Before you can roll out a tool like GitHub Copilot in your company, you will likely need signoff from legal, compliance, and cybersecurity teams.
Your company's requirements depend on your industry and location, but common queries include:
- How does Copilot use my company's data?
- Which compliance standards does Copilot meet?
- Will I need to adjust my corporate network for Copilot?
This article collects resources that you can send to teams in your company to accelerate the signoff process. These resources apply to the Copilot Business and Copilot Enterprise plans.
Legal and privacy teams
These teams need to know the terms that will govern your company's purchase of Copilot.
- If you purchase directly from GitHub, you'll be governed by the GitHub Generative AI Services Terms.
- If you purchase through Microsoft, you'll be governed by Microsoft's Product Terms. This includes both the Microsoft Generative AI Service terms, and terms specifically for GitHub Offerings.
- Copilot also falls under the GitHub Data Protection Agreement. This applies to all generally available (GA) Copilot features and to the preview features listed in GitHub DPA-Covered Previews.
Compliance teams
These teams need to know that Copilot meets your company's regulatory requirements.
The GitHub Enterprise Trust Center answers common compliance questions in its FAQ, and lists attestations for compliance standards in the "Resources" section.
Compliance teams may also want to know about the administrative features available to govern Copilot, such as:
- Policies for managing access to features and models
- Audit logs for monitoring changes to access and settings
- The ability to exclude sensitive content from Copilot's view
For an overview of these features, see GitHub Copilot-Features.
For new GitHub Enterprise customers
If your company is not already using GitHub Enterprise, compliance teams may also want an overview of GitHub's general governance features for things like protecting branches or preventing leaked secrets. See Einrichten eines Governanceframeworks für dein Unternehmen.
Cybersecurity and IT teams
These teams need to know how Copilot will work with your company's corporate network, authentication systems, and software distribution processes. They may need to learn about:
- The allowlist required for a firewall or proxy to ensure Copilot works as expected. See Copilot-Zulassungslistenverweis.
- The network protocol that Copilot operates on by default, and your company's options for routing traffic through a proxy server and intercepting traffic. See Netzwerkeinstellungen für GitHub Copilot.
- The clients where users will be using Copilot.
- Your enterprise can enable or disable Copilot in IDEs, on GitHub Mobile, in the CLI, and on the GitHub website.
- If your company distributes approved software for users, IT teams may need to approve the supported versions of IDEs. See Matrix der Funktionen von Copilot.
For new GitHub Enterprise customers
If your company is not already using GitHub Enterprise, cybersecurity teams may also need to learn about networking and authentication options on GitHub as a whole:
- The full list of IP addresses that will need to be allowed by your network. You can get a list of these from a public API. See Informationen zu den IP-Adressen von GitHub.
- Options for integrating with an identity provider and enforcing single sign-on for users. See Grundlagen der Identitäts- und Zugriffsverwaltung.
- Enterprise network features. Enterprises can enforce IP allow lists and, for Enterprise Managed Users, prevent developers from using their personal account on your corporate network. See Einschränken des Netzwerkdatenverkehrs in deinem Unternehmen mit einer Liste zugelassener IP-Adressen and Einschränken des Zugriffs auf GitHub.com mithilfe eines Unternehmensproxys.
Even if you're only using GitHub to grant access to Copilot, developers will need to authenticate to GitHub to use their Copilot license.
Further questions
If teams have questions that aren't addressed by these resources, contact your account manager or Vertriebsteam von GitHub.
Next steps
Once teams have signed off on Copilot, you can choose a plan for your enterprise. See Auswählen des Plans Ihres Unternehmens für GitHub Copilot.