- You are here:
- IR.2.01 - External Communication of Incidents Control Guidance
IR.2.01 - External Communication of Incidents
GitLab defines external communication requirements for incidents, including:
- Information about external party dependencies.
- Criteria for notification to external parties as required by GitLab policy in the event of a security breach.
- Contact information for authorities (e.g., law enforcement, regulatory bodies, etc.).
- Provisions for updating and communicating external communication requirement changes.
This control demonstrates that we have documented how we will communicate externally in the event of an incident. This helps the company by making sure we will contact the necessary external parties.
This control applies to the external communication of security incidents.
- Control Owner:
- Process owner(s):
- Security Operations:
- Security Communications:
This control ensures GitLab's security incident communications plan has and maintains the essential components of external incident communication.
Additional control information and project tracking
Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the External Communication of Incidents control issue.
Examples of evidence an auditor might request to satisfy this control:
- Provide GitLab's incident external communication plan
- Provide samples showing the plan is followed for Infrastructure incidents
- Provide samples showing the plan is followed for Security incidents