supernav-iconDrataverse - June 22 | Drata’s user and compliance summit
Drata Wordmark Black
  • Solutions
    • Platform
      • Startup
      • Scale
      • Audit Hub
      • Trust Center
      • Risk Management
      • Open API
      • Integrations
    • Frameworks
      • SOC 2
      • ISO 27001
      • HIPAA
      • GDPR
      • Custom Frameworks
      • All Frameworks
    • SOC 2 Compliance: A Beginner's Guide
      Access the Guide
      SOC 2 Guide
  • Resources
    • Resources
      • Blog
      • Drata Events
      • Webinars
      • Reports
      • Compliance Glossary
      • Community
      • API Documentation
    • June 22: Attend Drata's Inaugural User and Compliance Summit
      Register
      Attend Drata's Inaugural User and Compliance Summit
  • Auditors
  • Customers
  • Company
    • Company
      • Careers
      • Auditors
      • Partners
      • Press
      • Security
      • Contact Us
    • Drata Named One of the Best Workplaces in Technology
      Read More
      Drata Linkedin Global Nav
  • Sign In
  • Get Started
  • Sign In
  • Get Started
HomeCompliance GlossaryWhat is Vulnerability Management?

What is Vulnerability Management?

Vulnerability management is the process of identifying, evaluating, treating, and reporting security vulnerabilities in systems and the software that runs on them. This, implemented alongside other security tactics, is vital for organizations to prioritize possible threats and minimize their “attack surface.”


Security vulnerabilities, in turn, refer to technological weaknesses that allow attackers to compromise a product and the information it holds. This process needs to be performed continuously in order to keep up with new systems being added to networks, changes that are made to systems, and the discovery of new vulnerabilities over time.


Maintaining a Vulnerability Management Policy is an integral part of the SOC 2 framework.

Join the thousands of companies that trust Drata

See All Case Studies
Abnormal Logo
Airbase
BambooHR Logo
BigID Logo
Clearbit Logo
Clearco Logo
Lemonade Logo
Fivetran Logo
Notion Logo
Vercel Logo
Wordpress VIP
Calendly Logo

View Drata Glossary

Learn more about other compliance and cybersecurity concepts in our glossary.

Read More
Drata Wordmark White

Drata is a security and compliance automation platform that continuously monitors and collects evidence of a company’s security controls, while streamlining workflows to ensure audit-readiness.

Solutions

StartupScaleEnhanceDrata PlatformIntegrations
Frameworks
SOC 2ISO 27001HIPAAGDPRCustom FrameworksAll Frameworks
Resources
BlogDrata EventsWebinarsReportsCompliance GlossaryCommunityAPI Documentation
Company
Careers
HIRING
CustomersAuditorsPartnersPressContact Us
Trust
Security and ComplianceTrust CenterSystem Status
Become a Trusted Newsletter Insider

The latest security and compliance news, delivered.

Secured DesktopSecured Desktop

© 2023 Drata Inc. All rights reserved.

Privacy PolicyGDPRTermsCookiesDisclosure PolicySub-processorsData Processing Addendum