Gitlab hero border pattern left svg Gitlab hero border pattern right svg

BC.1.01 - Business Continuity Plan Control Guidance

BC.1.01 - Business Continuity Plan

Control Statement

GitLab's business continuity plan is reviewed, approved by management and communicated to relevant team members biannually.

Context

A business continuity plan is an overall organizational program for achieving continuity of operations for business functions. Continuity planning addresses both information system restoration and implementation of alternative business processes when systems are compromised. The business continuity plan is a comprehensive runbook that can walk all GitLab team-members through exactly what their individual responsibilities are, in the event of a disruption to GitLab operations. This triggering event can be anything from a malicious breach of our systems to a global datacenter disruption. A business continuity plan is only effective if users can trust the accuracy of the information in the plan. The review cycle for a business continuity plan is designed to ensure all information in the plan is as up-to-date as possible.

Scope

The business continuity plan is comprehensive by nature and will impact all GitLab stakeholders. The scope of GitLab Business Continuity Plan will cover:

Ownership

Guidance

A comprehensive business continuity plan for GitLab, can be categorized into the following seven steps:

Based on the above, GitLab business continuity plan will have team and departmental pieces that roll up into one comprehensive plan. Each team knows best, as to what steps are needed in the event of a disruption to operations. Hence this overall plan is really more of a collection of individual plans and the packaging of these individual plans together. The plan should include the following:

Additional control information and project tracking

Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the Business Continuity Plan issue .

Policy Reference

Framework Mapping