Confirmed incidents are assigned a priority level and managed to resolution. If applicable, GitLab coordinates the incident response with business contingency activities.
It's important for every issue to be assigned an appropriate severity so that time, effort, and resources can be most effectively allocated. And by having a mechanism to track whether every incident is seen to resolution, every incident is eventually resolved.
For detailed implementation guidance relevant to GitLab team-members, refer to the full guidance documentation.
For all reference links relevant to this control, refer to the full guidance documentation.
For examples of evidence an auditor might request, refer to the full guidance documentation.