Gitlab hero border pattern left svg Gitlab hero border pattern right svg

TPM.2.02 - Vendor Non-Disclosure Agreement Control Guidance

TPM.2.02 - Vendor Non-Disclosure Agreement

Control Statement

Requirements for confidentiality or non-disclosure agreements reflecting the organization’s needs for the protection of information shall be identified, regularly reviewed and documented.


This control provides GitLab a written, signed agreement with a vendor that non-disclosure of confidential information will be disseminated to outside parties.


This control applies to all information shared with third parties that interact with the GitLab production environment.


Control Owner:

Process Owner:


Maintain current copies of non-disclosure agreements between GitLab and vendors for each non-GitLab service used by the company where confidential information is shared with the vendor.

Additional control information and project tracking

Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the Vendor Non-Disclosure Agreement control issue.

Policy Reference

Framework Mapping