System and Security Patching:
System Patching Schedule: Alternate Fridays, 10 a.m - 2 p.m
Policy Statement:
The purpose of this policy is to establish a regular system patching schedule to ensure the security, stability, and performance of our systems. All applicable systems and software must be patched on a weekly basis. This policy applies to all employees, system administrators, and relevant personnel responsible for maintaining and updating the organization's systems.
Policy Guidelines:
Patching Schedule:
Alternate Fridays, between 10 a.m. and 2 p.m., are designated as the official system patching window.
All applicable systems, including laptops and software, must undergo patching during this time.
Patching Responsibilities:
System administrators and designated IT personnel are responsible for identifying and applying necessary patches to the relevant systems.
IT personnel must ensure that all patches are obtained from trusted and authorized sources, such as official vendor websites or verified repositories.
Patching activities should be prioritized based on the severity and criticality of the vulnerabilities addressed by each patch.
Pre-Patching Preparations:
Prior to the scheduled patching window, system administrators should review available patch release notes, documentation, and security advisories.
It is crucial to conduct a thorough assessment of potential risks, dependencies, and compatibility issues related to the patches to be applied.
Patching Process:
During the designated patching window, system administrators should initiate the patching process for each identified system, following established procedures and guidelines.
Patch installation progress should be monitored closely to ensure successful application and avoid any potential disruptions or failures.
System administrators must document the applied patches, including patch details, installation dates, and any encountered issues or errors.
All employees must keep their assigned laptops powered on and connected to the internet during this time to successfully complete the patching process.
Some patches require system restarts, so we recommend users restart their systems at least once a week.
Exception Handling:
In exceptional cases where patching cannot be performed during the designated window due to operational constraints or critical business needs, system/IT administrators should request an exception from the IT Manager.
Exceptions must be justified with valid reasons and undergo an approval process.
Policy Review:
This policy will be reviewed annually or whenever there are significant changes in the system landscape or business requirements that necessitate updates to the patching schedule or procedures.