| Section |
Reviewer |
Page |
Date |
Original Comment |
Last Reply Author |
Last Reply Date |
Remediated |
Last Reply Text |
|
|
|
|
|
|
|
|
| Section Section 3 PROCEDURES FOR INCIDENT
REPORTING |
Klinger, Stephanie |
6 |
5/22/2025 13:23 |
Suggestion: Define severity levels and corresponding
response timelines and escalation paths. There is no mention of how incidents
are classified (e.g., low, medium, high severity). |
Michelle Newbold |
6/6/2025 10:40 |
1 |
Remediated - 6/6 Discussed with
IV&V. |
|
| Section Section 3 PROCEDURES FOR INCIDENT
REPORTING |
Klinger, Stephanie |
6 |
5/22/2025 13:23 |
Suggested: Include Service Level Agreements
(SLAs) for detection, containment, notification, and resolution. There is no
defined response or resolution timeframes. |
Michelle Newbold |
6/6/2025 10:41 |
1 |
Remediated - 6/6 Discussed with
IV&V. |
|
| Section Section 3 PROCEDURES FOR INCIDENT
REPORTING |
Klinger, Stephanie |
6 |
5/22/2025 13:23 |
Required: Please add acronym after Incident
Response Plan. |
Michelle Newbold |
6/6/2025 10:41 |
1 |
Remediated - 6/6 Discussed with
IV&V. |
|
| Section Section 3 PROCEDURES FOR INCIDENT
REPORTING |
Sidana, Parampreet |
6 |
5/22/2025 15:47 |
Clarification - How it will be determined? How
the impact analysis will be done? What’s the turnaround time? What will be
the process for users incase of Incident (for example infectious incident) is
detected or reported? |
Michelle Newbold |
6/5/2025 11:40 |
1 |
AI- Add more detail here per Liz |
|
| Section Section 3 PROCEDURES FOR INCIDENT
REPORTING |
Klinger, Stephanie |
8 |
5/22/2025 13:24 |
Deliverable Reviewers self-classify their comments
(Add type, listed below, as first word in comment, in both comment tracker
and Word documents):
Critical: The resolution of these comments, including clarifications, is
essential and must be completed to approve deliverable. Discussion with the
vendor is likely required to resolve. Required:
(Documentation/corrections/formats) The resolution of these comments,
including clarifications, is important and necessary to approve the
deliverable. Conditional approval to move forward - project tasks dependent
upon the approval on this artifact can commence. This artifact will be
eligible for payment upon final approval. Suggestion: The resolution of these
comments is not necessary for the approval of the deliverable.
Clarification: The resolution of this comment is dependent on discussion
between Deliverable Reviewer and vendor. Vendor to reach out to the
Deliverable Reviewer to discuss further PRIOR to remediation and
resubmission. Vendor to update comment(s) with discussion notes. |
Michelle Newbold |
6/6/2025 10:43 |
0 |
N/A |
|
| Section Section 3 PROCEDURES FOR INCIDENT
REPORTING |
Klinger, Stephanie |
9 |
5/22/2025 13:24 |
Suggestion: Add a section on how IR transitions
to DR if needed. There is no reference to how IR integrates with Business
Continuity or Disaster Recovery plans. |
Michelle Newbold |
6/6/2025 10:44 |
1 |
6/6 Discussed with IV&V. |
|
| Section Section 3 PROCEDURES FOR INCIDENT
REPORTING |
French, Shaun |
9 |
5/23/2025 17:37 |
Required: This incident response plan is written
only in the context of a security incident.
There is no planning around system outages or other operational
incidents. This isn’t even any mention
of communication and notification, which is alarming considering UOC’s role
in the program. |
Michelle Newbold |
6/16/2025 14:30 |
1 |
6/16- Liz will add more detail. |
|
| Section Section 3 PROCEDURES FOR INCIDENT
REPORTING |
Klinger, Stephanie |
10 |
5/22/2025 13:25 |
Suggestion: Define metrics. There is no mention
of how incident response effectiveness is measured. |
Michelle Newbold |
6/6/2025 10:44 |
1 |
6/6 AI for AHS- Need to have
reference here for this. |
|
| Section Section 3 PROCEDURES FOR INCIDENT
REPORTING |
Klinger, Stephanie |
10 |
5/22/2025 13:25 |
Suggestion: Schedule regular proactive testing.
Tabletop exercises are mentioned post-incident only.see ab |
Michelle Newbold |
6/6/2025 10:45 |
1 |
6/6 Discussed with IV&V. |
|
| Section Section 3 PROCEDURES FOR INCIDENT
REPORTING |
French, Shaun |
10 |
5/23/2025 7:27 |
Required: Elaborate on how the agency will be
involved in this. |
Michelle Newbold |
6/16/2025 14:32 |
1 |
6/16 Liz indicated we will conduct
Table Top exercise. There is an open
question pending at Agency. |
| Section Section 3 PROCEDURES FOR INCIDENT
REPORTING |
Sidana, Parampreet |
11 |
5/22/2025 15:51 |
Required - it should include Incident/defect/issue
prevention analysis and solutioning as well to reduce the reoccurrence. |
Michelle Newbold |
6/5/2025 11:45 |
0 |
Add section in RCA for DPA. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Count |
11 |
|
|
|
|
|
|
|
|
| Remediated |
9 |
81.82% |
|
|
|
|
|
|
|
| Not Remediated |
2 |
18.18% |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|