# Background GitLab offers a set of compliance features for GitLab Ultimate customers that helps ensure that their GitLab instance has the ability to set and meet common compliance standards, as well as surface key violations of those associated compliance standards. The central location by which the above compliance features are used and managed is through the [compliance center](https://docs.gitlab.com/ee/user/compliance/compliance_center/), which provides compliance managers a 'single pane of glass' to visualise adherence to the different compliance standards that apply to projects within a GitLab group. # Problem Despite the value that the compliance center, and it's associated features, could potentially provide to compliance managers, [previous research](https://docs.google.com/presentation/d/13LrEA8YMExsXSQTsQ6fmivj8GH2tIPdm4xOXw-EO3g8/edit#slide=id.g2b14eae506f_0_0) highlighted a discoverability and findability issue with compliance features. Compliance managers were not only not aware of the existence of compliance management features, but even when aware, they were not aware that features already existed that could help with their existing compliance visibility and enforcement issues. Below is a snapshot of recent research ran which reflects the above statement:  The following are anecdotes from customer conversations that make reference to the above problem: | Annecdote | Notes | |-----------|-------| | _We haven't used lots of what is in the compliance framework yet. This is due to ignorance on our part (e.g. not knowing these features existed in the first place) and lack of time to explore these features in GitLab._ | [Link](https://docs.google.com/document/d/1EaxOcPICRntRRGQfEzyPjBRozdQ3ebBo6uOaYL77Rfw/edit?usp=sharing) | | | | | | | We can also see that only 13.9% of our large GitLab Ultimate users are currently using the compliance dashboard. We want to make this number higher by making it easier and more intuitive to locate the compliance centre for them as well. **NOTE**: The above table will be filled in continuously as more customer conversations are to be had. If you see this epic and have had a customer conversation recently that aligns with the above problem, please do not hesitate to share it in a thread below and we can add it to the above table # Current Assumptions or Pain Points The following are the **pain points** and **benefits** of addressing this issue: | Pain Point | Benefit | Description | |------------|---------|-------------| | Decreased awareness | Improved awareness | about value of compliance management features in GitLab Ultimat | | Decreased adoption | Increased adoption | of compliance management features for GitLab Ultimate customers. | | Reduced ability | Improved ability | to ensure that projects within groups in GitLab remains compliant. | | Reduced value | Improved value | of GitLab Ultimate for compliance managers who are unaware of first-class compliance management features associated with their license. | | Reduced understanding | Improved understanding | of the value and mechanisms of the different compliance management features within the compliance center. | | Reduced satisfaction | Improved satisfaction | by compliance managers where existing compliance management features may/will help with their compliance use cases. | | Reduced customer feedback loop | Improved customer feedback loop | that will help us to iterate and improve compliance center features for GitLab Ultimate customers. | # Personas * [Cameron (Compliance Manager)](https://handbook.gitlab.com/handbook/product/personas/#cameron-compliance-manager) # JTBD User Stories **NOTE**: The below are the starting assumptions of the JTBD's that we have for now. As we continue exploring and researching in this space, these Job Stories may or will be changed and added to from time to time. <table> <tr> <th>Issue</th> <th>Persona</th> <th>Job Story</th> </tr> <tr> <td>Users want to be made aware of the compliance center when onboarding onto GitLab for the first time</td> <td>Cameron (Compliance Manager)</td> <td> **When I** am creating a new project; **I want** to be made aware of the existence of the compliance center and it's associated features; **So I can** discover and learn the compliance management features that exist in GitLab today </td> </tr> <tr> <td>Users want to be provided contextual guidance on the compliance centre and it's features during compliance workflows</td> <td>Cameron (Compliance Manager)</td> <td> **When I** am trying to figure out how to make my GitLab instance compliant; **I want** to be made aware of the existence of the compliance center and it's associated features; **So I can** learn what exists now in the product, and have confidence around whether I can make my instance compliant with existing compliance management features today </td> </tr> <tr> <td></td> <td></td> <td></td> </tr> </table> ## Next steps * [ ] Could you communicate the idea with both compliance and policy groups? * [ ] Problem validation for compliance * [ ] Problem validation for policies * [ ] Could you clarify the technical possibilities? * [ ] Design explorations for compliance * [ ] Design explorations for policy _This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc._ _This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc._ <!--triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION--> _This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc._ <!--triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION--> <!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION --> > [!important] > This page may contain information related to upcoming products, features and functionality. > It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. > Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc. <!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION -->