Review rule: weekly review is not a larger daily standup. Use it to identify trends, blocked decisions, aging risk, weak evidence, and program improvements that need owner action.
Weekly Vulnerability Review
Use the week to find patterns the daily standup cannot see.
Use this template to review movement, aging work, exceptions, recurring blockers, detection gaps, and decisions that need risk or leadership attention.
Agenda
A 45-minute weekly review structure.
1. What changed this week?
Summarize new urgent items, KEV changes, high EPSS movement, public PoC, vendor shifts, no-patch cases, and major patch releases.
2. What moved?
Review patched, mitigated, detected, not-affected, accepted, monitored, and closed items with evidence quality.
3. What is aging?
Call out overdue patch work, stale validation, expired exceptions, unresolved vendor questions, and items with no review date.
4. What is blocked?
Separate blockers into change window, owner, testing, unsupported product, no patch, telemetry, vendor guidance, and risk decision buckets.
5. What risk remains?
Review exposed unresolved items, compensating controls, monitoring-only cases, and residual risk that leaders need to understand.
6. What improves next week?
Choose one process improvement: better owner mapping, faster validation, cleaner handoffs, stronger metrics, or improved detection coverage.
Review Inputs
Open these before the meeting.
Action Tracker
Use saved states, owners, due dates, review dates, and evidence notes to see what actually moved.
Metrics Catalog
Bring only metrics that have owners, sources, caveats, and decisions attached.
Exception Register
Check delayed patch, no-patch, mitigation-first, accepted-risk, and expiring exception cases.
Remediation Evidence
Confirm whether closure claims are supported by patch, mitigation, detection, not-affected, or acceptance proof.
Trust Review
Review disputed, rejected, low-confidence, stale, or guidance-changing records before reporting them as facts.
Brief Builder
Convert decisions and movement into a short update for leaders, patch owners, SOC, or risk owners.
Copy Template
Weekly vulnerability review note
Weekly vulnerability review - [week/date] Top changes: - New urgent / KEV / exploited / high EPSS: - Vendor or patch guidance changes: - Major patch cycle notes: Movement: - Patched: - Mitigated: - Detected / SOC covered: - Not affected / closed: - Accepted risk / exception: Aging or blocked work: - Overdue owner items: - Missing affected-version proof: - No patch / unsupported product: - Change window or rollback blocker: - Telemetry or detection gap: - Vendor clarification needed: Risk decisions needed: - Leadership decision: - Risk owner decision: - Exception review: - Compensating control review: Metrics and caveats: - Useful metric changes: - Data freshness or source confidence caveats: - Claims we cannot make yet: Next week focus: - Process improvement: - Owner: - Due / review trigger:
Output Quality
The weekly review should produce decisions, not just minutes.
One risk story
Explain whether risk is increasing, decreasing, blocked, or unclear, and cite the evidence behind that conclusion.
Blocked items grouped
Group blockers by type so leaders can fix process problems instead of chasing individual tickets only.
Exceptions revisited
Every exception or accepted-risk item should have an owner, control, review date, and trigger for re-opening.
Next-week improvement
Pick one operational improvement that reduces repeated friction: owner mapping, evidence quality, detection, patch windows, or reporting.
Recommended next move: pull saved work and metrics into this template, then send only the decisions and blockers that need an audience.