GitLab maintains a list of approved, managed service providers and the services they provide to GitLab.
Maintaining a list of approved service providers will assist in validating exactly what a service provider offers. Documentation should include:
All externally sourced service providers utilized by GitLab that handles credit card data.
Owner of service provider relationship.
For detailed implementation guidance relevant to GitLab team-members, refer to the full guidance documentation.
For all reference links relevant to this control, refer to the full guidance documentation.
For examples of evidence an auditor might request, refer to the full guidance documentation.