If you become aware of certain risks, you can document your remediation plans and actions to reduce exposure, to a level that is aligned with your company's risk appetite.
Typically, a remediation action represents an actionable and measurable item to address a specific risk or combination of risks, whereas a remediation plan consists of a predefined sequence of remediation actions, used to address issues that require multiple actions to remedy.
During the onboarding of Remediation Plan assets, users are prompted to add related Remediation Action assets and can start the onboarding workflow for such assets.
You can map your Remediation Plan and Remediation Action assets to your Risk assets wen completing a DPIA/PIA or Legitimate Interest Assessment.
Workflows
Data Privacy comes with the following packaged workflows:
| Workflow |
Applicable regulations |
Description |
|---|---|---|
| New Remediation Action |
|
Starts the creation, ownership acceptance and initial approval of a Remediation Action asset. |
| New Remediation Plan |
|
Starts the creation, ownership acceptance and initial approval of a Remediation Plan asset. |
Treatment and review of proposed assets
The treatment and review workflow are started by the Business Steward, from the asset page of the relevant Remediation Plan or Remediation Action asset. It allows the Business Steward to:
- Document actions taken, and progress made, with regard to Remediation Plan and Remediation Action assets.
- Create relations with the assets that result from the Remediation Action, meaning a new Control asset.
Note The completion of this workflow does not result in the creation of a new asset. Rather, new and/or modified attributes and relations are added to the relevant Remediation Plan or Remediation Action asset. The details of the work done are stored as comments.
If the implementation of the remediation plan or action spans a long time period, the Business Steward can use this workflow to log intermediate progress.