Gitlab hero border pattern left svg Gitlab hero border pattern right svg

IAM.1.03 - Terminations: People Resources Notifications Control Guidance

IAM.1.03 - Terminations: People Resources Notifications

Control Statement

The People Operations Management system sends a notification to relevant personnel, or system, in the event of a termination of an information system user. Notification can be manual or automated.

Context

The purpose of this control is to ensure there is a process in place to remove access to user accounts that is no longer necessary. The People Operations Management system is the source-of-record for the status of GitLab teammembers and therefore, any changes to status need to be communicated to downstream systems in order to ensure proper logical access management. This control helps ensure that only authorized and active accounts can be accessed and used to prevent any unauthorized use or access of GitLab customer, GitLab teammember, and partner data.

For the purposes of the Gitlab Control Framework GCF, the control activites captured here are incorporated into IAM.1.02 - Logical Access De-Provisioning control.

Scope

This control applies to any system or service where user accounts can be provisioned. As noted above, this control is NA for GitLab as the outlined control activites have been incorporated into IAM.1.02 - Logical Access De-Provisioning

Ownership

IAM.1.02 ownership breakdown

Additional control information and project tracking

Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the Terminations: People Resources Notifications control issue.

Policy Reference

Framework Mapping