A Standard Document model cyber vulnerability handling process (VHP) documenting how an organization accepts, verifies, and handles potential cyber vulnerability reports regarding its current information technology (IT) or any operational technology (OT) infrastructure, and products and services, if applicable. Organizations may receive potential vulnerability reports from internal or external finders, including from security researchers and through bug bounty and vulnerability disclosure programs. This Standard Document includes integrated notes with important explanations and drafting tips and is designed to be used with Practice Note, Bug Bounty and Vulnerability Disclosure Programs.