An observation is a compliance finding or deficiency identified during control monitoring, which is a gap between what security controls should be doing and what they're actually doing. Observations can stem from design deficiencies, operating effectiveness issues, or evidence gaps. The GitLab Security Team manages these observations through a lifecycle process from identification to resolution, enabling real-time transparent status reporting. The lifecycle stages include identification, validation, in-progress, remediated, and resolution. Effective observation management shouldn't require detective work to determine basic information like ownership, status, or priority. The Security Compliance team at GitLab initially used a dedicated GRC tool, but lacked visibility to key stakeholders, leading to minimal remediation. They moved observation management to GitLab issues, transforming observations into visible, actionable work items that integrate into development and operations workflows. This approach creates transparency and accountability, enabling stakeholders to see what needs attention, collaborate on remediation plans, and track progress in real-time. The team uses labels and issue boards to categorize observations, prioritize critical findings, and track certification-specific observation resolution. By leveraging GitLab's raw issue data, organizations can extract meaningful insights and measure observation management effectiveness through key metrics and reporting.