Do you have vulnerability management program in place? If so, please describe the scope and frequency of the scans.