Management prepares a remediation plan to formally manage the resolution of findings identified in risk assessment activities.
Risk assessments find and prioritize risks, but that information and insight is only useful if it's acted on. This control aims to ensure the risks we find in risk assessments are appropriately acted on and remediation efforts are seen to their full completion.
This control applies to all risk assessments and their respective risk findings.
For detailed implementation guidance relevant to GitLab team-members, refer to the full guidance documentation.
For all reference links relevant to this control, refer to the full guidance documentation.
For examples of evidence an auditor might request, refer to the full guidance documentation.