Added Highspot to Tech Stack
Tech Stack - New system
Requestor to complete
Please don't merge this update before the Business Systems Analysts have reviewed and approved. Please make sure to complete the privacy review issue as soon as possible as we won't be able to merge until that is completed.
Please answer the questions below:
-
Is this system replacing an existing system in our tech stack?
-
Yes: Please make sure this MR also removes the system from the tech stack and proceed to create a tech stack offboarding issue. -
No
-
-
Please link in the comments, or to this MR, a completed and approved Vendor Contract Issue
-
Has a Privacy Review been completed?:
-
Yes; Link completed DPIA Issue in the MR comments -
No; Complete Privacy Review issue
-
-
We deprovision access to all systems in our tech stack when a person leaves GitLab. Can you please indicate whether:
- All GitLab team members need to be offboarded from this system
-
If this is the case, please create an MR to update the offboarding template and add the system under the correct department and person. Find instructions in the Tech Stack handbook page. Add the MR to the comments.
-
- Only certain team members need to be offboarded from this system (if the team members are scattered across too many departments or the system you are responsible for contains red data, please go with option 1)
-
If this is the case, please create an MR to update the offboarding tasks templates per department and add the system under the correct department(s). Find instructions in the Tech Stack handbook page. Add the MR to the comments.
-
- All GitLab team members need to be offboarded from this system
Note: Provisioning will be managed via Okta using Google groups. Please see this issue for details.
-
Please create an issue to add the provisioners of the tool to the provisioners group. Link the issue to the comments of this MR.
-
Does data from this system need to be integrated into the Enterprise Data Warehouse for reporting and analytics? Please answer with
Yes
orNo
. No
Personal Data Requests
If the Add to Personal Data Request template?
box is marked as Yes
on the Privacy Review issue, your tool will need to be added to our issue templates for Personal Data Requests.
- Data access requests: Add system to the list of applications in the Personal Data Access Request issue template by opening an MR. Once completed, please paste the link in the comments of this MR.
- Data Deletion: Add system to the list of applications in the Account Deletion Request issue template by opening an MR. Once completed, please paste the link in the comments of this MR.
Business Technology to complete
@kxkue)
To dos before merging (-
Ensure privacy review has been linked -
Ensure all questions above have been answered and all action items have been completed
Security Risk to complete
@sttruong)
To dos (not required prior to merging) (-
Review ZenGRC System of Record for this system and update, as applicable -
Determine if a BIA has been performed (if not, coordinate distribution of a BIA questionnaire)
/cc @gitlab-com/internal-audit @disla @gitlab-com/gl-security/security-assurance/security-risk-team