Gitlab hero border pattern left svg Gitlab hero border pattern right svg

BC.1.02 - Business Continuity Plan: Roles and Responsibilities Control Guidance

BC.1.02 - Business Continuity Plan: Roles and Responsibilities

Control Statement

Business contingency roles and responsibilities are assigned to individuals and their contact information is communicated to authorized personnel.


Establishing defined roles and responsibilities reduces organization confusion in the event of disruption. Knowing who the DRI are and how to contact them empowers faster communication, reduced response times, makes for easier and more substantive triage, and ultimately, more speedy recovery from disruption.

This control is a subset of the Business Continuity plan. The purpose of this control is to ensure that GitLab is able to return to its daily operations as quickly as possible after an unforeseen event. Hence the main idea here is to identify key staff, such that: resources are protected, customer inconvenience minimized and specific responsibilities are assigned in the context of a quick recovery. This plan will clearly define the Roles and responsibilities of individuals within GitLab who will be responsible, accountable, consulted and informed.


Roles and Responsibilities should be defined for the following environments and systems:



As part of the esablishment of a BC plan: One of the key areas is to identify individuals who will be designated to be the key personnel responsible for the restoration activities. A high level BC roles & responsibilities section should include the following listed below:

In a much detailed level, the BC plan - roles & responsibilities should include:

Additional control information and project tracking

Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the Business Continuity Plan: Roles and Responsibilities issue.

Policy Reference

Framework Mapping