Does your organisation have processes in place to triage and remediate identified vulnerabilities by inputting them into the relevant workflows?
Yes. XXXXX We have procedures in place to manage vulnerabilities for different areas of the company.
...
For Operations and other areas, vulnerabilities are reported by the discovering person discovered by our device management tools or the members of the team and recorded in the Events, Incidents and Weaknesses Register. This is managed by the InfoSec Working Group (ISWG) who ensure that an apropriate solution is put in place, the root cause(s) identified and any further changes are put in place.
...