I am looking for two procedures: Vulnerability Management and cryptographic / encryption key management.
Vulnerability procedure on how many scan are necessary for each classification asset (critical, medium, etc), necessary work to do, documentation process, etc.
Cryptographic on how to protect keys, private keys, emergency access to keys, encryption methods, code signing certificate, etc
Baseline: ISO 27002 - 10.1.2
OWASP: Key Management Cheat Sheet (key life cycle management (generation, distribution, destruction) ;
key compromise, recovery and zeroization ; key storage and key agreement)
A vulnerability procedure is not mandatory for ISO 27001 and is not a common document adopted by organizations, so there is no template covering the specific clause of the standard related to it (control A.12.6.1 - Management of technical vulnerabilities).
Control A.12.6.1 does not prescribe how many scans are necessary for each classification asset. You should define these based on the results of risk assessment and applicable legal requirements.
This article will provide you with a further explanation about key management: