Before you can roll out a tool like {% data variables.product.prodname_copilot %} in your company, you will likely need signoff from legal, compliance, and cybersecurity teams.

Your company's requirements depend on your industry and location, but common queries include:

• How does {% data variables.product.prodname_copilot_short %} use my company's data?
• Which compliance standards does {% data variables.product.prodname_copilot_short %} meet?
• Will I need to adjust my corporate network for {% data variables.product.prodname_copilot_short %}?

This article collects resources that you can send to teams in your company to accelerate the signoff process. These resources apply to the {% data variables.copilot.copilot_business_short %} and {% data variables.copilot.copilot_enterprise_short %} plans.

These teams need to know the terms that will govern your company's purchase of {% data variables.product.prodname_copilot_short %}.

• If you purchase directly from {% data variables.product.github %}, you'll be governed by the GitHub Generative AI Services Terms.
• If you purchase through Microsoft, you'll be governed by Microsoft's Product Terms. This includes both the Microsoft Generative AI Service terms, and terms specifically for GitHub Offerings.
• {% data variables.product.prodname_copilot_short %} also falls under the GitHub Data Protection Agreement. This applies to all generally available (GA) {% data variables.product.prodname_copilot_short %} features and to the preview features listed in GitHub DPA-Covered Previews.

These teams need to know that {% data variables.product.prodname_copilot_short %} meets your company's regulatory requirements.

The GitHub Enterprise Trust Center answers common compliance questions in its FAQ, and lists attestations for compliance standards in the "Resources" section.

Compliance teams may also want to know about the administrative features available to govern {% data variables.product.prodname_copilot_short %}, such as:

• Policies for managing access to features and models
• Audit logs for monitoring changes to access and settings
• The ability to exclude sensitive content from {% data variables.product.prodname_copilot_short %}'s view

For an overview of these features, see AUTOTITLE.

If your company is not already using {% data variables.product.prodname_enterprise %}, compliance teams may also want an overview of {% data variables.product.github %}'s general governance features for things like protecting branches or preventing leaked secrets. See AUTOTITLE.

These teams need to know how {% data variables.product.prodname_copilot_short %} will work with your company's corporate network, authentication systems, and software distribution processes. They may need to learn about:

• The allowlist required for a firewall or proxy to ensure {% data variables.product.prodname_copilot_short %} works as expected. See AUTOTITLE.
• The network protocol that {% data variables.product.prodname_copilot_short %} operates on by default, and your company's options for routing traffic through a proxy server and intercepting traffic. See AUTOTITLE.
• The clients where users will be using {% data variables.product.prodname_copilot_short %}.
  • Your enterprise can enable or disable {% data variables.product.prodname_copilot_short %} in IDEs, on {% data variables.product.prodname_mobile %}, in the CLI, and on the {% data variables.product.github %} website.
  • If your company distributes approved software for users, IT teams may need to approve the supported versions of IDEs. See AUTOTITLE.

If your company is not already using {% data variables.product.prodname_enterprise %}, cybersecurity teams may also need to learn about networking and authentication options on {% data variables.product.github %} as a whole:

• The full list of IP addresses that will need to be allowed by your network. You can get a list of these from a public API. See AUTOTITLE.
• Options for integrating with an identity provider and enforcing single sign-on for users. See AUTOTITLE.
• Enterprise network features. Enterprises can enforce IP allow lists and, for {% data variables.product.prodname_emus %}, prevent developers from using their personal account on your corporate network. See AUTOTITLE and AUTOTITLE.

Even if you're only using {% data variables.product.github %} to grant access to {% data variables.product.prodname_copilot_short %}, developers will need to authenticate to {% data variables.product.github %} to use their {% data variables.product.prodname_copilot_short %} license.

If teams have questions that aren't addressed by these resources, contact your account manager or {% data variables.contact.contact_enterprise_sales %}.

Once teams have signed off on {% data variables.product.prodname_copilot_short %}, you can choose a plan for your enterprise. See AUTOTITLE.