GitLab securely erases media containing decommissioned red and orange data and obtains a certificate or log of erasure; media pending erasure are stored within a secured facility.
Securely disposing of both electronic and physical media adds a layer of protection from the data being disposed being recovered by unauthorized persons. There are several effective, publicly available tools and techniques to recover data from electronic and physical media, including hard drives and shredded paper. This control aims to reduce the risk of data being recovered by unauthorized persons and shows customers, GitLab team-members, and partners we take measures to protect their data even after it's done being used.
This control applies to GitLab team member laptops.
Certificates or logs of erasure should be maintained in accordance with the timelines set in the global record retention schedule.
Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the Secure Disposal of Media control issue.
Examples of evidence an auditor might request to satisfy this control: