Adobe's open source compliance framework served as the starting point of GitLab's overarching information security framework. It has been adapted and expanded as needed and the result is the below list of controls grouped by families and sub-families. Click on the links below to access to following information for each control:
For an overview of control ownership, please refer to the controls RACI chart.
For GitLab's data classification policy, please refer to the data classification page.
If you have any feedback on any of the security controls or related documentation, please add it as a comment in this issue.
The GitLab compliance team is responsible for ensuring the consistency of the documentation of the security controls listed below. While normally we welcome any GitLab team-member to make edits to handbook pages, please be aware that even small changes to the wording of any of these controls impacts how they satisfy the requirements for the security frameworks they map to. Because of this, we ask any changes that need to be made to this page and the underlying guidance pages to start with a comment in this issue. The compliance team will then engage with you and make any appropriate changes to these handbook pages.