Maintain a program to monitor service providers’ compliance status at least annually.
We need to validate a third party's compliance status on a yearly basis to ensure they are also complying with compliance requirements. This will assist in obtaining new customers and help maintain assurance with our current customers.
All third party service providers that fall within the GitLab Control Framework (GCF).
Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the Vendor Compliance Monitoring control issue.