GitLab performs business contingency and disaster recovery tests quarterly and ensures the following:
The business continuity plan is only useful if it is both maintained and validated. The testing part of this process is meant to be that validation and determines the efficacy of the plan. The purpose of this control is to determine if the business continuity plan would work in the event of a disruption to normal GitLab operations. The BC plan these three main categories:
All parts of the business continuity plan should be tested. All teams and services that have a documented business continuity plan should have a corresponding documented test.
For detailed implementation guidance relevant to GitLab team-members, refer to the full guidance documentation.
For all reference links relevant to this control, refer to the full guidance documentation.
For examples of evidence an auditor might request, refer to the full guidance documentation.