Skip to main content

1. Managing Remediation Plans

Overview

The Remediation Plan Module serves as a central hub for defining, tracking, and managing all remediation plans associated with identified risks, ensuring transparency, accountability, and alignment with your organisation's risk mitigation objectives.

From here, you can manage all remediation plans created during the Risk Assessment Demand process, ensuring that:

  • Deficiencies in implemented controls are effectively addressed through remediation actions.
  • Plans of action and milestones are developed to outline remediation steps for unacceptable risks identified during assessments.
  • Security and privacy plans are updated to reflect changes resulting from implemented remediation actions.

This structured approach ensures that remediation efforts are traceable, well-documented, and aligned with your organisation's cybersecurity and risk management strategies.


Within this module, you can:

  • Monitor and Review Risks: Oversee all risks registered during the Risk Assessment Demand process, ensuring each is properly tracked and addressed.
  • Mark Risks as Closed: Indicate when a risk has been mitigated or is no longer applicable.
  • Delete a Risk: Remove risks that are no longer relevant.
  • Define Resource Owners: Assign responsibility for each risk to specific individuals or teams.

Monitor and Review Remediation Plan

Remediation Plans in the Remediation Plan Registry Module are view-only. To modify a Remediation Plan, click on the "edit button".

From there, you will be able to

  • Update the informations (Contacts, Due Date, Descriptoin and Implementation Challenges.
  • Mark the Remediation Plan as Completed
  • Define Resource Owners.

Mark Remediation Plan as Completed

Once all required actions are finalised and no further updates are needed, the analyst should mark the Remediation Plan as "Completed".

  • Navigate to the Remediation Plan Module.

  • Locate the Remediation Plan that needs to be indicated as "Completed".

  • Click on the vertical dots in the card.

    Vertical_dots.png

  • Select "Mark Completed".

    Remediation_Plan_Menu_Mark_Completed-3.png

  • The Risk Status changes from "Open" to "Pending Validation"

    Remediation_Plan_Status-Open-2.png

    Remediation_Plan_Status-Pending_Validation-2.png

  • Select "Confirm Completion".

    Remediation_Plan_Menu_Confirm_Completion-3.png

  • The Risk Status changes from "Pending Validation" to "Completed".

    Remediation_Plan_Status-Pending_Completed-2.png


Reopen a Remediation Plan

If reopening a Remediation Plan is necessary, follow these steps:

  • Navigate to the Remediation Plan Module.

  • Locate the Closed Remediation Plan that requires updates.

  • Click on the vertical dots in the card.

    Vertical_dots.png

  • Select "Reopen RP".

    Remediation_Plan_Menu_Reopen-3.png

  • The Remediation Plan changes from "Completed" to "Open"

    Remediation_Plan_Status-Open-2.png


Delete a Remediation Plan

Deleting a Remediation Plan is not possible directly from the Remediation Plan Registry.

To delete a Remediation Plan, you must edit the risk in which the Remediation Plan was originally created.

Additionally, a Remediation Plan cannot be deleted if it has been marked as "Completed". If the Remediation Plan that needs to be deleted has been previously marked as "Completed", it must first be reopened before deletion is possible.

Steps to Delete a Remediation Plan

  • Navigate to the Risk Registry Module.

  • Locate the Remediation Plan that needs to be deleted.

  • Click on the vertical dots in the card.

    Vertical_dots.png

  • Select "Delete RP".

    Remediation_Plan_Menu_full_Mark_Completed-3.png

  • A confirmation prompt will appear.


📌 Important: We strongly advise against deleting a Remediation Plan without proper justification. Once a Remediation Plan has been created, it should remain unchanged to maintain traceability and compliance with risk governance best practices.