Skip to content

GitLab Next

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
GitLab
GitLab
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 34,995
    • Issues 34,995
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
    • Iterations
  • Merge Requests 1,261
    • Merge Requests 1,261
  • Requirements
    • Requirements
    • List
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Security & Compliance
    • Security & Compliance
    • Dependency List
    • License Compliance
  • Operations
    • Operations
    • Metrics
    • Incidents
    • Environments
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • CI / CD
    • Code Review
    • Insights
    • Issue
    • Repository
    • Value Stream
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • GitLab.org
  • GitLabGitLab
  • Issues
  • #13756

Closed
Open
Opened Aug 23, 2019 by Gabe Weaver@gweaver🌀Developer0 of 10 tasks completed0/10 tasks

Create a project template containing HIPAA audit protocol issues

Problem to solve

Some workflows are highly repeatable, such as the HIPAA Audit Protocol. GitLab is capable of supporting these types of workflows natively as evidenced by this script that uses the API to generate all of the necessary issues in the HIPAA Audit Protocol.

The goal of this issue is to use a real world use case to serve as the first proof of concept for generating multiple issues that map to a given workflow template without having to import a CSV every time.

Intended users

  • Compliance or Audit users who project manage an organization's compliance programs
  • Group Owners or Administrators who interface between GitLab's technical activities and the audit team

Further details

Goals

  • Remove waste from highly repeatable, complex processes.
  • Reduce risk by generating all of the necessary artifacts for a given process programmatically (computers are more efficient than humans at this).
  • Increase the ability for individuals to collaborate on these kinds of processes.

Proposal

  • Create a HIPAA Audit Protocol project template that GitLab users can use when creating a new project.
  • This project template should contain the 180 issues that map to the HIPAA Audit Protocol pre-loaded at project creation
Original proposal - Expose a button in the GitLab UI to generate all the necessary artifacts for the HIPAA Audit Protocol.

Things to figure out

  • How do we handle the creation or importing of issues for this project template?
  • Who would be using the button? (So we can figure out appropriate permissions)
  • How is the template updated / maintained?
Original List - [ ] Where would the button live. (Group level settings, Project level settings, etc.) - [ ] Who would be using the button. (So we can figure out appropriate permissions) - [ ] Where do all the generated artifacts go? (e.g. does this also create a new project within a target group, etc.) - [ ] How is the workflow template sourced? Are we scraping the Audit Protocol from hhs.gov on some sort of schedule? - [ ] How is the template updated / maintained?

Permissions and Security

  • This will need to be determined during the validation and design phases.

Documentation

  • This will require updates to our documentation.

Testing

Potential Risks

  • This will need to be identified as part of the solution design process.

What does success look like, and how can we measure that?

Success Metrics

  • Count of customers using the template
  • Count of audit protocols generated
  • Count of audit protocols completed

Acceptance Criteria

  • Selecting a HIPAA Audit Project template will successfully create a new project with the 180 issues that map to the HIPAA audit protocol.

What is the type of buyer?

  • Given this reduces risk with regards to compliance, GitLab Ultimate appears to be the best fit given what we know today.

Links / references

  • https://about.gitlab.com/2019/07/25/moving-workflows-to-gitlab-the-case-of-the-hipaa-audit-protocol/
Edited Apr 06, 2020 by Matt Gonzales
Assignee
Assign to
12.10
Milestone
12.10 (Past due)
Assign milestone
Time tracking
None
Due date
None
Reference: gitlab-org/gitlab#13756