Red Flags & Warnings
This technical measure might be used by parties attempting to hide their true country of origin.
What is VPN?
The platform where GitLab delivers compliance training courses.
What is Level Up? Also acceptable: Navex
This U.S. Treasury Department office manages sanctions programs through economic and trade restrictions.
What is OFAC (Office of Foreign Assets Control)?
Internal or public reporting of known or suspected illegal activities, or unethical behavior.
What is whistleblowing?
This acronym refers to confidential company information that a reasonable stockholder would consider important when deciding whether to buy or sell GitLab stock.
What is MNPI?
When uncertain about a transaction or relationship involving potential red flags, team members must do this before proceeding.
What is contact the Ethics & Compliance team?
Key compliance topics covered in onboarding training include anti-harassment, security, data privacy, and this type of trading policy.
What is insider trading?
This U.S. government agency maintains the Entity List and Unverified List, imposing additional requirements on the export of controlled technology to those parties.
What is BIS?
GitLab has country-specific whistleblower policies related to Ireland, Germany, and this third country in the EU.
What is the Netherlands?
These designated time periods are the only times when Insiders can trade GitLab stock, opening after the second full trading day following earnings releases.
What is open window?
A customer requests unusual payment terms, such as cash payments or routing through unrelated third parties, raising this type of concern.
What is red flag?
Team members in this GitLab entity must complete additional training on government contracting, gifts, gratuities, and bribery.
What is GitLab Federal? Also acceptable: TCP Briefing.
This U.S. independent agency enforces securities laws, including insider trading prohibitions.
What is the SEC?
A representative body of company employees in certain countries that communicates with management about working conditions, company policies, and employee concerns.
What is a works council?
Designated Insiders must obtain this approval from the Chief Legal Officer before trading GitLab securities, even during Open Windows.
What is pre-clearance or pre-approval?
This process involves verifying customer locations, ownership, and business activities before engaging with prospects, vendors, or partners to ensure compliance.
What is due diligence?
Team members who handle sensitive government information must complete training on handling this type of controlled data.
What is CUI? Also acceptable: export controlled information
This German federal office is responsible for export control and issues export licenses for controlled goods.
What is BAFA?
Under Dutch and German whistleblower protection laws, GitLab must provide a written response to the reporter within this many months after confirming receipt of the report.
What is three months?
This type of pre-approved trading plan allows insiders to buy or sell GitLab stock on a predetermined schedule while in possession of MNPI.
What is a 10b5-1 Plan?
To comply with export controls, GitLab may require customers to provide this written certification describing how they intend to use the software and confirming no prohibited activities.
What is end use statement? Also acceptable: purchasers statement
All team members must annually complete this certification confirming they have read GitLab's Code of Business Conduct and Ethics to meet SOX compliance requirements.
What is the annual Code of Conduct Certification?
This Canadian agency oversees compliance with federal privacy laws and investigates privacy complaints.
What is the OPC (Office of the Privacy Commissioner)?
The Chief Legal Officer reports material compliance violations to this GitLab governing body.
What is the Board of Directors (or Audit Committee)?
Team members who share MNPI with someone outside the company, who then trades on that information, can be liable for this illegal activity.
What is tipping (or insider tipping)?