SG.2.01_information_security_program_content.html.md 1.35 KB
Newer Older
1
---
2
layout: handbook-page-toc
3 4 5 6
title: "SG.2.01 - Information Security Program Content Control Guidance"
---

## On this page
7
{:.no_toc .hidden-md .hidden-lg}
8 9

- TOC
10
{:toc .hidden-md .hidden-lg}
11 12 13 14 15

# SG.2.01 - Information Security Program Content

## Control Statement

16
The GitLab Security Department Leadership conducts a monthly staff meeting to communicate and align on relevant security threats, program performance, and resource prioritization.
17 18 19

## Context

20
By holding meetings to communicate information about the security program and relevant security threats, GitLab team-members can better understand GitLab's overall security posture, future initiatives, and the threat landscape. Such meetings also afford an opportunity to engage with and learn more about security, the benefits of which can extend outside the security department and bring value to customers and partners.
21 22 23 24 25 26 27 28 29

## Scope

TBD

## Ownership

GitLab's Director of Security

30
## Additional control information and project tracking
31

Jeff Burrows's avatar
Jeff Burrows committed
32
Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the [Information Security Program Content control issue](https://gitlab.com/gitlab-com/gl-security/security-assurance/sec-compliance/compliance/issues/877).
33

Luka Trbojevic's avatar
Luka Trbojevic committed
34 35
### Policy Reference

36 37 38 39 40
## Framework Mapping

* SOC2 CC
  * CC3.2
* PCI
41
  * SAQ-A