Gitlab hero border pattern left svg Gitlab hero border pattern right svg

RM.1.04 - Service Risk Rating Assignment Control Guidance

RM.1.04 - Service Risk Rating Assignment

Control Statement

GitLab prioritizes risk management activities based on an assigned service risk rating.


The purpose of this control is to prioritize security resources and efforts to the services that benefit the most from them. By prioritizing services based on risk rating, we can allocate time and resource to the places that would most benefit from them.


This control applies to all systems within our production environment. The production environment includes all endpoints and cloud assets used in hosting and its subdomains. This may include third-party systems that support the business of


Additional control information and project tracking

Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the Service Risk Rating Assignment control issue.

Examples of evidence an auditor might request to satisfy this control:

Policy Reference

Framework Mapping