Action Plans & Remediation
Every finalized finding should have at least one action plan that assigns responsibility for remediation. AIIA tracks action plans from creation through implementation, verification, and closure.
What Is an Action Plan?
An action plan is a concrete, assignable remediation task linked to a finding. It specifies what needs to be done, who is responsible, and when it should be completed.
Creating an Action Plan
- Open a finding from the Findings module
- Navigate to the Action Plans tab
- Click + Add Action Plan
- Fill in the required fields:
| Field | Description | Required |
|---|---|---|
| Description | What corrective action needs to be taken | ✅ |
| Owner | The user responsible for implementing the action (owner_id) | ✅ |
| Due Date | Target completion date (due_date) | ✅ |
| Status | Current state of the action (defaults to OPEN) | Auto |
Action Plan Lifecycle
| Status | Description | Set By |
|---|---|---|
| OPEN | Action plan created, awaiting implementation | System (default) |
| IMPLEMENTED | Owner reports implementation is complete | Action Owner |
| VERIFIED | Auditor has verified the implementation with evidence | Auditor |
| CLOSED | Remediation confirmed and closed | Manager / CAE |
| OVERDUE | Due date has passed without implementation | System (automatic) |
Tracking Remediation
Remediation Dashboard
Navigate to Remediation to see a dashboard view of all action plans across engagements:
- Open — action plans awaiting implementation
- Overdue — past due date, requires escalation
- Implemented — awaiting verification
- Verified — awaiting final approval
- Closed — completed and verified
Providing Remediation Evidence
When an action owner marks an action plan as Implemented:
- They should attach remediation evidence — documents, screenshots, or configuration exports proving the fix
- Evidence is uploaded through the action plan detail view
- All evidence files are automatically:
- Virus scanned
- SHA-256 hashed
- Timestamped
- Linked to the action plan via
RemediationEvidence
Follow-Up Testing
After implementation, the audit team can perform follow-up testing:
- Navigate to the finding → Follow-Up Tests tab
- Click + New Follow-Up Test
- Execute the test procedure to verify the remediation
- Document results and attach evidence
- Mark the action plan as Verified if the test passes
Escalation
Action plans that remain OVERDUE trigger:
- Automatic email notifications to the action owner
- Dashboard alerts visible to Manager and CAE
- Escalation to the CAE after a configurable period
Multiple Action Plans
A single finding can have multiple action plans for complex remediation scenarios. For example:
- Short-term: Immediately restrict unauthorized access (30 days)
- Long-term: Redesign the approval workflow and implement system controls (90 days)
Permissions
| Action | Permission |
|---|---|
| Create action plans | finding:update (Manager, CAE) |
| Update action plan status | Action owner or Manager/CAE |
| Verify implementation | finding:update (Auditor, Manager, CAE) |
| Close action plan | finding:close (Manager, CAE) |
| Upload remediation evidence | Action owner, Auditor, Manager |