Remediation Plans

Remediation Plans allow you to track and manage corrective actions linked to findings, collaborating directly with vendors through the Vendor Portal.

This is an option on your platform, contact [email protected] to activate it (you need to be admin)

What is a Remediation Plan?

A Remediation Plan is a set of actions linked to findings. Each finding identified during a questionnaire/resource analysis can have one associated remediation action. The plan is shared with the vendor for collaborative resolution.

How it works

1. Create remediation actions

During resource analysis, findings are flagged and each can have one remediation action associated with it. Actions include:

• A description of what needs to be corrected

• A due date (defined as a relative timeframe: 1, 2, 3, 6, or 12 months)

2. Share with the vendor

The remediation plan is shared with the vendor through the Vendor Portal. The vendor can:

• View all assigned remediation actions

• Open a conversation thread per action

• Upload attachments to provide evidence of remediation

• Explain what was done to address each finding

3. Review and validate

When the vendor submits their remediation response:

• The action status changes to Needs Review on the client side.

• The Security Officer reviews the vendor's response and can:

  • Mark as Remediated -- Validates the action and marks the linked finding as remediated.

  • Request clarification -- Continue the conversation with the vendor if more information is needed.

4. Completion

The remediation plan is complete when all actions have been remediated.