Conduct JTBD interviews for Compliance
What’s this issue all about?
In gitlab#225589 (closed), devopsmanage groupcompliance started the process of brainstorming initial jobs to be done.
Remove gaps
When I am managing the compliance measures of applications, I want to ensure they meet all required criteria, so that it does not create additional gaps for us in an audit.
Share evidence
When I need to demonstrate a team or organization is adhering to compliance guidelines, I want to create an artifact that reflects evidence of compliance, so that I can comply with an audit request or share progress.
Enforce policies
When a policy framework is required, I want to configure an environment, so that I can ensure we are compliant.
When I have complete visibility into adherence to policies, I want to know what is not compliant, so that I can address issues.
Who is the target user of the feature?
GitLab Premium and GitLab Ultimate. We've primarily been working with Large enterprise with some represented from Mid-Market and very minimal SMB.
What questions are you trying to answer?
Core question
Do the assumed jobs align with the true jobs that targeted personas are trying to accompish?
Additional questions
- Is GitLab fulfilling any needs currently?
- How are GitLab features helping or hurting these jobs, today.
What hypotheses and/or assumptions do you have?
Hypotheses
If we build features that standardize or automate the typical tasks performed by Cameron (Compliance Manager), then GitLab becomes a much more compelling DevSecOps platform for regulated enterprise customers.
If we focus on building features and experiences that achieve compliance requirements without adding friction for Sasha (Software Developer), then GitLab will have removed typical contentions and be easier to adopt for large, regulated enterprise teams.
Assumptions
- The Compliance or Audit teams of an organization are primarily working in other/external tools or services
- Generally the person performing Compliance tasks, represented as Cameron (Compliance Manager), is not the same person as who resides on the Compliance or Audit teams
- Users performing Compliance tasks spend 4+ hours of their time on these tasks each week (Hyperproof.io Report)
- Organizations are more concerned with making auditors happy than developers, but will make concessions where they can
What decisions will you make based on the research findings?
We will add the refined JTBD to either the manage direction page or perhaps the compliance management direction page
What's the latest milestone that the research will still be useful to you?
-
13.3conduct 5 JTBD interviews(slid) -
13.4schedule 5 JTBD interviewsconduct internal interviews -
13.5schedule 5 JTBD interviews -
13.6conduct and synthesize findings
Next Steps
-
PM, PD: Create (this) research issue -
PM, PD: Draft JTBD to explore in interview -
PM, PD: Define target users (GitLab tier, job titles, organization size, etc) -
PM, PD: Finalize activity materials (Mural, Qualtrics survey)
-
-
PM, PD: Draft interview script -
UX Researcher: Create screening survey based on target characteristics -
UX Researcher: Open recruiting request issue (after user group is identified)
-
-
UX Researcher: Finalize interview script -
PM, PD, UX Researcher: Conduct at least 5 JTBD interviews -
PM, PD, UX Researcher: Synthesize findings -
PM: Iterate on JTBD and submit MR to add to the handbook
Internal Sessions
| Participant | Date & Time | Research | Status |
|---|---|---|---|
| Jeff Burrows @jburrows001 | 2020-09-09 1:45pm (EST) | Dovetail, Zoom |
|
| Liz Coleman @lcoleman | 2020-09-10 3:00pm (EST) | Dovetail, Zoom |
|
External Sessions
| Participant | Date & Time | Research | Status | Applicable |
|---|---|---|---|---|
| Melisa | 2020-09-24 4:00pm (EST) | Dovetail |
|
|
| Rohit | 2020-09-25 10:00am (EST) | Dovetail |
|
|
| Divydeep | 2020-09-28 4:00pm (EST) | Dovetail |
|
|
| Mark | 2020-09-29 10:00am (EST) | Dovetail |
|
|
| Brian | 2020-09-29 4:00pm (EST) | Dovetail |
|
|
| Christopher | 2020-09-30 4:00pm (EST) | Dovetail |
|