GitLab maintains an inventory of system devices, which is reconciled quarterly.
The purpose of this control is to ensure we are monitoring the systems in use by GitLab. We can't prove we are protecting all GitLab systems if we don't have an up-to-date inventory of those systems.
This control applies to all GitLab endpoint workstations as well as virtual assets within our hosting providers.
The GitLab IT and Infrastructure teams are the primary owners of this control.
For detailed implementation guidance relevant to GitLab team-members, refer to the full guidance documentation.
For all reference links relevant to this control, refer to the full guidance documentation.
For examples of evidence an auditor might request, refer to the full guidance documentation.