Appendix 1 Remediation Plan Template

Remediation includes documenting and mitigating the breach in the most effective way possible to limit the amount of damage to the University. This includes elimination, mitigation, and documentation of the threats discovered and any actions taken to address these items going forward. It is important that the plan include the following:

1. Provide a clear description of the discovery and subsequent investigation of the incident.
2. Describe the impact of the incident to the University.
3. Provide documentation of the mitigation steps to minimize harm to the University. Examples of mitigations steps may include:
   • Patching vulnerabilities in the impacted infrastructure components and identifying similar infrastructure components that might share that vulnerability in order to apply preventive patches.
   • Securing the accounts of compromised users.
   • Rolling back application code to pre-compromise backups.
   • Implementing additional security controls on impacted devices, systems, or networks.
   • Improving business processes to reduce the risk of recurrence.
   • Revising policies and procedures to reduce the risk of recurrence or the impact from similar future incidents.
4. Provide a communications plan on who should be notified and how they will be notified.
5. Provide reference information for any applicable federal, state, local, or industry compliance requirements.