Prior to introducing changes into the production environment, approval from authorized personnel is required based on the following:
This control aims to ensure important information about the change, its impacts, and ability to revert the change are documented and a part of the approval process. This allows everyone involved to have the information they need to make informed decisions about and execute on a change effectively. It also sets out to ensure all changes which could impact GitLab customers, GitLab team-members, and partners are approved by the appropriate person(s).
This control applies to any application or infrastructure changes introduced into the GitLab production environment.
For detailed implementation guidance relevant to GitLab team-members, refer to the full guidance documentation.
For all reference links relevant to this control, refer to the full guidance documentation.
For examples of evidence an auditor might request, refer to the full guidance documentation.