Gitlab hero border pattern left svg Gitlab hero border pattern right svg

IR.2.01 - External Communication of Incidents Control Guidance

IR.2.01 - External Communication of Incidents

Control Statement

GitLab defines external communication requirements for incidents, including:


This control demonstrates that we have documented how we will communicate externally in the event of an incident. This helps the company by making sure we will contact the necessary external parties.


This control applies to the external communication of security incidents.



This control ensures GitLab's security incident communications plan has and maintains the essential components of external incident communication.

Additional control information and project tracking

Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the External Communication of Incidents control issue.

Examples of evidence an auditor might request to satisfy this control:

Policy Reference

Framework Mapping