Remediation as an operating model: how findings become campaigns, deadlines become a clock, and tickets become a governed hand-off to the teams who actually do the work.
Finding a vulnerability is the easy part. Closing it is the program. Between the moment a finding is triaged and the moment it is verified fixed sits the hardest work a security team does: deciding who owns the fix, holding that fix to a deadline, handing it cleanly to the engineers who live in a ticketing tool, and proving on the way out that the risk is genuinely gone. This ebook treats remediation as an operating model rather than a backlog. It follows the path from a triaged finding through campaign coordination, SLA-governed deadlines, ITSM ticketing with bidirectional sync, and verified closure, and it shows how PMAP keeps that path fast for the remediation owner yet fully reconstructable for an auditor.
What you will learn
- Why remediation is a coordination problem, not a tracking problem, and what a campaign solves that finding-by-finding assignment cannot.
- How the campaign state machine turns a remediation sprint into a governed, metric-bearing program with a closure rate.
- How SLA deadlines resolve through a project, company, and global precedence chain, with pause, resume, and a tiered escalation ladder.
- How findings cross the boundary into Jira, ServiceNow, and ManageEngine through governed ticket creation and field mapping.
- How bidirectional sync keeps PMAP and the ITSM tool aligned through webhook push and a five-minute background poll.
- How verified closure works through re-test, the auto-close gate, and a remediation knowledge base that gives owners the fix.
Inside this ebook
- Chapter 1. Remediation Is an Operating Model. Triage decides what is real and who should care. Remediation decides who acts, by when, and how you prove it happened. The second discipline is where risk is actually reduced, and it is the one most programs run by hand.
- Chapter 2. Campaigns: Coordinating the Work. A campaign is the construct that lives above the finding. It gives a batch of remediation work a name, a deadline, an owner, and a closure rate, so a program can be driven as one effort rather than a thousand separate assignments.
- Chapter 3. Deadlines and Escalation. A campaign without a clock is a wish. SLA is how remediation turns severity into a deadline, holds the deadline honestly through pauses, and routes a breach up a tiered ladder so nothing important ages in silence.
- Chapter 4. The Hand-Off to ITSM. Remediation owners do not live in a security tool. They live in Jira, ServiceNow, and ManageEngine. Ticketing is the governed bridge that carries a finding into their world with the right priority and brings their answer back.
- Chapter 5. Verified Fixed. A finding is not fixed because a ticket says so. It is fixed when the fix is verified, recorded, and reproducible. Closure runs through re-test, and a remediation knowledge base makes sure the owner had a real fix to apply.
- Chapter 6. Running Remediation at Scale. An operating model that works for one campaign has to work for a portfolio of them. Bulk actions, events, dashboards, and honest metrics are what turn the per-campaign mechanics into a program a CISO can run.
Individual finding assignment lacks the coordination layer needed to track remediation progress against committed deadlines. A program needs a construct above the finding.
Remediation campaigns, by design
At a glance
- Series: PMAP Ebook
- Discipline: Remediation Operations
- Audience: CISO, VM lead, remediation owner
- Reading time: About 45 minutes
- Platform: PMAP by Privia Security
- Applies to: PMAP v2026.06
