Access modifications due to a change in role or responsibility are documented and tracked in a change request issue.
The purpose of this control is to ensure there is a process in place to modify access to user accounts in the event of a role change. This control helps ensure that only authorized and active accounts can be accessed and used to prevent any unauthorized use or access of GitLab customer, GitLab team member, and partner data. The manager would be responsible for advising of role change and accordingly, reviewing and de-provisioning any access that is no longer required.
This control applies to any system or service where user accounts can be provisioned.
Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the Role Change: Access Modification Control Issue.