Laptop Asset Management
This is a placeholder page. Please see the links below for any child pages that exist.
This page displays different pieces of information surrounding GitLab laptop procurement and management.
At GitLab, we use centralized laptop management for company-issued laptops. If you are in possession of a company-issued laptop, the details below apply to you. However, not all endpoint management technologies GitLab deploys will be required for Apple, Linux, and Windows laptops. Some technologies may be specific to the hardware platform or operating system.
Role | Responsibility |
---|---|
GitLab Team Members | Responsible for following the requirements in this procedure |
Corporate Security | Responsible for implementing and executing this procedure |
Corporate Security Management (Code Owners) | Responsible for approving significant changes and exceptions to this procedure |
If the team member is under an active Legal Hold or possesses material related to an active Company investigation, they must comply with the notice requirements. Failure to comply with an active Legal Hold may expose the team member or the Company to adverse consequences, including civil or criminal penalties and sanctions. Their obligation to follow the procedures outlined in the notice continues until the hold is lifted, even if they depart the Company. If the team member departs the Company, all Company devices and any material they’re holding in accordance with any active Legal Hold Notice or active Company investigation should be turned over upon their departure.
This is a placeholder page. Please see the links below for any child pages that exist.
If the team member has not completed 1 calendar year at the time of offboarding or has received a laptop refresh within the past year, they have the option, at GitLab’s discretion, to purchase their laptop for current market value from GitLab. If the laptop has been used by the team member for more than one year at the time of offboarding, they can, at GitLab’s discretion, opt to keep their laptop at no cost. Subject to promptly working with the Company during the offboarding process to enable the laptop to be wiped and, when required by applicable legal obligations, imaged for preservation purposes. If GitLab needs to create an image of the team member’s computer for preservation purposes, that may be accomplished via sending the computer to GitLab Corporate Security via prepaid package or remotely via Backblaze.
Donating hardware/laptops will help people in disadvantaged areas and/or from underrepresented groups with their ability to learn about technology. Therefore GitLab offers the possibility to donate hardware devices to vendors on a curated list after 3 years of use. This curated list has been a result of the Upstream Diversity Working Group.
The vendors on the list have been meeting the following criteria:
If you, as a GitLab team member, would like to add a vendor aligned with the criteria, please comment in the Vendor sheet.
Laptops are purchased by Corporate Security during a team member’s onboarding process. The team-member will be sent a form to fill out for ordering.
GitLab approves and supports the use of macOS as the OS for employee laptops. We also approve Linux for employee laptops, however team members will be self-supporting. For security concerns and support efficiency reasons, Windows is not supported as a hardware laptop OS for team members unless it is for specific product development and testing use cases.
This is a placeholder page. Please see the links below for any child pages that exist.
The laptop ordering process for new hires starts as soon as an offer is accepted by a candidate and the initial Welcome email is sent by the Candidate Experience Specialist.
This email will include a link to the Laptop Order Form where the new team member will state their intent for obtaining or ordering hardware.
Please review the Macbook Model Eligibility to choose the appropriate model.
Important: If your job title includes the word
Engineer
and your team is not approved for a performance model, it may be an oversight or typo. Please ask in #it_help before submitting an order form to confirm whether you can order the performance model. If you have not started at GitLab yet, please send this question via email to your Candidate Experience Specialist.
KPI: 90% of laptops will arrive prior to start date or 21 days from the date of order.
Once Corporate Security receives your laptop order, we will start working on purchasing your laptop. We leverage business relationships with several different vendors across the globe to accomplish this remotely. Please note delivery times will vary depending on location, hardware supply, vendor selection, and shipping method.
We use SIPI Asset Recovery for devices that need to be recycled/returned. At GitLab Corporate Security’s discretion, laptops may also be sent to an Corporate Security team member for repurposing. Either way, GitLab Corporate Security will provide a shipping label and box upon request at no cost to yourself.
If the Corporate Security department has record of a current litigation hold for the offboarded employee, IT will consult with Legal before proceeding.
Team members can choose to refresh their laptop, no questions asked, after 3 years of use (not necessarily 3 years of employment if a used laptop was issued at the time of onboarding). If the laptop is sufficient for your needs, you may opt to continue using a laptop until it no longer receives the latest macOS version from Apple (approximately 5 years).
The old laptop must be wiped or returned within 2 weeks of receiving the replacement laptop, so please prioritize transferring information between laptops within this timeframe.
We get it, sometimes things happen! If your laptop is broken or not sufficient for your role you can request a replacement laptop if you do not qualify for the 3 year refresh yet.
Replacement laptops for broken GitLab laptops can be requested as needed by creating an issue. Please describe the reason for your replacement in the issue. (i.e., my screen and battery are damaged) also, please note replacements will require your manager’s approval in the issue.
New laptops should be configured with security in mind. See the linked configuration guides and policies below.
Using iOS or Android? See the Mobile Devices (Phones and Tablets) page.
Using Linux? See the Linux Desktop Security Standards page.
Do not install software with many known security vulnerabilities.
Follow the Third Party Risk Management Procedure for review of services individually deployed on endpoint devices. After a decision regarding deployment of an endpoint management solution is made the process will be redesigned accordingly and services, where applicable, will be retroactively reviewed. Please ensure you continue to follow the requirements defined in the acceptable use policy.
Laptop wipes must be performed via scheduling an appointment with an IT analyst to wipe the machine and re-install the base operating system, and remove any and all software and configurations that were supplied by GitLab.
Laptops must be wiped with Jamf for macOS, and DriveStrike for Linux. Using these tools ensures a clean disk wipe is performed and GitLab can retain evidence of the disk wipe.
Under no circumstance should you perform your own disk wipe unless you are doing so at the request of IT to troubleshoot a technical problem with the laptop. If GitLab discovers that a device has not been wiped according to policy, GitLab may act to enforce a remote wipe without notice.
b684cdaf
)