Commit 823e80d3 authored by Usha Swaminathan's avatar Usha Swaminathan
Browse files


parent 4bc59921
Pipeline #117708547 passed with stages
in 21 minutes and 14 seconds
......@@ -55,19 +55,28 @@ Based on the above, GitLab business continuity plan will have team and departmen
Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the [Business Continuity Plan issue]( .
### Policy Reference
* [GitLab Business Continuity Plan in Handbook](
* [GitLab Disaster Recovery](
* [GitLab High Availability](
* [GitLab Infra Epic for Geo](
* [GitLab Handbook listing of DR for Databases](
* [NIST Guidance on Business Continuity](
* [PCI DSS v3.2.1 - Business Continuity Plan](
* [Geo and Disaster Recovery](/handbook/engineering/development/enablement/geo/)
* [DR Design](/handbook/engineering/infrastructure/library/disaster-recovery/#design)
* [DR for Databases](/handbook/engineering/infrastructure/database/disaster_recovery.html)
* [GitLab DR Design](/handbook/engineering/infrastructure/library/disaster-recovery/#design)
* [GitLab DR for Databases](/handbook/engineering/infrastructure/database/disaster_recovery.html)
## Framework Mapping
* A.17.1.1
* A.17.1.2
* CC7.5
* CC9.1
* SOC2 Availability
* A1.2
* 12.10.1
- `A.17.1.1` - The organization shall determine its requirements for information security and the continuity of information security management in adverse situations, e.g. during a crisis or disaster.
- `A.17.1.2` - The organization shall establish, document, implement and maintain processes, procedures and controls to ensure the required level of continuity for information security during an adverse situation.
- `CC7.5` - The entity identifies, develops, and implements activities to recover from identified security incidents.
- `CC9.1` - The entity identifies, selects, and develops risk mitigation activities for risks arising from potential business disruptions.
- SOC2 Availability
- `A1.2` - The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data back-up processes, and recovery infrastructure to meet its objectives.
- `12.10.1` - Implement an incident response plan. Be prepared to respond immediately to a system breach.
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment