The objective of the Patch Management Procedure is to set in place IT patch management strategies and create consistently configured operational environment that is secured against known malfunction and vulnerabilities in operating system. This document provides guidance on creating security patch and vulnerability management and testing the effectiveness of that program in operational activity of system. This document will be evaluated on annual basis for ensuring its adequacy and relevancy regarding IT infrastructure’s needs and goals.
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. WORK-FLOW (DESCRIPTION / FLOWCHARTS)
3.1 CREATING A SYSTEM INVENTORY
3.2 OBTAINING PATCHES OR WORKAROUNDS
3.3 VALIDATING PATCHES
3.4 TESTING PATCHES
3.5 DEPLOYING & VERIFYING PATCHES
4. RESPONSIBILITIES MATRIX / TASKS DETAILS
5. INDICATORS / REPORTING SYSTEM
7. FINAL CONSIDERATIONS
7.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
7.2 DOCUMENT REVISION
This bundle contains all the products listed in the Program Development and Change Management section. Take advantage of the 25% OFF when buying the bundle!
This IT Risk Standard details the requirements with respect to Network Security. It addresses requirements which must be incorporated into the Company network design, in order to mitigate risks associated with remote access and interconnected networks.
The objective of this policy is to define standards, procedures, and restrictions for end users who are connecting a personally-owned device to Company’s organization network for business purposes.