@@ -55,19 +55,28 @@ Based on the above, GitLab business continuity plan will have team and departmen
Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the [Business Continuity Plan issue](https://gitlab.com/gitlab-com/gl-security/compliance/compliance/issues/774) .
### Policy Reference
*[GitLab Business Continuity Plan in Handbook](https://about.gitlab.com/handbook/business-ops/gitlab-business-continuity-plan.html)
*[DR for Databases](/handbook/engineering/infrastructure/database/disaster_recovery.html)
*[GitLab DR Design](/handbook/engineering/infrastructure/library/disaster-recovery/#design)
*[GitLab DR for Databases](/handbook/engineering/infrastructure/database/disaster_recovery.html)
## Framework Mapping
* ISO
* A.17.1.1
* A.17.1.2
* SOC2 CC
* CC7.5
* CC9.1
* SOC2 Availability
* A1.2
* PCI
* 12.10.1
- ISO
-`A.17.1.1` - The organization shall determine its requirements for information security and the continuity of information security management in adverse situations, e.g. during a crisis or disaster.
-`A.17.1.2` - The organization shall establish, document, implement and maintain processes, procedures and controls to ensure the required level of continuity for information security during an adverse situation.
- SOC2 CC
-`CC7.5` - The entity identifies, develops, and implements activities to recover from identified security incidents.
-`CC9.1` - The entity identifies, selects, and develops risk mitigation activities for risks arising from potential business disruptions.
- SOC2 Availability
-`A1.2` - The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data back-up processes, and recovery infrastructure to meet its objectives.
- PCI
-`12.10.1` - Implement an incident response plan. Be prepared to respond immediately to a system breach.
