Gitlab Inc. 10-K Cybersecurity GRC - 2024-03-25

Page last updated on July 16, 2024

Gitlab Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-25 19:16:03 EDT.

Filings

10-K filed on 2024-03-25

Gitlab Inc. filed a 10-K at 2024-03-25 19:16:03 EDT
Accession Number: 0001628280-24-012963

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cyberse curity Risk Management and Strategy GitLab’s cybersecurity program was designed in alignment with industry standards and recognized best practices to identify, assess, and manage material risks from cybersecurity threats. Our processes assess the likelihood and impact of various threats and risks including, but not limited to, our business operations, organizational output, brand reputation, business continuity, customers and stakeholders, legal, regulatory, and financial impact. Identified risks are assessed for criticality, prioritized for remediation, and reported by GitLab’s security teams to various levels of our management. We also make judgments based on current data, assumptions about the risk, the company’s risk tolerance, impact to confidentiality, integrity and availability, and reasonable analysis of costs associated with mitigating or reducing the severity of the risk. Our global incident response team iteratively evaluates security events for impact, using both qualitative and quantitative factors. Security incidents that are assessed as potentially material are escalated to designated members of our management and board of directors, as applicable. Our security program accounts for our significant interactions with relevant external third-parties and analyzes the potential risks introduced from doing business with them. These risks are continually assessed throughout the vendor lifecycle from onboarding to offboarding. We also engage in continuous monitoring of our cyber security risks and perform security assurance activities via independent, external third parties such as consultants, auditors, and assessors during our robust security certification audits, penetration tests, and bug bounty programs. As of the date of this Form 10-K, to the best of our knowledge and based on available data, we have not experienced a material cybersecurity incident that has resulted in a material adverse impact to our business or operations. However, there can be no guarantee that we will not experience such an incident in the future. See Item 1A Risk Factors of this Annual Report on Form 10-K for more information on our cybersecurity risks and product vulnerability risks. Governance Our board of directors is responsible for overseeing and advising our company so that it functions as effectively as possible. The audit committee consists of a subset of the board of directors. The audit committee has oversight responsibility for risks and incidents relating to cybersecurity threats, including compliance with disclosure requirements and related effects on financial and other risks, and it reports any findings and recommendations, as appropriate, to the full board of directors for consideration. The audit committee performs oversight functions and meets regularly with management to review the company’s business and operations, including the oversight of risks from cybersecurity threats. Management is responsible for and regularly discusses identifying, assessing, and managing material cybersecurity risks on an ongoing basis through programs led by the Chief Information Security Officer, Chief Legal Officer, and the Chief Financial Officer.


Company Information

NameGitlab Inc.
CIK0001653482
SIC DescriptionServices-Prepackaged Software
TickerGTLB - Nasdaq
Website
CategoryLarge accelerated filer
Fiscal Year EndJanuary 30