Update handbook vendor security review process - identifying risks and compensating controls
Why is this change being made?
To reflect the goal to identify risks and compensating controls for reviews and define when security management approval is needed (RED data processed or major risks identified that could impact GitLab). Also updated the process description.
Does this MR meet the acceptance criteria?
Assign to DRI
-
Did you assign this change to the correct DRI of the page or information you are changing?
Conformity
-
Added description to this MR explaining the reasons for the proposed change, per say-why-not-just-what
Edited by Jennifer Blanco