I am in charge of developing a patch management policy for our organization (about 450 users). Before I begin creating a patching framework specific to my environment, are there any specific factors I should take into consideration?
It's great that you are approaching the issue of patch management from a policy perspective first -- this is definitely one of the keys to success. For an organization of your size, I would not make the policy overly complicated. At a minimum, ensure the following issues are accounted for in your policy:
- Proactively monitoring security issues and patch releases from key vendors
- Prioritizing and scheduling patches in your environment
- Testing patches in your environment before widespread rollout
- Tracking changes and updates to your environment (change management)
- Regularly auditing the environment to ensure compliance with general patch management guidelines
For further detail on these issues, see my white paper published on the patchmanagement.org site.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Other resources that should assist you with designing your policy include: