Maintain a program to monitor service providers’ compliance status at least annually.
We need to validate a third party's compliance status on a yearly basis to ensure they are also complying with compliance requirements. This will assist in obtaining new customers and help maintain assurance with our current customers.
All third party service providers that fall within the GitLab Control Framework (GCF).
For detailed implementation guidance relevant to GitLab team-members, refer to the full guidance documentation.
For all reference links relevant to this control, refer to the full guidance documentation.
For examples of evidence an auditor might request, refer to the full guidance documentation.