GitLab establishes internal audit requirements and executes audits on information systems and processes quarterly.
Audits are meant to validate processes and check to see if these controls we have implemented are having the desired effect and are performed the way we intended. Internal audits have a bad reputation, but these internal audits help the audit and compliance teams to build the information they need to be the main point of contact with external audits when needed. Successful internal audits can help keep external auditors away from GitLab team-members unless absolutely necessary.
Internal audits are performed against all GitLab production systems and all processes that interact with those systems. Internal audits are also performed against all security compliance controls.
For detailed implementation guidance relevant to GitLab team-members, refer to the full guidance documentation.
For all reference links relevant to this control, refer to the full guidance documentation.
For examples of evidence an auditor might request, refer to the full guidance documentation.