{"total":3,"limit":20,"offset":0,"items":[{"id":"poam-hris-001","systemId":"sys-hris-001","assessmentId":"assess-hris-2025q2","controlId":"AC-4","weaknessDescription":"Information flow enforcement does not extend to cloud collaboration platforms.","riskLevel":"moderate","status":"in_progress","milestone":"Deploy Microsoft Purview DLP to SharePoint Online and Box.","scheduledCompletionDate":"2025-09-30T00:00:00Z","responsiblePoc":"Mike Torres, Network Security Lead","estimatedCostUsd":45000,"createdAt":"2025-06-05T10:00:00Z","updatedAt":"2025-07-15T09:00:00Z"},{"id":"poam-hris-002","systemId":"sys-hris-001","assessmentId":"assess-hris-2025q2","controlId":"IR-4","weaknessDescription":"Incident response procedures are not regularly tested and lack performance metrics.","riskLevel":"moderate","status":"open","milestone":"Conduct tabletop exercise and establish MTTD/MTTR metrics.","scheduledCompletionDate":"2025-08-31T00:00:00Z","responsiblePoc":"Lisa Park, IR Manager","estimatedCostUsd":15000,"createdAt":"2025-06-05T10:00:00Z","updatedAt":"2025-06-05T10:00:00Z"},{"id":"poam-hris-003","systemId":"sys-hris-001","assessmentId":"assess-hris-2025q2","controlId":"SI-2","weaknessDescription":"Flaw remediation process does not meet the 30-day SLA for critical vulnerabilities.","riskLevel":"high","status":"in_progress","milestone":"Patch 23 critical CVEs; implement automated patching pipeline for OS and middleware.","scheduledCompletionDate":"2025-08-15T00:00:00Z","responsiblePoc":"David Nguyen, Vulnerability Management Lead","estimatedCostUsd":60000,"createdAt":"2025-06-05T10:00:00Z","updatedAt":"2025-07-20T14:00:00Z"}]}