Software Compliance POV Scope and Acceptance
Other Compliance Resources: Lab | Demo | Guided Trial | POV | Education Services | Professional Services
When the SA has confirmed with the prospect or the existng customer especially businesses in the regulated industry for a Software Compliance solution, the scope of the POV will focus on securing the software supply chain and simplifying the compliance with common industry regulations while at the same time speeding the software velocity.
The key capabilities to validate to the value are
- Compliance Framework
- Compliance Workflow Automation
- Compliance Dashboard and Audit Event
- Software Supply Chain Security
Input to the POV
- There is a clear requirement on compliance and audit either driven by the regulatory requirements or enterprise standardization
Suggested Success Criteria
- Business Driver: improved compliance and easy audit to be able to stay in market or enter into new market that is regulated by the government or reguatory bodies.
- Enterprise Initiative and Sponsor: new product launch or regulator audit
- Required capabilities with the objectives to infuse built-in compliance into the development process, ability to generate and audit artifacts and evidence for all steps and process.
Required Capability | Acceptance | Objective | GitLab Feature |
---|---|---|---|
Compliance policies and framework | Compliance can setup policies and enforce across line of business or across the entire enterprise | Prove to regulators the compliant process | Compliance Framework; Required Pipeline; Compliance Dashboard; Audit Events; Separation of Duties |
Standardized Software Supply Chain | Enforced standards to support compliance policies in the software supply chain | Organizational management for compliance | Project to group level compliance view |
Audit | Audit on organization changes and user access | Proactive audit for internal and external aduit | Audit event, API, dashboard |
It may overlap with some of the key acceptance in DevSecOps, but more focused on standard compliance and auditibility.
If this is the key scope for the POV, reach out to the strategic field team to review the top drivers and regulatory requirements or deadline, and define the right scope and execution steps for the POV with the acceptance.
Other POV Scope and Acceptance
SA working with SAE and AE can define the POV scope with the customer, with alignment to the business values and the GitLab solution. For each solution, the typical scope and acceptances are listed for reference but the team should define the scope, time and execution with acceptance for each engagement.
46417d02
)