Add Non Audit Visibility Label to Policies and consolidate them under controlled documents

/content/job-families/people-group/ @rallen3  @glucchesi @carlierussell  @bmcdonald5 @JennyBurns @jessdurbin @ltepper @gitlab-com/content-sites @gitlab-com/egroup @dweiskopf

/content/job-families/people-group/candidate-experience.md @rallen3  @glucchesi @carlierussell  @bmcdonald5 @JennyBurns @jessdurbin @ltepper @gitlab-com/content-sites @gitlab-com/egroup @dweiskopf

## This section is for policies that Security Governance manages and aren't Controlled Documents. This should remain near the Controlled Documents section.

[Security and Technology Policies]

/content/handbook/security/security-and-technology-policies/change-management-policy.md @joshlemos @jlongo_gitlab @juliedavila @gitlab-com/egroup @gitlab-com/content-sites @jdicken

/content/handbook/security/product-security/vulnerability-management/encryption-policy.md @juliedavila @jlongo_gitlab @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/security/security-and-technology-policies/penetration-testing-policy.md @joshlemos @jlongo_gitlab @juliedavila @gitlab-com/egroup @gitlab-com/content-sites @jdicken

/content/handbook/security/security-and-technology-policies/security-and-technology-policies-management.md @tdilbeck @corey-oas @jlongo_gitlab @cynthiamiller @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/security/security-and-technology-policies/software-development-lifecycle-policy.md @jlongo_gitlab @joshlemos @juliedavila @gitlab-com/egroup @gitlab-com/content-sites

## This section is for SOX related documents.

[SOX-Documents]

/content/handbook/engineering/gitlab-com/policies/teleport/ @marin @sabrinafarmer @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/engineering/infrastructure-platforms/database/disaster-recovery.md @marin @gitlab-com/egroup @gitlab-com/content-sites @glopezfernandez

/content/handbook/engineering/infrastructure/production/_index.md @marin @sabrinafarmer @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/engineering/infrastructure/production/architecture/ @marin @sabrinafarmer @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/security/corporate/end-user-services/access-requests/_index.md @ccurato @mnarayan-gl @mbeee @gitlab-com/egroup @gitlab-com/content-sites @smanzuik

/content/handbook/legal/gitlab-code-of-business-conduct-and-ethics.md @robin @ktesh @m_taylor @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/people-group/acceptable-use-policy.md @boconnor @bill_staples @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/people-group/offboarding/offboarding_standards.md @boconnor @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/people-policies/_index.md @cgudgenov @emilyplotkin @rallen3 @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/security/controlled-document-procedure.md @joshlemos @jlongo_gitlab @juliedavila @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/security/corporate/end-user-services/access-requests/_index.md @ccurato @mnarayan-gl @mbeee @gitlab-com/egroup @gitlab-com/content-sites @smanzuik

/content/handbook/security/isms.md @joshlemos @jlongo_gitlab @juliedavila @corey-oas @cynthiamiller @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/security/policies_and_standards/cryptographic-standard.md @joshlemos @jlongo_gitlab @juliedavila @mloveless @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/security/policies_and_standards/data-classification-standard.md @joshlemos @jlongo_gitlab @juliedavila @tdilbeck @emccrann @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/security/isms.md @joshlemos @jlongo_gitlab @juliedavila @corey-oas @cynthiamiller @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/security/policies_and_standards/password-standard.md @joshlemos @jlongo_gitlab @juliedavila @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/security/policies_and_standards/physical-security-standard-for-company-assets.md @joshlemos @jlongo_gitlab @juliedavila @jdicken @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/security/product-security/vulnerability-management/_index.md @juliedavila @estrike @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/security/policies_and_standards/records-retention-deletion.md @joshlemos @jlongo_gitlab @juliedavila @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/security/policies_and_standards/software-development-lifecycle-standard.md @joshlemos @jlongo_gitlab @juliedavila @cibericua @jdicken @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/security/product-security/vulnerability-management/_index.md @juliedavila @estrike @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/security/product-security/vulnerability-management/encryption-policy.md @juliedavila @jlongo_gitlab @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/security/security-and-technology-policies/access-management-policy.md @joshlemos @jlongo_gitlab @juliedavila @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/security/security-and-technology-policies/audit-logging-policy.md @joshlemos @jlongo_gitlab @juliedavila @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/security/security-and-technology-policies/change-management-policy.md @joshlemos @jlongo_gitlab @juliedavila @gitlab-com/egroup @gitlab-com/content-sites @jdicken

/content/handbook/security/security-and-technology-policies/penetration-testing-policy.md @joshlemos @jlongo_gitlab @juliedavila @gitlab-com/egroup @gitlab-com/content-sites @jdicken

/content/handbook/security/security-and-technology-policies/security-and-technology-policies-management.md @tdilbeck @corey-oas @jlongo_gitlab @cynthiamiller @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/security/security-and-technology-policies/software-development-lifecycle-policy.md @jlongo_gitlab @joshlemos @juliedavila @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/security/security-assurance/governance/sec-training.md @cynthiamiller @tdilbeck @corey-oas @jlongo_gitlab @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/security/security-assurance/security-compliance/access-reviews.md @cynthiamiller @tdilbeck @corey-oas @jlongo_gitlab @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/security/security-assurance/security-compliance/pci-charter.md @cynthiamiller @tdilbeck @corey-oas @jlongo_gitlab @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/security/security-operations/sirt/sec-incident-response.md @joshlemos @cibericua @mcoons @cmoberly @rdickson1 @nslaughter @mjozenazemian @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/security/security-operations/sirt/security-incident-communication-plan.md @joshlemos @cibericua @mcoons @cmoberly @rdickson1 @nslaughter @mjozenazemian @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/security/security-operations/sirt/severity-matrix.md @joshlemos @cibericua @mcoons @cmoberly @rdickson1 @nslaughter @mjozenazemian @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/security/policies_and_standards/software-development-lifecycle-standard.md @joshlemos @jlongo_gitlab juliedavila @cibericua @jdicken @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/support/workflows/personal_data_access_account_deletion.md @lyle @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/support/workflows/account_deletion_access_request_workflows.md @lyle @BronwynBarnett @gitlab-com/egroup @gitlab-com/content-sites

/content/handbook/support/workflows/personal_data_access_account_deletion.md @lyle @gitlab-com/egroup @gitlab-com/content-sites

---

title: "Encryption Policy"

controlled_document: true

tags:

  - security_policy

  - security_policy_caplscsi

---

title: "Change Management Policy"

controlled_document: true

tags:

  - security_policy

  - security_policy_cmma

---

{{< label name="Visibility: Non-Audit" color="#428BCA" >}}

## Purpose

This policy is intended to outline the change management controls implemented by GitLab.

---

title: "Penetration Testing Policy"

controlled_document: true

tags:

  - security_policy

  - security_policy_caplscsi

---

{{< label name="Visibility: Non-Audit" color="#428BCA" >}}

A penetration test is a process to identify security vulnerabilities in an application or infrastructure in order to evaluate the security of the system.

## Purpose

### Remediation

Findings from penetration tests are assessed and addressed in accordance with GitLab's [Vulnerability Management Standard](vulnerability-management) (SI-2, RA-5)

Findings from penetration tests are assessed and addressed in accordance with GitLab's [Vulnerability Management Standard](/handbook/security/product-security/vulnerability-management) (SI-2, RA-5)

### Retests

---

title: "Security and Technology Policies Management"

controlled_document: true

tags:

  - security_policy

  - security_policy_caplscsi

---

{{< label name="Visibility: Non-Audit" color="#428BCA" >}}

## Purpose

This policy is intended to establish requirements for the creation and management of security and technology related policies.