5.2.6 Remediation

Like notification, remediation is also an essential element of accountability, referenced directly by the fourth and final accountability practice in the accountability model presented in section 1. Again, the specifics of a particular remedial action in response to a specific violation depend on the circumstances of the violation itself, and many may be enacted ad-hoc. As such, the RA does not propose a particular mechanism for remediation. We do, however, note that a framework for the systematic addressing of violations and provision of remedies depends on the proper implementation of the accountability-support services described in the previous sections. Specifically, service functions should be in place to facilitate:

• The ability to detail the origin of policy violations in order to provide appropriate responses. Customers need to know whether the policy violation occurred as the result of an attack, a deliberate action by the provider, an unintended alteration or any other means, in order to make an educated decision about the efficacy of the proposed remediation or request additional redress.
• The ability to suggest response actions to ease the process for customers responding to the event. Customers could get assistance from the service provider in performing any necessary step on their part to handle the event. This would include any remediation action deemed appropriate.

Accountability support tools facilitate notification and remediation processes in the cloud. Starting from the filling of complaints towards incident detection (AAS, DTMT), incident handling (IMT), automated notification (A-PPLE, DT) and remediation and redress, the workflow across these phases and tools can provide much more assurance that corrective actions have been taken in accordance with contracts and regulations.