Hi, I am not able to find any information about Gitlab Duo’s regulatory compliance like SOC2. I know there is a Gitlab Trust Centre which lists some compliance certificates, but I don’t think they extend to the Duo product. Can someone provide more information in this regard?
Hi @Awayah,
Yes, GitLab Trust Center site lists all the up-to-date certifications.
Specifically, about wether our compliance certificates extend to Duo, I can say the following:
-
For SaaS:
- GitLab’s ISO 27001 certification is over the information security management system (ISMS) supporting GitLab SaaS Subscriptions, GitLab.com and GitLab Dedicated. GitLab SaaS includes GitLab Duo.
- GitLab Duo is not currently included in GitLab’s existing SOC 2 Type 2 certifications. GitLab intends to include GitLab Duo in our next SOC 2 Type 2 reports for GitLab.com and GitLab Dedicated, which have the reporting period of 2023-11-01 - 2024-10-31, with estimated report issuance in December 2024.
-
Self-Managed: GitLab external certifications are not applicable to self-managed customers as the customer is responsible for the administration of their environment.
I hope this helps and if not please, let me know what else you need.
Note: this page might also be interesting to you: AI Transparency Center | GitLab. But the compliance certificates are all in the GitLab Trust Center.
2 Likes
Thank you for the information!