GitLab communicates a response to external stakeholders as required by the Incident Response Plan.
This control demonstrates that we can provide evidence of communication in the event of an incident to external stakeholders.
This control applies to the external communication of security incidents.
The spirit of this control is to ensure that external communication of security incidents is conducted in accordance with GitLab's established security communications plan. This ensures all appropriate stakeholders are notified and engaged as appropriate.
Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the control issue.
Examples of evidence an auditor might request to satisfy this control: