What is Remediation Management and why is it important?
Remediation management is the process of managing remediation activities which usually result from Certification & Accreditation process, PEN testing or as a result of an audit, security planning, or the outcome of normal risk management activities.
The first step is to use either an existing risk assessment to determine priorities, or the systems security plan. Once this is determined, roles and responsibilities need to be defined to ensure the clear assignment of remediation work to the appropriate parties. Some systems may be managed internally, while others are the responsibility of a vendor. Similarly they may also be procured ‘as a service’ and require a different approach entirely.
Often a systems security certificate will provide caveats with regards to remediation of outstanding security weaknesses or control deficiencies. Unless these are completed the certificate can become invalidated, breaking agencies governance and policy mandates.
As remediation management is cyclic, CANDA experts can provide an ongoing management structure which ensures that your systems certification and remediation requirements are being met. The security landscape is forever changing, and an ongoing programme.
Our team can lead and/or develop an effective process, or programme of work to ensure that remediation is completed within an agreed timeframe.