Compliance management with Gitlab
A compliance management system comprises all measures, structures and processes that are to be carried out in compliance with rules. With GitLab, compliance management can be realised that integrates seamlessly into the software development process and can be connected to other systems. This makes it easier for teams to keep up with changing regulations and emerging risks.
In detail, GitLab supports
- managing rules and policies
- automating compliance workflows
- audit management that logs activities, identifies incidents and proves compliance with rules
- security management that checks the security of the source code to track and manage vulnerabilities (→ DevSecOps).
Policy management
Rules and policies to be followed can be defined, both internal company policies and policies based on legal or regulatory frameworks such as GDPR, SOC2, PCI-DSS, SOX, HIPAA, ISO, COBIT, FedRAMP, etc. GitLab provides the following functions for this purpose:
- Fine-grained user roles and permissions
- GitLab supports five different roles with different permissions
- Compliance settings
- Different compliance policies can be set for different projects.
- Inventory
- All actions are inventoried.
Automate compliance workflows
Once the policies and rules are established, the processes can be automated, e.g. through
- Project templates
- Project templates with specific audit protocols and audit trails, such as HIPAA, can be created.
- Project label
- Depending on the policy, different labels can be predefined for projects and tasks.
Audit management
Compliance audits require the traceability of various events such as user actions, changes to authorisations or approvals.
| [1] | ISO 19600:2014 Compliance management systems — Guidelines |