Create a project template containing HIPAA audit protocol issues
Problem to solve
Some workflows are highly repeatable, such as the HIPAA Audit Protocol. GitLab is capable of supporting these types of workflows natively as evidenced by this script that uses the API to generate all of the necessary issues in the HIPAA Audit Protocol.
The goal of this issue is to use a real world use case to serve as the first proof of concept for generating multiple issues that map to a given workflow template without having to import a CSV every time.
Intended users
- Compliance or Audit users who project manage an organization's compliance programs
- Group Owners or Administrators who interface between GitLab's technical activities and the audit team
Further details
Goals
- Remove waste from highly repeatable, complex processes.
- Reduce risk by generating all of the necessary artifacts for a given process programmatically (computers are more efficient than humans at this).
- Increase the ability for individuals to collaborate on these kinds of processes.
Proposal
- Create a HIPAA Audit Protocol project template that GitLab users can use when creating a new project.
- This project template should contain the 180 issues that map to the HIPAA Audit Protocol pre-loaded at project creation
Original proposal
- Expose a button in the GitLab UI to generate all the necessary artifacts for the HIPAA Audit Protocol.Things to figure out
-
How do we handle the creation or importing of issues for this project template? -
Who would be using the button? (So we can figure out appropriate permissions) -
How is the template updated / maintained?
Original List
- [ ] Where would the button live. (Group level settings, Project level settings, etc.) - [ ] Who would be using the button. (So we can figure out appropriate permissions) - [ ] Where do all the generated artifacts go? (e.g. does this also create a new project within a target group, etc.) - [ ] How is the workflow template sourced? Are we scraping the Audit Protocol from hhs.gov on some sort of schedule? - [ ] How is the template updated / maintained?Permissions and Security
- This will need to be determined during the validation and design phases.
Documentation
- This will require updates to our documentation.
Testing
Potential Risks
- This will need to be identified as part of the solution design process.
What does success look like, and how can we measure that?
Success Metrics
- Count of customers using the template
- Count of audit protocols generated
- Count of audit protocols completed
Acceptance Criteria
-
Selecting a HIPAA Audit Project
template will successfully create a new project with the 180 issues that map to the HIPAA audit protocol.
What is the type of buyer?
- Given this reduces risk with regards to compliance, GitLab Ultimate appears to be the best fit given what we know today.
Links / references
Edited by Matt Gonzales (ex-GitLab)