Skip to content

Create a Security Controlled Document Procedure

Julia Lake requested to merge Julia.Lake-master-patch-77102 into master

Why is this change being made?

Develop a process for managing controlled documents, ie those required by security regulations, at GitLab.

Sample Regulatory References:

ISO 27001: A.5.1.1 Policies for information security Control A set of policies for information security shall be defined, approved by management, published and communicated to employees and relevant external parties.

A.12.1.1 Documented operating procedures Control Operating procedures shall be documented and made available to all users who need them.

NIST 800-53: AC-1 ACCESS CONTROL POLICY AND PROCEDURES Control Description The organization: a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]:

  1. An access control policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
  2. Procedures to facilitate the implementation of the access control policy and associated access controls; and b. Reviews and updates the current:
  3. Access control policy [Assignment: organization-defined frequency]; and
  4. Access control procedures [Assignment: organization-defined frequency].

CAIQ CSA: "Audit Assurance & Compliance Independent Audits" AAC-02: Independent reviews and assessments shall be performed at least annually to ensure that the organization addresses nonconformities of established policies, standards, procedures, and compliance obligations.

Author Checklist

  • Provided a concise title for the MR
  • Added a description to this MR explaining the reasons for the proposed change, per say-why-not-just-what
  • Assign this change to the correct DRI
    • If the DRI for the page/s being updated isn’t immediately clear, then assign it to your manager.
    • If your manager does not have merge rights, please ask someone to merge it AFTER it has been approved by your manager in #mr-buddies.
    • If the changes relate to any part of the project other than updates to content and/or data files please make sure to ping @gl-static-site-editor in a comment for a review and merge. For example changes to .gitlab-ci.yml, JavaScript/CSS/Ruby code or the layout files.

For help with failing pipelines reach out in #mr-buddies in Slack

Edited by Julia Lake

Merge request reports