Added Highspot to Tech Stack

Review changes
Download
Patches
Plain diff

David Somers requested to merge dcsomers-master-patch-24723 into master Feb 02, 2022

Overview 7
Commits 3
Pipelines 4
Changes 1

Tech Stack - New system

Requestor to complete

Please don't merge this update before the Business Systems Analysts have reviewed and approved. Please make sure to complete the privacy review issue as soon as possible as we won't be able to merge until that is completed.

Please answer the questions below:

Is this system replacing an existing system in our tech stack?
- Yes: Please make sure this MR also removes the system from the tech stack and proceed to create a tech stack offboarding issue.
- No
Please link in the comments, or to this MR, a completed and approved Vendor Contract Issue
Has a Privacy Review been completed?:
- Yes; Link completed DPIA Issue in the MR comments
- No; Complete Privacy Review issue
We deprovision access to all systems in our tech stack when a person leaves GitLab. Can you please indicate whether:
- All GitLab team members need to be offboarded from this system
  - If this is the case, please create an MR to update the offboarding template and add the system under the correct department and person. Find instructions in the Tech Stack handbook page. Add the MR to the comments.
- Only certain team members need to be offboarded from this system (if the team members are scattered across too many departments or the system you are responsible for contains red data, please go with option 1)
  - If this is the case, please create an MR to update the offboarding tasks templates per department and add the system under the correct department(s). Find instructions in the Tech Stack handbook page. Add the MR to the comments.

Note: Provisioning will be managed via Okta using Google groups. Please see this issue for details.

Please create an issue to add the provisioners of the tool to the provisioners group. Link the issue to the comments of this MR.
Does data from this system need to be integrated into the Enterprise Data Warehouse for reporting and analytics? Please answer with Yes or No. No

Personal Data Requests

If the Add to Personal Data Request template? box is marked as Yes on the Privacy Review issue, your tool will need to be added to our issue templates for Personal Data Requests.

Data access requests: Add system to the list of applications in the Personal Data Access Request issue template by opening an MR. Once completed, please paste the link in the comments of this MR.
Data Deletion: Add system to the list of applications in the Account Deletion Request issue template by opening an MR. Once completed, please paste the link in the comments of this MR.

Business Technology to complete

To dos before merging (@kxkue)

Ensure privacy review has been linked
Ensure all questions above have been answered and all action items have been completed

Security Risk to complete

To dos (not required prior to merging) (@sttruong)

Review ZenGRC System of Record for this system and update, as applicable
Determine if a BIA has been performed (if not, coordinate distribution of a BIA questionnaire)

/cc @gitlab-com/internal-audit @disla @gitlab-com/gl-security/security-assurance/security-risk-team

Edited Feb 02, 2022 by David Somers

Merge request reports

Assignee

Reviewers

Request review from

Time tracking