# Vulnerability Management Runbook > Use this template to runbook for triaging and remediating vulnerabilities. ## Template Metadata | Field | Details | |-------|---------| | Category | Cybersecurity & Privacy | | Owner | [Team or owner] | | Version | [Version number] | | Effective Date | [Date] | | Review Cycle | [Monthly / Quarterly / Annual / Event-based] | | Status | [Draft / In Review / Approved] | ## Intake Sources List scanner findings, penetration tests, bug bounty reports, vendor alerts, and internal reports. | Item | Details | Owner | Status | |------|---------|-------|--------| | [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] | | [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] | ### Notes [Add context, assumptions, exceptions, evidence links, screenshots, calculations, or reviewer comments.] ## Severity Scoring Define severity criteria using CVSS, exploitability, exposure, and business impact. | Item | Details | Owner | Status | |------|---------|-------|--------| | [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] | | [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] | ### Notes [Add context, assumptions, exceptions, evidence links, screenshots, calculations, or reviewer comments.] ## Triage Provide steps to validate findings, assign owners, and remove duplicates. | Item | Details | Owner | Status | |------|---------|-------|--------| | [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] | | [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] | ### Notes [Add context, assumptions, exceptions, evidence links, screenshots, calculations, or reviewer comments.] ## Remediation SLAs Set fix timelines by severity and environment. | Item | Details | Owner | Status | |------|---------|-------|--------| | [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] | | [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] | ### Notes [Add context, assumptions, exceptions, evidence links, screenshots, calculations, or reviewer comments.] ## Verification Describe retesting, evidence capture, and closure requirements. | Item | Details | Owner | Status | |------|---------|-------|--------| | [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] | | [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] | ### Notes [Add context, assumptions, exceptions, evidence links, screenshots, calculations, or reviewer comments.] ## Reporting Define metrics, dashboards, exception handling, and leadership reporting. Make the runbook practical for Security, Engineering, and Compliance teams. | Item | Details | Owner | Status | |------|---------|-------|--------| | [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] | | [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] | ### Notes [Add context, assumptions, exceptions, evidence links, screenshots, calculations, or reviewer comments.] ## Review and Signoff Document review conclusions, approvals, unresolved items, and next review date. | Role | Name | Date | Notes | |------|------|------|-------| | Preparer | [Name] | [Date] | [Notes] | | Reviewer | [Name] | [Date] | [Notes] | | Approver | [Name] | [Date] | [Notes] |