Transform Your Business. Take Action Now!

Curious about how our solution fits your needs? Request a personalized demo, and our experts will guide you through the features and benefits.

Home

•

Features

•

About Us

•

Blogs

•

Frequent Questions

•

Contact Us

•

Terms & Conditions

•

Privacy Policy

•

Access to CSFaaS

© 2025 CSFaaS. All rights reserved.

1. Welcome to CSFaaS

1. Welcome to our Platform

2. What is CSFaaS

3. Purpose of CSFaaS

4. Key Audience

5. Related Publications

2. Discover CSFaaS

1. Discover your environment

2. Log in to your application

3. Multi-Tenant Setup: Creating and Managing Workspaces

4. Discover your Interface & your Dashboard

1. Overview

2. Choose your language

4. Profile

ARV ---- 3. Notifications

5. Discover your settings & configuration

6. Frameworks Manager

7. Policies Manager

8. Controls Manager

9. Risk assessment Demand

10. Risk Registry

11. Remediation Plan Registry

12. Third Parties Manager

13. Systems Manager

14. Form Builder

15. Evidence Manager

16. Changelog Follow-up

17. Analytics and Monitoring

3. CyberSecurity Risk Management - Fundamentals & Guidelines

1. Important Terminology & Key concepts

1. Important Terminology

2. Key risk concepts

3. Risks models

1. Threat

2. Vulnerability

3. Predisposing condition

4. Threat scenarios

5. Likelihood

6. Impact

Overview

4. Risk Exposure

5. Risk Aggregation

6. Risk Appetite & Risk Tolerance

7. Risk Assessment Approaches

8. Analysis Approaches

2. Risk management strategy

Multi Tiered Risk management

Overview

Tier 1 - Organisation view

Tier 2 - Mission/Business Process View

Tier 3 - Information System View

International standards alignment

NIST SP 800-39

ISO 31000

NIST 800-39 and ISO alignment for risk management implementation

ISO, NIST & COSO alignment overview

Define Your Risk Management Strategy

CSFaaS Risk Assessment Methodology

3. Guide to Cybersecurity Frameworks

4. Policies

Understanding Information Security Policies

Program Policy

Issue-Specific Policy

System-Specific Policy

5. Requirements and Controls

Requirements

Controls

6. Supply Chain Risk Management

Cybersecurity - Supply Chain Risk Management (C-SCRM)

Supply Chain & Supplier Relationships International standards & Best practices

7. Trust, Trustworthiness & Organizational Culture

Trust & Trustworthiness

Establishing Trust Among Organizations

Trustworthiness of Information Systems

Effects of Organizational Culture on Risk Management

4. Prepare your Organisation

1. Customising CSFaaS for Your Security Maturity

2. Get Top Management Approval

3. Identify Mission and Business to support

4. Assign Risk Management Roles

5. Understanding Risk: Impact, Likelihood and Risk Response

6. Defining Impact Type and Risk Categories

5. Workspace Settings & Configuration

1. General Settings

2. Framing Settings

1. Initial Setup

2. Framing Options

3. Automatic Tailoring Options

3. Catalog Properties Settings

1. Taxonomies, Framework Alignment, and the Importance of Catalog Properties

2. Global Catalogues Settings

3. Module-Specific Catalogues Settings

4. Notifications Settings

5. Billing & Limits Settings

6. Users Settings

7. Roles Settings

8. Workflows Settings

9. SLA (Demands) Settings

Overview

6. Prepare your Systems & Key Components

1. System Classification

2. System Management Interface Overview

3. Create a System

4. Document the system

5. Edit, Update or Delete your Systems

6. Advanced Search with Multiple Filtering Options

7. Define & Tailor your Systems settings

8. Examples

7. Manage your Supply Chain

1. Third Parties Management Interface Overview

2. Create a Third Party

3. Document the Third Party

4. Edit, Update or Delete your Third Parties

5. Advanced Search with Multiple Filtering Options

6. Tailoring Third Parties Catalogues to Meet Your Needs

8. Manage your Framework(s)

1. Frameworks Features Overview

2. Define your applicable framework(s)

3. List of Applicable Frameworks

4. Framework Summaries (Alphabetical Order)

AICPA Trust Services Criteria (SOC2)

CCB CyberFundamentals Framework - Small

CCB CyberFundamentals Framework - Basic

CCB CyberFundamentals Framework - Important

CCB CyberFondamentals Framework - Essentials

CCCS – Baseline Controls for SME (v 1.2)

CMMC 2.0 (Cybersecurity Maturity Model Certification v.2)

DORA (Digital Operational Resilience Act)

GDPR (General Data Protection Regulation)

HIPAA (Health Insurance Portability and Accountability Act)

IAPP CIPM (Certified Information Privacy Manager)

ISO 9001:2015

ISO 27001:2022

ISO 42001:2023

NCA CCC (Cloud Cybersecurity Controls)

NCA CSCC Cybersecurity Controls for Critical Infrastructure

NCA DCC (Data Cybersecurity Controls)

NCA ECC (Essential Cybersecurity Controls)

NCA OSMACC (Online Social Media Account Cybersecurity Controls)

NCA OTCC (Operational Technology Cybersecurity Controls)

NCA TCC (Teleworking Cybersecurity Controls)

NIS2 (Network and Information Security Directive 2)

NIST AI 100-1 (Artificial Intelligence Risk Management Framework)

NIST CSF 2.0 (Cybersecurity Framework 2.0)

NIST PF 1.0 (Privacy Framework 1.0)

NIST SP 800-37 (Risk Management Framework)

NIST SP 800-53 rev. 5 (Security and Privacy Controls for Information Systems and Organisations)

NIST SP 1300 (Small Business Information Security: The Fundamentals)

PCI DSS (Payment Card Industry Data Security Standard)

5. Add a framework to your environment

6. Create your own framework(s)

7. Workspace Frameworks

8. Analytics and filtering

9. Domains Management

10. Categories Management

11. Subcategories Management

12. Framework Versioning & Approval Workflow

13. Delete a Framework

9. Manage your Policies

1. Policies Features

2. Import One or More Frameworks

3. Create a Single Policy

4. Analytics and filtering

5. Policies Management

6. Edit your Policy Description

7. Define Policy Contextual Information

8. Multi-Framework Cross-Mapping

9. Categories and Subcategories Management

10. Policy Versioning & Approval Workflow

11. Delete a Policy

10. Manage your Controls

1. Controls Features

2. Set your Control Catalogues

3. Create your controls

4. Reassign Controls to Another Category or Subcategory

5. The 2 ways to edit the controls

6. Set Controls Progression

7. Define Control Properties

8. Link Control to Frameworks

9. Add Evidence to your Control

10. Delete a control

11. Operational Use of the CSFaaS Risk Management Solution

1. Risk process with CSFaaS

2. Risk Management Features

3. Risk Assessment Catalogues and Configuration

4. Risk assessment Demand Filtering Options

5. Demand Workflow Overview

1. Introduction

2. Demand Process without Workflow Enforced

3. Demand Process with Workflow Enforced

4. Risk assessment Demand Workflow Configuration

6. Create a Risk Assessment Demand

1. Risk Assessment Demand Creation

2. Demand initialisation without Workflow Enforcement

3. Demand initialisation with Workflow Enforcement

7. Defining the Risk Context

1. Contextual Information

2. Business Goals and Objectives (BGO)

3. Business Drivers for Security (BDS)

4. Applicable Policies

5. Related Risks

6. Involved Third Parties

7. Involved Systems

8. Risks assessments

SWOT Analysis Overview

The 8 steps methodology overview

Step 1: Add a Risk

Step 2: Define the Risk Profile

Step 3: Assess the Inherent Risk

Step 4: Assess the Current Risk

Step 5: Recommend controls

Step 6: Assess the Target risk

Step 7: Submit for Risk Response

Step 8: Provide a Risk Response

9. Manage Remediation Plans

10. Close a Demand

11. Risk Registry Module

1. Managing Risks

2. Analytics

3. Filtering options

12. Remediation Plan Module

1. Managing Remediation Plans

2. Filtering option

13. Reopen a Demand

12. Manage your Forms with Form Builder

Form Builder features

13. Manage your Evidences

1. Key Features of the CSFaaS Evidence Manager

2. Add Evidence Howto

14. Changelog Tracker

15. Support & Ticketing System

Open and Manage Tickets

16. Conclusion

You are now ready to get a high level of protection

11. Operational Use of the CSFaaS Risk Management Solution
›
12. Remediation Plan Module
›
1. Managing Remediation Plans
11. Operational Use of the CSFaaS Risk Management Solution
Last updated: 5 months ago

1. Managing Remediation Plans

Overview

The Remediation Plan Module serves as a central hub for defining, tracking, and managing all remediation plans associated with identified risks, ensuring transparency, accountability, and alignment with your organisation's risk mitigation objectives.

From here, you can manage all remediation plans created during the Risk Assessment Demand process, ensuring that:

  • Deficiencies in implemented controls are effectively addressed through remediation actions.
  • Plans of action and milestones are developed to outline remediation steps for unacceptable risks identified during assessments.
  • Security and privacy plans are updated to reflect changes resulting from implemented remediation actions.

This structured approach ensures that remediation efforts are traceable, well-documented, and aligned with your organisation's cybersecurity and risk management strategies.

Within this module, you can:

  • Monitor and Review Risks: Oversee all risks registered during the Risk Assessment Demand process, ensuring each is properly tracked and addressed.
  • Mark Risks as Closed: Indicate when a risk has been mitigated or is no longer applicable.
  • Delete a Risk: Remove risks that are no longer relevant.
  • Define Resource Owners: Assign responsibility for each risk to specific individuals or teams.

Monitor and Review Remediation Plan

Remediation Plans in the Remediation Plan Registry Module are view-only. To modify a Remediation Plan, click on the "edit button".

From there, you will be able to

  • Update the informations (Contacts, Due Date, Descriptoin and Implementation Challenges.
  • Mark the Remediation Plan as Completed
  • Define Resource Owners.

Mark Remediation Plan as Completed

Once all required actions are finalised and no further updates are needed, the analyst should mark the Remediation Plan as "Completed".

  • Navigate to the Remediation Plan Module.
  • Locate the Remediation Plan that needs to be indicated as "Completed".
  • Click on the vertical dots in the card.

Vertical_dots.png
  • Select "Mark Completed".
Remediation_Plan_Menu_Mark_Completed-3.png
  • The Risk Status changes from "Open" to "Pending Validation"
Remediation_Plan_Status-Open-2.png Remediation_Plan_Status-Pending_Validation-2.png
  • Select "Confirm Completion".
Remediation_Plan_Menu_Confirm_Completion-3.png
  • The Risk Status changes from "Pending Validation" to "Completed".
Remediation_Plan_Status-Pending_Completed-2.png

Reopen a Remediation Plan

If reopening a Remediation Plan is necessary, follow these steps:

  • Navigate to the Remediation Plan Module.
  • Locate the Closed Remediation Plan that requires updates.
  • Click on the vertical dots in the card.

Vertical_dots.png
  • Select "Reopen RP".
Remediation_Plan_Menu_Reopen-3.png
  • The Remediation Plan changes from "Completed" to "Open"
Remediation_Plan_Status-Open-2.png

Delete a Remediation Plan

Deleting a Remediation Plan is not possible directly from the Remediation Plan Registry.

To delete a Remediation Plan, you must edit the risk in which the Remediation Plan was originally created.

Additionally, a Remediation Plan cannot be deleted if it has been marked as "Completed". If the Remediation Plan that needs to be deleted has been previously marked as "Completed", it must first be reopened before deletion is possible.

Steps to Delete a Remediation Plan

  • Navigate to the Risk Registry Module.
  • Locate the Remediation Plan that needs to be deleted.
  • Click on the vertical dots in the card.

Vertical_dots.png
  • Select "Delete RP".
Remediation_Plan_Menu_full_Mark_Completed-3.png
  • A confirmation prompt will appear.

📌 Important: We strongly advise against deleting a Remediation Plan without proper justification. Once a Remediation Plan has been created, it should remain unchanged to maintain traceability and compliance with risk governance best practices.

On This Page

Overview

Monitor and Review Remediation Plan

Mark Remediation Plan as Completed

Reopen a Remediation Plan

Delete a Remediation Plan

Found an issue?

Report issue