Gitlab hero border pattern left svg Gitlab hero border pattern right svg

CM.1.02 - Change Approval Control Guidance

On this page

CM.1.02 - Change Approval

Control Statement

Prior to introducing changes into the production environment, approval from authorized personnel is required based on the following:


This control aims to ensure important information about the change, its impacts, and ability to revert the change are documented and a part of the approval process. This allows everyone involved to have the information they need to make informed decisions about and execute on a change effectively. It also sets out to ensure all changes which could impact GitLab customers, GitLab team-members, and partners are approved by the appropriate person(s).


This control applies to any application or infrastructure changes introduced into the GitLab production environment.



Implementation Guidance

For detailed implementation guidance relevant to GitLab team-members, refer to the full guidance documentation.

For all reference links relevant to this control, refer to the full guidance documentation.

Examples of evidence an auditor might request to satisfy this control

For examples of evidence an auditor might request, refer to the full guidance documentation.

Framework Mapping