GitLab defines external communication requirements for incidents, including:
This control demonstrates that we have documented how we will communicate externally in the event of an incident. This helps the company by making sure we will contact the necessary external parties.
This control applies to the external communication of security or infrastructure incidents.
This control ensures GitLab's incident response communications plan has and maintains the essential components of external incident communication.
Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the External Communication of Incidents control issue.
Examples of evidence an auditor might request to satisfy this control: