Do you perform risk-based evaluations of vulnerabilities and pen-testing findings? If so, describe the process.

Yes, vulnerability scans are performed first Sunday of every month, any known vulnerabilities are created as Risk within the Ostendio platform.