Vulnerability management is the process of identifying, evaluating, treating, and reporting security vulnerabilities in systems and the software that runs on them. This, implemented alongside other security tactics, is vital for organizations to prioritize possible threats and minimize their “attack surface.”

Security vulnerabilities, in turn, refer to technological weaknesses that allow attackers to compromise a product and the information it holds. This process needs to be performed continuously in order to keep up with new systems being added to networks, changes that are made to systems, and the discovery of new vulnerabilities over time.

Maintaining a Vulnerability Management Policy is an integral part of the SOC 2 framework.