Governed Remediation Checklist

Checklist

• ✓Remediation requires named human approvers
• ✓Production changes blocked without approval record
• ✓Staging-first policy documented
• ✓PR-based workflow with verification plan
• ✓Rollback steps attached to every proposal
• ✓Separation of duties between propose and approve
• ✓Audit export includes diffs and run IDs
• ✓Verification suite defined post-merge
• ✓No fully autonomous production fix language in contracts
• ✓RBAC roles mapped to ITSM groups
• ✓Evidence linked from testing fleets to proposals
• ✓Break-glass approval logged and time-bound
• ✓Credential access least-privilege per role
• ✓Retention policy for remediation artifacts
• ✓Failed verification reopens analysis automatically
• ✓CAB alignment for production promotion
• ✓Security review of agent service accounts
• ✓Illustrative metrics labeled if projected