Remediation
Remediation is the fifth pillar of the Compliance & Assurance Framework and consists of:
- Processes for non-compliance – if something does go wrong, how do we remedy it?
- Capturing lessons learned and making improvements to mitigate against the same thing happening again.
At this point, it could be helpful to revisit the first four pillars of the framework as it's likely that making improvements in one or a number of these areas will help to rectify the issue:
- Procedures: do any of our policies / processes / guidelines need re-visiting and amending as a result of the issue that has arisen? Does responsibility for processes or control measures need clarifying?
- Education & Training: Is our training content fit-for-purpose? Are we training the right people at the right time? Have we made sure that those who need to know about any changes made to policy/ process have been informed?
- Controls: are the controls we have established operating effectively? Do we need to introduce new controls or change existing ones?
- Reporting: is there a residual risk associated with the issue that has arisen that will need to be captured within a risk register with mitigation and appropriate monitoring in place?