Skip to main content

Part of Data Security Standard 9 - IT protection

Remediation post-testing (9.2.3)

Previous Chapter

Risks

Current Chapter

Current chapter – Remediation post-testing (9.2.3)

View all

Next Chapter

OWASP Top 10 vulnerabilities (9.3.1, 9.3.3, 9.3.7)
Page contents

Any test results will show a number of vulnerabilities. Critical or high-risk vulnerabilities should be remediated within 14 days.

Where they cannot be remediated within the 14 days the risk should be documented, understood, and agreed with your Senior Information Risk Owner (SIRO).

If the remediation has dependencies that will take longer to fix, such as a legacy system requiring replacement, this should form an action in your data security improvement plan.

Remediation post testing

Any test results will show a number of vulnerabilities. Critical or high-risk vulnerabilities should be remediated within 14 days.

Where they cannot be remediated within the 14 days the risk should be documented, understood, and agreed with your SIRO.

If the remediation has dependencies that will take longer to fix (such as a legacy system requiring replacement) this should form an action in your data security improvement plan.

More information

For more information see our list of useful resources for each chapter of this guide.

Last edited: 1 September 2022 3:40 pm

Previous Chapter

Risks

Next Chapter

OWASP Top 10 vulnerabilities (9.3.1, 9.3.3, 9.3.7)

Chapters

  1. Data Security Standard 9 - IT protection
  2. Network components (9.1.1 - 9.1.2)
  3. Password strength, remote locations and managed estates (9.1.1 - 9.1.2)
  4. Penetration testing (9.2.1 - 9.2.2)
  5. Know your boundaries (9.2.1 - 9.2.2)
  6. Risks
  7. Remediation post-testing (9.2.3)
  8. OWASP Top 10 vulnerabilities (9.3.1, 9.3.3, 9.3.7)
  9. Domain Name System (DNS) and IP Ranges (9.3.3 - 9.3.5)
  10. Connected Medical Devices (9.3.8 - 9.3.9)
  11. Perimeter defence (9.3.6, 9.4.1)
  12. Assurance (9.4.4 - 9.4.5)
  13. Secure configuration (9.5.1 - 9.5.10)
  14. Firewalls (9.6.1 - 9.6.6)
  15. Frameworks that can help
  16. IT Infrastructure Library (ITIL)