The Vulnerability & Patch Management Program (VPMP) is program-level documentation that is an essential need for any organization to demonstrate HOW vulnerabilities are actually managed within an organization. Most companies run into issues during audits when the actual practices for vulnerability & patch management are looked at. The VPMP is meant to advance your organization to a mature level of vulnerability management and have the documentation to prove it!
Can You Honestly Answer HOW Vulnerability Management Is Implemented At Your Organization?
When you "peel back the onion" and prepare for an audit, there is a need to address "the how" for certain topics, such as vulnerability management. While policies and standards are designed to describe WHY something is required and WHAT needs to be done, many companies fail to create documentation to address HOW the policies and standards are actually implemented. We did the heavy lifting and created several program-level documents to address this need and the Vulnerability & Patch Management (VPMP) is one of those products.