GN-105: Communicate new GN-105 requirements to engineering

[taylorsperry]

We need to communicate to every engineer that new requirements are in place and provide instruction for how to meet them.

A possible supplement to this (if not a solution in itself) would be to add a PR template that prompts engineers to acknowledge that the code they're merging meets requirements. This could be a simple checkbox that asserts something like "This code has been tested and peer-reviewed."

Definition of Done: Once the SOC2: Application Testing Approach document has been approved by the DevX team, the Security team, and leadership, share the document in Slack and add it to the handbook.

[jhchabran]

1. Write a short RFC explaining the situation
   • List mandatory actions required by every developer
   • Random idea: brief loom at the top to give an overview of the whole thing.
2. Make sure to include the context regarding SoC2 "We have to deal with this anyway, how do you want it?"
3. Give people a deadline (let's say 2022-01-21?)
4. Wrap it up and post a report.

[jhchabran]

https://docs.google.com/document/d/1d0o1O1ReazXKoDB_MANo1MuWfqBlgeU-5VZAAZRGamc/edit#

[bobheadxi]

We've asked for reviews, and have started many conversations in Slack about these.