We are still in the process of obtaining ISO 27001 certification.
At the same time, we are receiving many many questionnaires/assessments from customers and prospects. These will hopefully disappear after the certification.
In these questionnaires they require “Patch Management Policy” and “Vulnerability Management Policy”. Do you have a template for each?
Patch management and vulnerability management would be best covered in A.12.1 - Security Procedures for IT Department, located on folder 08 Annex A Security Controls >> A.12 Operations Security since it involves change management.
This article will provide you a further explanation: