I published an article on the IBM SecurityIntelligence blog covering Is It Time to Start a PSIRT? Why Your CSIRT May Not Be Enough. The post describes what a PSIRT is and where it is located within an organization.
Setting up a PSIRT involves developing a charter, assembling the team, having budget for long-term operations and have a good relationship with your stakeholders. I also cover the most usual source that you can use to detect vulnerabilities.