Travel Safety and Security
Travel Safety and Security
Team member safety and security are a top priority for GitLab. If a team member feels uncomfortable or unsafe traveling to a location on GitLab’s behalf due to concerns about the location, region, personal health, or other safety or security risks, please contact People Connect via Slack or email. The People Connect team will assist by helping to connect the team member with the right resources.
Please note that team member travel is not required unless deemed essential to the role. Please speak to your manager about whether the travel is mandatory and required for your role.
Trade Compliance Considerations
Although GitLab is an all-remote company that encourages working from anywhere, some places are subject to trade control restrictions. For this reason, team members cannot take company-owned devices to or otherwise work from US-embargoed countries or regions under any circumstances. US-embargoed countries currently include Cuba, Iran, North Korea, and Syria and US-embargoed regions include the Crimea, Donetsk, and Luhansk regions of Ukraine; however, that list is subject to change without notice. Additionally, team members cannot take company-owned devices to or otherwise work from Russia or Belarus, which are also subject to various restrictions.
Information Security Considerations
Please refer to the Internal Handbook for Information Security Considerations for GitLab Team members traveling abroad.
Business Travel Emergency Assistance Program with International SOS
In an emergency, International SOS (ISOS) can provide quick medical, safety, and security assistance and services to team members on business travel around the globe.
Your coverage as a GitLab team member is automatic and is year-round. There are several ways to interact with ISOS, depending on your preference:
- Team members can download the ISOS emergency app — it’s the best way to get medical, safety, and security assistance abroad. Before traveling, open the App and register using your GitLab email address. Please use a unique password and not the same as your existing GitLab credentials. Note that this is not a GitLab application and is managed by ISOS. You can read more about the app here.
- If you have medical, safety, or security questions before or during travel, open the ISOS app and press the Need Assistance button. You will be directed to ISOS’s closest emergency alarm center, where a nurse, doctor, safety, or security expert will assist you.
- If team members prefer not to download the app, we encourage you to follow this link and print or take a picture of the membership card with the emergency contact details. You can save the number in your phone for easy access.
- Note that International SOS is an optional resource for team members and is only one of the ways you can receive care. If you have questions, reach out in the #peopleconnect Slack channel.
- Check out this video for an outline on how ISOS can help in an emergency.
Travel Insurance
Business Travel Accident Policy This policy link provides coverage for team members who travel domestic and internationally for business purposes. This policy will provide Emergency Medical and Life Insurance coverage should an emergency happen while you are traveling. In accompaniment, there is coverage for security evacuations, as well a travel assistance line which helps with pre-trip planning and finding contracted facilities worldwide.
Coverage: Accidental Death [enhanced coverage]: 5 times Annual Salary up to USD 500,000. The treatment of Covid is covered like any other illness under the Out-of-Country Medical Expense coverage, however there are no covid quarantine benefits covered under our policy. Out of Country Emergency Medical: Coverage up to $250,000 per occurrence. If there is an injury or sickness while outside of his or her own country that requires treatment by a physician. Security Evacuation with Natural Disaster: If an occurrence takes place outside of his or her home country and Security Evacuation is required, you will be transported to the nearest place of safety. Personal Deviation: Coverage above is extended if personal travel is added on to a business trip. Coverage will be provided for 25% of length of the business trip. Trip Duration: Coverage provided for trips less than 180 days. Baggage & Personal Effects Benefit: $500 lost bag coverage up to 5 bags. For any assistance with claims, please reference the claims guide (internal only). This policy will not work in conjunction with another personal accident policy as the Business Travel Accident Policy will be viewed as primary and will pay first. Family members: Immediate family members (spouse, domestic partners and children below the age of 26) are also covered while traveling with you on a business trip. For more detailed information on this benefit, please reference the policy document. If you need a confirmation of coverage letter, please reference the visa letter generation document (internal only). For any additional questions, please contact the Total Rewards Analyst.
Secure your data during travels
During your working travel your restricted data could be exposed. If you feel that your travel frequency may expose your data please keep in mind the following points to ensure that sensitive data contained in your devices will not be compromised:
- VPN - If you are connecting from an untrusted network you should use a VPN connection to avoid MITM Attack or similar.
- Devices in public places - If you are using your device in a public place someone could read restricted data from your screen, you should protect your screen with a special film that ensure your privacy, here you can find some samples.
- Speaking in crowded places - Ensure that when you are talking about restricted data you are in a secure place and no-one can hear you.
- 1Password travel mode - If you are approaching travel in a risky country or you have to leave your devices in an insecure place, please use Travel Mode in 1Password to ensure that your vaults will be safe if your device is compromised.
When traveling, there is the possibility that customs, border control, or other law enforcement agents demand that you provide the password to your laptop or mobile device. If this happens to you in regards to a company-owned account or device, GitLab recommends that you comply with any such requests without protesting. If you do end up providing a password to any device or account that has access to GitLab resources (including your personal devices), you should follow the process to engage Security on-call as soon as you can safely do so. Even if you do not provide a password, if any of your devices are permanently seized or even temporarily removed from sight, you should also engage the Security on-call.
For additional security specifically when traveling through an airport, the following advice is provided:
- Completely power-off laptops and mobile devices before any security checkpoints. This reduces the risk of attacks that may be conducted against machines in a sleep mode, where the disk encryption is not being actively enforced.
- Prior to the trip, remove any sensitive data from your local machine that is not absolutely required. Refer to the Data Classification Standards for more information.
- If you are aware of any circumstances with your travel that may present a unique security risk (such as traveling to speciality conferences like Defcon), you may request advice in the #security-department Slack channel.
Expenses While Traveling
Understand the guidelines of our Global Travel and Expense Policy before you travel.
455376ee
)