Simplify Audits with Automated Evidence Collection

New Product Release: GitHub Integration | Automated Evidence Collection for Code Change Control

Tugboat Logic is proud to announce the availability of our latest feature: GitHub Integration: Automated Evidence Collection for Code Change Control.

Why You Need It

A best practice security control recommended by NIST, SOC 2 and ISO 27001 is to conduct a code review for each release to production to ensure security and quality.

Given the frequency of code releases, this can be a burden to manually collect the evidence to show this task has been completed. So Tugboat Logic has created an automated method for collecting this evidence through an integration with GitHub Cloud.

Tugboat Logic Github Integration for Automated Collection of Code Change Control Evidence

How it Works

The Tugboat Logic Github integration helps you automate the evidence collection process for gathering code review data from your GitHub cloud instance for proof that you are following proper change controls with every code release.

This information will be stored in the “Evidence” page under “Code Change Control Evidence”. This evidence can then be used during third-party audits (e.g. SOC 2, ISO 27001) by linking to it to Evidence Requests on the “Certifications Projects” page.

Note that the Automated Evidence Collection feature is best used when your organization has adopted a process where your GitHub repositories enforce pull requests with required reviews on production branches, where reviewers check for common security and quality issues.

Sample Pull Request from Github

Want to Get Started?

Interested in automating evidence collection for your next audit? Please click here to schedule a live demo.

Related Articles

Security Awareness Training: Montage Optional

Security Awareness Training: Montage Optional

Creating a plan for Security Awareness Training is only half the battle. Implementing and ensuring that your employees follow that plan regularly is the key to implementing this control. Also, investing in training and security awareness programs is vital for sustainable business growth and success.

read more
Employee Training Plan: Good Plans Go A Long Way

Employee Training Plan: Good Plans Go A Long Way

How you train your employees will largely determine their effectiveness and adherence to company policies. While many practices can be common sense and their skills catered specifically to the job they were hired to perform, a training plan can go a long way to ensure that elements of your organization stay safe, secure and run as smoothly as possible.

read more

0 Comments

Pin It on Pinterest

Share This