Patch and Vulnerability Exceptions Register
Template • Version v1.0 • 26 Sep 2025
How to use
Log exceptions to patch or vulnerability remediation policy. Each entry requires a business owner, compensating controls, and an expiry date. Review weekly.
Register
| ID | Asset or scope | Severity | Exception reason | Compensating controls | Owner | Expiry | Status | Evidence link |
|---|---|---|---|---|---|---|---|---|
| [EX-001] | [Host or app] | [Critical or High] | [Business constraint] | [Isolation, monitoring, etc] | [Name] | [yyyy-mm-dd] | [Open] | [URL] |
Review log
| Date | Reviewer | Notes or decision |
|---|---|---|
| [yyyy-mm-dd] | [Name] | [Continue, Mitigate, Close] |