Vulnerability Management Policy
Overview
X
Scope
Applies to all Ops staff.
General Policy
X
Audit
IT staff shall perform a semi-annual audit on key assets. Evidence of said audit shall be kept on file. Reference AU_0002_Vulnerability.
Related SOPs
- SOP_0002_Vulnerability_Scans
Notes
Must include network layer scan
Must include application layer scan
Must include OS level scan
Make results available to customers
Patch management: OS, application, network (AWS), physical devices (AWS) - reference patch management policy
Do you inform customers (tenant) of policies and procedures and identified weaknesses if customer (tenant) data is used as part the service and/or customer (tenant) has some shared responsibility over implementation of control? - YES
Quarterly vulnerability scans. Results are posted to repository
