Documentation of system boundaries and key aspects of their functionality are published to authorized personnel.
This control formalizes the idea that we need to keep track of our production systems and maintain quality documentation for easy reference. Most of this control is naturally met by the emphasis we have on documentation here at GitLab. The remainder of this control is meant to ensure we are publishing any institutional knowledge about how systems interact and that we consider high-level system views as well as individual components.
This control applies to all GitLab production systems.
For detailed implementation guidance relevant to GitLab team-members, refer to the full guidance documentation.
For all reference links relevant to this control, refer to the full guidance documentation.
For examples of evidence an auditor might request, refer to the full guidance documentation.