►
From YouTube: Compliance Vision
Description
A rough cut to work from.
A
Oh
you
hi
everyone,
I'm
Matt,
Gonzalez
I'm,
the
senior
p.m.
here
at
give
lab
for
the
compliance
group.
I
wanted
to
talk
today
about
the
vision
I
have
for
the
compliance
group,
because
many
of
our
customers,
especially
our
enterprise
customers,
rely
on
gitlab
to
make
their
lives
easier
beyond
just
DevOps
the
non
developers
who
use
or
interact
with
gitlab,
specifically,
the
auditor
compliance
professionals,
need
to
know
that
galeb
has
all
of
the
necessary
features
and
functionality
to
support
their
compliance
programs.
The
way
we
approach
compliance
is
by
recognizing
what
it
means
for
our
customers.
A
So
where
does
it
start
organizations
operate
within
regulated
industries?
Those
regulations
usually
aim
to
protect
someone
or
something
like
people
or
their
personal
information.
These
regulations
define
the
rules.
An
organization
must
follow,
so
an
organization
will
create
policies
and
procedures
to
govern
their
operations
in
line
with
those
regulations.
These
policies
and
procedures
will
dictate
anything
from
office
visitor
sign-in
protocol
to
how
software
changes
are
made
to
a
production
environment.
A
Our
vision
for
the
compliance
group
is
to
help
customers
achieve
three
things:
translate
their
internal
company
policies
to
the
gitlab
application,
and
this
workflows
monitor
the
compliance
status
with
our
gitlab
groups
and
projects
easily
and
make
audit
reporting
and
evidence
collection
painless.
In
short,
we
want
to
take
compliance
as
a
historically
complex
and
unfriendly
thing
and
make
it
simple
and
friendly
in
the
gitlab
way.
The
compliance
group
consists
of
three
categories
right
now
to
address
these
areas.
A
Compliance
management
focuses
on
building
the
features
that
enable
it
compliance
professional
to
quickly
find
the
information
they
need
about
any
given
group
or
project
to
measure
against
their
internal
compliance
program.
For
example,
does
a
regulated
project
have
appropriate
segregation
of
duties?
Is
that
documented?
Can
that
process
be
bypassed
towards
this
end?
We've
released
the
compliance
dashboard,
which
aims
to
save
these
professionals
time
and
stress,
rather
than
delving
into
every
regulated
group
or
project
that
needs
to
be
monitored.
We
can
surface
important
compliance
insights
to
help
them
narrow
their
focus.
A
Does
a
specific
project
have
a
merger
quest
that
was
authored
and
approved
by
the
same
person?
Did
the
project
have
a
security
scan
recently?
These
and
many
more
answers
should
be
available,
so
the
time
required
to
manage
compliances
and
gitlab
is
dramatically
reduced,
allowing
our
customers
to
focus
on
the
most
important
value,
adding
activities
on
their
plate.
A
We
want
this
dashboard
to
be
the
single
source
of
truth
for
compliance
and
get
left,
and
it
should
empower
customers
to
see
their
current
compliance
status,
their
progress
towards
specific
compliance
frameworks
and
provide
the
visuals
and
summaries
that
executive
leadership
needs
to
inform
their
decisions.
Another
category
is
audit
events,
which
is
critical
because
it
should
provide
all
of
the
traceability
and
auditability
our
customers
need
to
meet
their
compliance
requirements.
Our
customers
should
be
able
to
answer
questions
about
who
took
what
action.
A
When
on
what
resource,
they
should
be
able
to
pull
samples
of
the
same
activity
type
or
pull
a
holistic
view
from
the
last
three
weeks
or
12
months.
The
audit
events
should
enforce
non-repudiation
so
that
nobody
can
deny
that
they
took
some
action.
Are
any
events
necessarily
need
to
be
granular,
but
also
easy
to
search
through
easy
to
export
as
evidence,
and
they
should
help
customers
be
proactive
about
anomalous
activity?
A
We
want
to
work
towards
an
experience
where
unexpected
behavior
is
known
to
group
owners
and
administrators
immediately
and
without
them
having
to
find
out
when
it's
too
late
and
having
to
search
for
the
events
themselves.
Our
last
category
right
now
is
audit
reports,
which
is
a
big
opportunity.
In
all
audits,
evidence
is
requested
to
prove
your
organization
as
following
the
policies
and
procedures.
It
says
it's
following
finding
and
collecting
evidence
compiling
it
into
appropriate
format
and
delivering
that
evidence
to
an
auditor
can
be
a
very
time-consuming
process.
A
Guilhem
is
well-positioned
to
do
all
of
the
heavy
lifting
here,
so
our
customers
can
obtain
the
reports
or
evidence
they
need
to
provide
to
auditors
or
management.
It
shouldn't
take
countless
hours
and
custom
tooling
to
build
these
reports.
That
should
be
a
single
button
within
gitlab,
and
the
output
should
be
immediately
deliverable
to
the
appropriate
stakeholders
will
be
focused
on
bringing
audit
events
to
minimal
maturity
in
q2
this
year.
A
With
the
addition
of
an
audit
event,
CSV
export
and
an
MVC
for
exporting
user
group
and
project
membership
information,
we
know
that
organizations
have
strict
standards
to
meet
and
that
many
of
them
wish
to
maintain
a
level
of
flexibility
for
their
developers.
Also.
This
is
a
challenging
balance
to
strike,
but
we
should
endeavor
to
provide
customers
with
the
necessary
controls.
They
need
to
find
comfort
and
knowing
gitlab
will
make
their
compliance
programs
or
audits
easier
and
not
add
to
the
already
complex
and
this
an
expensive
scope
of
work.