3. How often do vulnerability scans happen and when should I look for results?
Vulnerability scans are currently scheduled to run weekly and the results are available immediately after the scan completes via the reporting portal. The key time to look for results is right after security patches are released by the responsible vendor.
The community IT team that applies patches to the various platforms should have a Service Level Agreement (SLA) on deploying newly released patches. For example, Microsoft has “patch Tuesday” when they release patches. The vulnerability scan will verify if the fix has been applied and if it addresses the security concern.