Update handbook vendor security review process - identifying risks and compensating controls (!42249) · Merge requests · GitLab.com / www-gitlab-com

Jennifer Blanco requested to merge jblanco2-update-vendor-review-process into master Feb 27, 2020

Why is this change being made?

To reflect the goal to identify risks and compensating controls for reviews and define when security management approval is needed (RED data processed or major risks identified that could impact GitLab). Also updated the process description.

Does this MR meet the acceptance criteria?

Assign to DRI

Did you assign this change to the correct DRI of the page or information you are changing?

Conformity

Added description to this MR explaining the reasons for the proposed change, per say-why-not-just-what

Edited Feb 27, 2020 by Jennifer Blanco

Update handbook vendor security review process - identifying risks and compensating controls

Why is this change being made?

Does this MR meet the acceptance criteria?

Assign to DRI

Conformity

Merge request reports