Field Security Observation and OFI Quality Guide
This guide is designed to establish the quality expectations for observatiions and OFIs identified and documented by Field Security.
Field Security observations and OFIs should have the following characteristics:
- Contain enough detail for any team member to gain a fundamental understanding of what is being reported
- What was identified?
- Who was the prospect, customer, competitor, etc. that lead to the identification?
- When was this identified?
- How does this currently impact GitLab, or how could this impact GitLab in the future?
- Why is this important, and why should we allocate resources towards it?
- What can we do to remediate the problem, improve the solution, or position ourselves to take advantage of the identified situation?
- Be assigned to the appropriate team member for triage
- Have a proposed due date
- This can be based on a clear deadline (e.g. the date a new regulation goes into effect), or it can be an estimate based on the perceived level of effort required to implement a solution.
- Be material in nature. For example, these identifications may:
- Result in a financial impact for GitLab
- Be the result of a new or updated compliance obligation for GitLab
- Result in a competitive advantage for GitLab
- Help us better support customer requests and expectations
Note Field Security observations and OFIs should be created in accordance with observation creation procedure.