Gitlab hero border pattern left svg Gitlab hero border pattern right svg

IR.2.02 - Incident Reporting Contact Information Control Guidance

IR.2.02 - Incident Reporting Contact Information

Control Statement

GitLab provides a contact method for external parties to:

Context

Having an easily accessible and public channel for external parties to contact GitLab in the event of a security incident provides a way for the community to help GitLab keep its systems safe and to faster identify and respond to security incidents internally. This control can be tested by means of citing sufficient documentation with respect to emergency contacts and on-call engineers to support when an incident occurs, and to see if this documentation is easily available.

Scope

This control applies to GitLab.com

Ownership

Additional control information and project tracking

Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the Incident Reporting Contact Information control issue.

Examples of evidence an auditor might request to satisfy this control:

Policy Reference

GitLab provides a contact method for external parties to:

  1. Submit complaints and inquiries
  1. Report incidents
  2. GitLab IR Contact information in the Handbook
  3. Red Team Rules of Engagement
  4. Incident Management for Self-Managed Customers

Framework Mapping