Evidence Description
Record showing vendor advisories reviewed for relevance to organizational assets, exposures, and risk treatment.
What This Evidence Proves
This proves that external advisories are reviewed and assessed instead of merely received.
Related Controls
Related Risks
Source System
Vendor Advisory Process
Collection Method
Vendor advisory list, ticket record, vulnerability management note, or advisory review log.
Review Process
Reviewed monthly and when critical advisories are published.
Audit Notes
Strong evidence shows advisory source, affected products, relevance decision, owner, action, and closure.
- Evidence
- Audit
- Threat intelligence
Note Metadata
Aliases: EVID-0004
Source: 07-Evidence-Library/EVID-0004-Vendor-Advisory-Review.md
Graph-sourced resources
Templates and evidence
Risk treatment artifacts
Risk records, mappings, and treatment-supporting references.