Create a formal Information Security Policy
Why is this change being made?
Original MR: !71387 (closed) and !79562 (closed)
- new MR created due to time gap
As we are building out our Governance Program, we also need to have an Information Security Policy which documents IT Security Policies, to help protect the organization’s data and other valuable assets and align with the fundamental principles of confidentiality, integrity and availability.
This Information Security Policy describes the requirements for implementing Information Security across GitLab and to enable and maintain effective systems security and confidentiality of information processed by GitLab.
This policy will help with solidifying our position as a company to allow for more efficient coordination among GitLab teams and streamlined processes.
An Information Security Policy is also mandated by various regulatory frameworks such as ISO, SOC2, FedRamp and also mandated by many of our customers.
Author Checklist
-
Provided a concise title for the MR -
Added a description to this MR explaining the reasons for the proposed change, per say-why-not-just-what - Copy/paste the Slack conversation to document it for later, or upload screenshots. Verify that no confidential data is added.
-
Assign reviewers for this change to the correct DRI(s) - If the DRI for the page/s being updated isn’t immediately clear, then assign it to one of the people listed in the "Maintained by" section in on the page being edited.
- If your manager does not have merge rights, please ask someone to merge it AFTER it has been approved by your manager in #mr-buddies.
-
If the changes affect team members, or warrant an announcement in another way, please consider posting an update in #whats-happening-at-gitlab linking to this MR. - If this is a change that directly impacts the majority of global team members, it should be a candidate for #company-fyi. Please work with internal communications and check the handbook for examples.