GitHub has security and compliance regulations companies need to deal with as a set of shared responsibility models.
The organizations that use GitHub Enterprise can grant different access permissions to their employees, and customize a set of permissions for teams and users using role-based access control (RBAC).
GitHub is compliant with GDPR regulations and provides its customers with the ability to access and control the information it collects and processes about them.
The compliance requirements depend on the industry, and the assurance that all the business processes and the sensitive data, including customer’s data, are secure and won’t be accessed by any unauthorized party.
GitHub performs backup of its entire system and all the data users have on the platform, but organizations should have an account-level backup of their data in place for all repositories and metadata.
The organization should have a response to any disaster scenario - the entire GitHub service outage or the organization’s GitHub environment failure.
GitHub has implemented major compliance regulations like AWS, Data Privacy, GDPR, SOC 1 and SOC 2, FedRAMP LI-Saas Authorization to Operate (ATO), Cloud Security Alliance, and ISO/IEC 27001:2013.
Organizations that use Git must take measures to protect their source code and adopt the right strategies and practices to boost their GitHub repositories and metadata security.
The majority of compliance standards focus on areas like metadata categorisation, access control, permissions, source code integrity, auditing and review of access, backup, and recovery.
GitHub Backup plays one of the leading roles and is one of the main requirements for GitHub compliance.