Gitlab hero border pattern left svg Gitlab hero border pattern right svg

IR.2.03 - Incident External Communication Control Guidance

IR.2.03 - Incident External Communication

Control Statement

GitLab communicates a response to external stakeholders as required by the Incident Response Plan.


This control demonstrates that we can provide evidence of communication in the event of an incident to external stakeholders.


This control applies to the external communication of security incidents.



The spirit of this control is to ensure that external communication of security incidents is conducted in accordance with GitLab's established security communications plan. This ensures all appropriate stakeholders are notified and engaged as appropriate.

Additional control information and project tracking

Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the control issue.

Examples of evidence an auditor might request to satisfy this control:

Policy Reference

Framework Mapping