Before you can roll out a tool like GitHub Copilot in your company, you will likely need signoff from legal, compliance, and cybersecurity teams.
Your company's requirements depend on your industry and location, but common queries include:
- How does Copilot use my company's data?
- Which compliance standards does Copilot meet?
- Will I need to adjust my corporate network for Copilot?
This article collects resources that you can send to teams in your company to accelerate the signoff process. These resources apply to the Copilot 事業 and Copilot Enterprise plans.
Legal and privacy teams
These teams need to know the terms that will govern your company's purchase of Copilot.
- If you purchase directly from GitHub, you'll be governed by the GitHub Generative AI Services Terms.
- If you purchase through Microsoft, you'll be governed by Microsoft's Product Terms. This includes both the Microsoft Generative AI Service terms, and terms specifically for GitHub Offerings.
- Copilot also falls under the GitHub Data Protection Agreement. This applies to all generally available (GA) Copilot features and to the preview features listed in GitHub DPA-Covered Previews.
Compliance teams
These teams need to know that Copilot meets your company's regulatory requirements.
The GitHub Enterprise Trust Center answers common compliance questions in its FAQ, and lists attestations for compliance standards in the "Resources" section.
Compliance teams may also want to know about the administrative features available to govern Copilot, such as:
- Policies for managing access to features and models
- Audit logs for monitoring changes to access and settings
- The ability to exclude sensitive content from Copilot's view
For an overview of these features, see GitHub Copilot の機能.
For new GitHub Enterprise customers
If your company is not already using GitHub Enterprise, compliance teams may also want an overview of GitHub's general governance features for things like protecting branches or preventing leaked secrets. See Enterprise のガバナンス フレームワークを確立する.
Cybersecurity and IT teams
These teams need to know how Copilot will work with your company's corporate network, authentication systems, and software distribution processes. They may need to learn about:
- The allowlist required for a firewall or proxy to ensure Copilot works as expected. See Copilot 許可リスト 参照.
- The network protocol that Copilot operates on by default, and your company's options for routing traffic through a proxy server and intercepting traffic. See GitHub Copilot のネットワーク設定.
- The clients where users will be using Copilot.
- Your enterprise can enable or disable Copilot in IDEs, on GitHub Mobile, in the CLI, and on the GitHub website.
- If your company distributes approved software for users, IT teams may need to approve the supported versions of IDEs. See Copilot 機能マトリックス.
For new GitHub Enterprise customers
If your company is not already using GitHub Enterprise, cybersecurity teams may also need to learn about networking and authentication options on GitHub as a whole:
- The full list of IP addresses that will need to be allowed by your network. You can get a list of these from a public API. See GitHubの IP アドレスについて.
- Options for integrating with an identity provider and enforcing single sign-on for users. See ID とアクセス管理の基礎.
- Enterprise network features. Enterprises can enforce IP allow lists and, for Enterprise Managed Users, prevent developers from using their personal account on your corporate network. See IP 許可リストを使用して Enterprise へのネットワーク トラフィックを制限する and 企業プロキシを使用して GitHub.com へのアクセスを制限する.
Even if you're only using GitHub to grant access to Copilot, developers will need to authenticate to GitHub to use their Copilot license.
Further questions
If teams have questions that aren't addressed by these resources, contact your account manager or GitHub の営業チーム.
Next steps
Once teams have signed off on Copilot, you can choose a plan for your enterprise. See GitHub Copilot に対する企業の計画の選択.