Sample Vulnerability Assessment and Management Policy:
Sample Vulnerability Assessment and Management Standard
The Vulnerability Assessment and Management Standard define Company's objectives for establishing specific standards for the assessment and ongoing management of vulnerabilities.
The Company will periodically assess and identify vulnerabilities in Company information systems environment and procedures. Specific instructions and requirements for assessing vulnerabilities are provided in the Sample Vulnerability Assessment Standard.
The findings from the vulnerability assessment activities must be used to develop a formal plan for the ongoing elimination or mitigation of the vulnerabilities. The Company must establish associated metrics for gauging the effectiveness of these plans. Specific instructions and requirements for managing vulnerabilities are provided in the Sample Vulnerability Management Standard.
Use these samples as a guide for your policy development. Fully customizable versions are available from The Policy Machine.