This template will allow you to create a vulnerability management policy. This is separate from your patch management policy – instead, this policy accounts for the entire process around managing vulnerabilities. This includes the:
- Scope of the program.
- Members of the vulnerability management team.
- Scanning schedule for vulnerability scanning tools.
- Risk acceptance protocol for leaving remediation open.
- High-level steps for remediation.
- Sign-off from management for the entire process.
Use this policy to establish your vulnerability management program as a fundamental part of your larger information security program.