GitPod & ISO27001 etc

We like GitPod. We’re also ISO27001, which means we need to do a vendor assessment of GitPod.

I don’t think it’ll be too bad.

  • Authentication is handled by GitLab which I’ve already risk assessed and have Two Factor on
  • Data is ephemeral so I don’t have to worry about backups etc. - again that’s all stored in GitLab

So I can just scope GitPod out to something low-risk - no customer data involved etc. So really all I need to do is talk about the company and app. “All data hosted in data centres with SOC2 etc” along with “Regular penetration tests”.

Has anyone done anything similar? I’ve looked on the GitPod site and I can’t find anything obvious about security etc.

Happy to share my results and rationale once done etc.

Hi Simon, great to hear you like Gitpod :tada: To understand the requirements with respect to the vendor assessment a bit better I am happy to jump on a call. Do you use Calendly? Happy to find a slot in your calendar. Otherwise you could also just pick whatever works for you here: https://calendly.com/johanneslandgraf/25.

Looking forward to speaking :raised_hands: