Security Terms Glossary


The Security Assurance team performs various types of security questionnaires, assessments and audits. If you have any questions, please feel free to contact us:

Security Questionnaire

A document that is meant to provide an overview of a Security Program or portions thereof. Security Questionnaires are routinely used during Security Assessments. An example of an industry standard security questionnaire includes the CAIQ and which GitLab makes publicly available in our Customer Assurance Package

Security Assessment

An activity in which a Security Program or portions thereof are investigated for fit and function. For instance GitLab conducts Third Party Risk Management assessments of our third parties. Security Assessments are generally conducted by an organization who is intending to procure services from another organization. GitLab supports Security Assessments for customers by publishing and maintaining the Customer Assurance Package

Security Audit

A comprehensive examination of a Security program, Security Relevant System or Security Controls. Security Audits are more comprehensive than security assessments as they require access to trusted information. It is important to understand the scope and covered period of a Security Audit to correctly interpret results. Security Audits can be internal or external.

Internal Security Audit

A Security Audit conducted by personnel under the employment of the organization conducting the Audit. For example the Internal Audit Team and Security Compliance Team at GitLab conduct Internal Audits of GitLab’s Security Program.

External Security Audit

A Security Audit conducted by a contracted and independent 3rd party. For example GitLab routinely undergoes SOC2 audits and Penetration Testing from independent 3rd party auditors.

Last modified September 6, 2023: Replace taps with spaces (69f17a79)