Enterprise resource
Governed Remediation Checklist
Checklist for human-authorized remediation workflows, staging, PRs, verification, and audit.
Checklist
- Remediation requires named human approvers
- Production changes blocked without approval record
- Staging-first policy documented
- PR-based workflow with verification plan
- Rollback steps attached to every proposal
- Separation of duties between propose and approve
- Audit export includes diffs and run IDs
- Verification suite defined post-merge
- No fully autonomous production fix language in contracts
- RBAC roles mapped to ITSM groups
- Evidence linked from testing fleets to proposals
- Break-glass approval logged and time-bound
- Credential access least-privilege per role
- Retention policy for remediation artifacts
- Failed verification reopens analysis automatically
- CAB alignment for production promotion
- Security review of agent service accounts
- Illustrative metrics labeled if projected
