Workshop - Tech Stack - Add New System
Tech Stack - Add New System
Business/Technical System Owner or Delegate to Complete
Please do not merge before the Business Systems Analysts have reviewed and approved.
-
Rename this MR's title to [System Name] - Tech Stack - Add New System
General Tech Stack Entry Tasks
-
Link the Procurement Requisition for the New System (if third-party System): -
Populate all data fields for the New System within the 'Changes' tab of this MR. Commit when ready. More instructions are here. -
Is this New System replacing an existing System in the Tech Stack? -
Yes - Delete that existing System's entry from the Tech Stack using this MR as well. Next, create a Tech Stack Offboarding Issue. -
No
-
Access Tasks
-
Create an Issue to add the Provisioner(s) of the New System to the appropriate Google/Slack/GitLab groups. Note: If the Provisioner(s) of this System is already part of the Provisioner groups, skip this step. Please replace the [Issue link] placeholder below with N/A - Already in Provisioner groups
.- N/A - Already in Provisioner groups
-
Add the New System to one of two Offboarding templates below. More instructions are here. -
Option 1 - Main Team Member Offboarding template - [MR link]
-
Option 2 - Department-level Offboarding template folder
-
-
Is the New System configured for Okta Single Sign On? -
Yes -
No. Please complete this Issue template. Reference the Third Party Minimum Security Standards. - [Okta SSO Issue link]
-
Data Warehouse Question
- Does data from the New System need to be integrated into Snowflake, the Enterprise Data Warehouse (EDW) for reporting and analytics?
-
Yes - Create a 'New Data Source' Issue in the Data Project to discuss cost, development, etc. with the Data team. -
No
-
Examples of System data integrated into Snowflake (EDW):
- The data will be used as part of a new Key Performance Indicator or Performance Indicator.
- The data needs to be part of lead-to-cash analysis.
- The data needs to be joined with Marketo, Salesforce, or NetSuite data for cross-System analysis.
Privacy Team to Complete
If the New System contains Personal Data, has a Privacy Review been completed?:
-
If System contains Orange (internal only)/Red Personal Data: -
Yes - Link a completed Vendor Privacy Review Issue, Coupa approval, or Zip approval -
No - **Complete **Privacy Review Issue
-
-
If System contains Yellow Personal Data (GitLab Team Member Names/Emails): -
Yes - a Data Processing Agreement (DPA) was executed between GitLab and the Vendor -
No - a DPA is not in place - Privacy Team will be in contact about completing a DPA, which is required for this Tech Stack Addition
-
-
If System contains only Green Data or contains no Personal Data, a Privacy Review is not required.
Security Logging Team to Complete
-
@gitlab-com/gl-security/engineering-and-research/security-logging Security Logging Team reviews and follows the Critical Logging Methodology Process - If applicable, Add/Change/Remove Logging Issue Request
Security Risk Team to Complete
-
The Security Risk Engineer who created this MR should self-assign and unassign @ndevarajan
, as applicable. -
Create TS Add and BIA Tracking Issue:
Business Technology Team to Complete
@marc_disabatino)
To-do before merging (-
Ensure all sections/action items are completed.
/cc @gitlab-com/internal-audit @disla @gitlab-com/gl-security/security-assurance/security-risk-team