real time web analytics
Blogs

Simplify Audits with Automated Evidence Collection

Patrick Murray | Chief Product Officer
2019-08-133 min read
Certifications
InfoSec Best Practices
Product Updates

New Product Release: GitHub Integration | Automated Evidence Collection for Code Change Control

Tugboat Logic is proud to announce the availability of our latest feature: GitHub Integration: Automated Evidence Collection for Code Change Control.

Why You Need It

A best practice security control recommended by NIST, SOC 2 and ISO 27001 is to conduct a code review for each release to production to ensure security and quality.

Given the frequency of code releases, this can be a burden to manually collect the evidence to show this task has been completed. So Tugboat Logic has created an automated method for collecting this evidence through an integration with GitHub Cloud.

How it Works

The Tugboat Logic Github integration helps you automate the evidence collection process for gathering code review data from your GitHub cloud instance for proof that you are following proper change controls with every code release. This information will be stored in the “Evidence” page under "Code Change Control Evidence". This evidence can then be used during third-party audits (e.g. SOC 2, ISO 27001) by linking to it to Evidence Requests on the “Certifications Projects” page.

Note that the Automated Evidence Collection feature is best used when your organization has adopted a process where your GitHub repositories enforce pull requests with required reviews on production branches, where reviewers check for common security and quality issues.

Want to Get Started?

Interested in automating evidence collection for your next audit? Please click here to schedule a live demo.
TUGBOAT LOGIC INC. © 2019 - BURLINGAME, CA, USA
,