review Issue, Coupa approval, or Zip approval
   • No - **Complete **Privacy Review Issue
2. If System contains Yellow Personal Data (GitLab Team Member Names/Emails):
   • Yes - a Data Processing Agreement (DPA) was executed between GitLab and the Vendor
   • No - a DPA is not in place - Privacy Team will be in contact about completing a DPA, which is required for this Tech Stack Addition
3. If System contains only Green Data or contains no Personal Data, a Privacy Review is not required.

Security Logging Team to Complete

• @gitlab-com/gl-security/engineering-and-research/security-logging Security Logging Team reviews and follows the Critical Logging Methodology Process
  • If applicable, Add/Change/Remove Logging Issue Request

Security Risk Team to Complete

• The Security Risk Engineer who created this MR should self-assign and unassign @ndevarajan, as applicable.
• Create TS Add and BIA Tracking Issue:
  • New System - Telesign - TS Add and BIA Tracking

Business Technology Team to Complete

To-do before merging ( @marc_disabatino)

• Ensure all sections/action items are completed.

/cc @gitlab-com/internal-audit @disla @gitlab-com/gl-security/security-assurance/security-risk-team