When your risk assessment, vulnerability scan, or penetration test surfaces findings, a remediation plan turns those findings into concrete work that's assigned, tracked, and verified.
Creating a plan
Remediation plans can be created from:
- Risk assessment findings — Gaps identified during your Security Risk Assessment.
- Vulnerability scans — Findings from automated scanning.
- Penetration tests — Results from manual security testing.
- Manual creation — Any security concern you want to track formally.
You can also ask Compliance Copilot to "create a remediation plan from our latest risk assessment findings" — it will group related findings, suggest priorities, and create the plan for you.
How plans work
Each remediation plan moves through stages: draft → open → in progress → completed → verified.
Within each plan, individual remediation items represent specific findings to address:
- Priority — Critical, high, medium, or low.
- Status — Open → in progress → completed → verified.
- Owner — Who's responsible for the fix.
- Target date — When it should be done.
- Evidence — Upload proof that the item was addressed.
Tracking progress
The remediation plan view shows overall progress percentage, what's open, what's overdue, and what's completed. As items are completed and verified, the progress updates automatically.
Audit evidence
Completed remediation items — with their evidence and verification — become part of your compliance documentation. They demonstrate not just that you found issues, but that you fixed them.