This standard documents the security requirements for Vulnerability Management within the Company.
The objectives of the document are to:
a. Provide a statement of intent describing how vulnerability management will be implemented in accordance with Information Security and other requirements
b. Describe the security requirements for identifying, analyzing, fixing and monitoring vulnerabilities
c. Identify the roles, systems and equipment to which this standards applies
d. Define the key steps that support the implementation of this standard
Vulnerability management must be applied to all Company systems and infrastructure. Vulnerability management is prioritized on Hardware and Software storing, processing or transferring Company confidential data, and other Hardware or Software deemed necessary through a risk assessment.
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. ACCOUNTABILITIES AND RESPONSIBILITIES
4. OVERVIEW OF THE VULNERABILITY MANAGEMENT PROCESS
6. FINAL CONSIDERATIONS
6.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
6.2 DOCUMENT REVISION
The objective of the Configuration Management Procedure is to ensure the integrity and availability of Company information and to prevent damages from uncontrolled configuration changes to all IT and physical infrastructure services that support Company’s systems.
The Company has adopted an Information Risk Management Policy (“Policy”) to describe rules and expectations for both itself and all its direct and indirect subsidiaries countrywide.