Mitigation & Remediation
This guide explains how to plan, track, and verify risk mitigation actions for AI systems and data products using the platform's built-in tools.
How It Works
The platform provides a complete remediation lifecycle that connects risk assessments, structured mitigation actions, issue tracking, and workflow approvals into a single traceable flow.
Risk Assessment → Mitigation Actions → Issue Tracking → Resolution Debrief
↑ |
└───────────── Iterative Re-assessment ←───────────────────┘
Structured Mitigation Actions
When you perform a Risk Assessment on an AI system, you can define concrete mitigation actions directly within the assessment. Each action captures:
| Field | Purpose |
|---|---|
| Title | Short description of the action |
| Category | Type: retraining, bias_mitigation, robustness_testing, privacy_enhancement, explainability, monitoring_improvement, process_change |
| Owner | Person responsible for completing the action |
| Deadline | Target completion date |
| Priority | Critical, High, Medium, or Low |
| Status | Pending → In Progress → Completed (or Cancelled) |
| Evidence | References to reports, test results, and documentation |
| Linked Issue | Optional link to a formal remediation ticket |
Creating Mitigation Actions
When creating or editing a risk assessment, add mitigation actions to define the remediation plan:
- Navigate to Products → [AI System] → Risk Assessments
- Open or create an assessment
- In the Mitigations section, add actions with owners and deadlines
- Each action receives a unique ID for individual tracking
Tracking Progress
Mitigation actions can be updated individually without modifying the entire assessment. Update the status, add evidence references, or link a formal issue ticket as work progresses.
Remediation with Issue Tracking
For complex mitigations that require collaborative work, create formal Issue Tickets linked to the mitigation action.
Why Link Issues?
- Kanban Board: Visualise remediation progress across the team
- Assignment: Assign specific team members with accountability
- Discussion: Collaborate with threaded comments and @mentions
- Attachments: Attach evidence — test reports, fairness audits, code review links
- Resolution Debrief: Document root cause, lessons learned, and preventive measures
Creating a Remediation Ticket
- Navigate to Issues and click Create Issue
- Set the title to match your mitigation action (e.g. "Retrain model with balanced dataset")
- Link the affected AI System product
- Set Priority and assign an Owner
- Reference the mitigation action ID in the description for traceability
From Quality Alerts
When a Quality Check detects drift or degradation (see Continuous Monitoring), you can create a ticket directly from the Alerts Center. The issue is pre-populated with alert context, establishing an automatic link between detection and remediation.
Automated Alert Response
Quality checks can be configured to automatically trigger remediation when alerts fire, removing manual steps from the pipeline.
What Happens Automatically
When a configured check fails or detects drift:
- Alert Created — A DQ Alert is surfaced in the Alerts Center
- Stakeholders Notified — Email and in-app notifications sent
- Ticket Auto-Created — A remediation ticket is generated with full alert context
- Risk Re-Assessment Triggered — For AI Systems, an incident assessment is created with structured mitigation actions
- Workflow Started — Optionally triggers a visual remediation workflow for approvals
Configuring Automation
Enable automation per quality check via the Automation Config settings:
| Setting | Description |
|---|---|
| Auto-create ticket | Automatically generate a remediation issue when this check fails |
| Auto risk re-assessment | Create an incident risk assessment for the linked AI System |
| Severity threshold | Minimum alert severity to trigger re-assessment (warning, high, critical) |
| Remediation workflow | Visual workflow to trigger for approval routing |
[!NOTE] Risk re-assessments are only created for products classified as AI Systems with an existing risk classification. Non-AI products skip this step.
Workflow-Driven Approval
For high-risk mitigations (e.g. model retraining, production deployments), use Workflow Orchestration to enforce approval gates.
Example: Remediation Approval Workflow
A typical remediation approval workflow routes through relevant stakeholders:
- Risk Owner proposes the mitigation plan
- Data Steward reviews for compliance impact
- AI Ethics Board approves (for high-risk AI systems)
- Technical Lead validates the implementation
- Production Gate approves deployment
The platform's visual Workflow Builder allows you to design these flows with approval steps, conditional routing, and automated notifications.
Evidence and Audit Trail
Every remediation action is fully traceable:
- Mitigation actions include
evidencefields for linking reports and test results - Issues maintain a complete History of all status changes and assignee updates
- Resolution Debriefs capture root cause analysis, lessons learned, and preventive measures
- Risk Assessments are versioned with
assessed_by,reviewed_by, and timestamps
Iterative Risk Reduction
The platform supports continuous improvement through iterative assessments:
- Initial Assessment: Identify risks during the design phase
- Pre-Deployment Review: Verify mitigations before production
- Periodic Re-assessment: Schedule regular reviews (triggered by drift detection alerts)
- Incident-Driven Assessment: Re-evaluate after incidents
Each cycle builds on the previous one. Completed mitigation actions from earlier assessments provide evidence for subsequent reviews, creating a documented trail of risk reduction over time.
Best Practices
- Assign every mitigation to a specific person with a clear deadline
- Link formal issues for complex mitigations requiring collaboration
- Attach evidence at each step — fairness reports, test results, code reviews
- Use workflows for approval gates on high-risk changes
- Schedule periodic assessments to verify ongoing effectiveness
- Document debriefs when closing remediation tickets to preserve knowledge