{"id":"poam-hris-003","systemId":"sys-hris-001","assessmentId":"assess-hris-2025q2","controlId":"SI-2","weaknessDescription":"Flaw remediation process does not meet the 30-day SLA for critical vulnerabilities.","riskLevel":"high","status":"in_progress","milestone":"Patch 23 critical CVEs; implement automated patching pipeline.","scheduledCompletionDate":"2025-08-15T00:00:00Z","responsiblePoc":"David Nguyen, Vulnerability Management Lead","estimatedCostUsd":60000,"remediationPlan":"Phase 1: Emergency patching. Phase 2: Automated pipeline. Phase 3: Continuous compliance.","createdAt":"2025-06-05T10:00:00Z","updatedAt":"2025-07-20T14:00:00Z"}