LR-301d · Module 2

Remediation Planning

3 min read

Every gap identified in the analysis needs a remediation plan — a specific action to close the gap, with an owner, a deadline, and a verification method. Remediation planning is resource allocation: you cannot close every gap simultaneously, so the gaps must be prioritized by regulatory risk, enforcement timeline, and implementation complexity.

Do This

Prioritize gaps by enforcement risk — obligations with imminent enforcement deadlines get remediated first
Assign every remediation action a specific owner, not a team — individual accountability drives completion
Set verification criteria before beginning remediation — the definition of "closed" should not be debated after the work is done. [CLEARED]: Verification criteria prevent remediation from being declared complete prematurely.

Avoid This

Prioritize gaps by ease of remediation — easy gaps may carry low risk, and addressing them first delays high-risk remediation
Create remediation plans without deadlines — undated plans become perpetual aspirations
Close gaps without verifying the fix — a gap marked as remediated but not verified is a gap disguised as progress