RACI charts break down the ownership various elements into the following categories:
This is the team that performs the work relating to the related control
This is the team required to answer for the final result of the control when audited
This is the team that has the right and ability to provide feedback relating to the control
This is the team that will get an "FYI" relating to the control
It is worth noting here that since the majority of information at GitLab is publicly viewable, this refers to explicit notification of control information since a broader definition would have every GitLab team marked as "Informed"
Security Controls RACI Chart
This chart shows ownership of the GitLab security controls as the compliance team views it today. This information will be updated as we work the various GitLab teams and learn more about how each control operates within the company.
If you notice any errors or have any feedback on this chart, please comment on this issue.