Roles and responsibilities for the governance of Information Security within GitLab are formally documented within the Information Security Management Standard and communicated on the GitLab intranet.
To be able to effectively work with the Security team at GitLab, knowing who is responsible for what is important in order to direct questions, concerns, and specific efforts to the right person(s). The purpose of this control is to ensure roles and responsibilities for the Security team are updated and kept current, and that the reporting structure within the department remains transparent.
For detailed implementation guidance relevant to GitLab team-members, refer to the full guidance documentation.
For all reference links relevant to this control, refer to the full guidance documentation.
For examples of evidence an auditor might request, refer to the full guidance documentation.