Ask the Expert

Approach patch management from a policy perspective

I am in charge of developing a patch management policy for our organization (about 450 users). Before I begin creating a patching framework specific to my environment, are there any specific factors I should take into consideration?
It's great that you are approaching the issue of patch management from a policy perspective first -- this is definitely one of the keys to success. For an organization of your size, I would not make the policy overly complicated. At a minimum, ensure the following issues are accounted for in your policy:
  • Proactively monitoring security issues and patch releases from key vendors

  • Prioritizing and scheduling patches in your environment

  • Testing patches in your environment before widespread rollout

  • Tracking changes and updates to your environment (change management)

  • Regularly auditing the environment to ensure compliance with general patch management guidelines

For further detail on these issues, see my white paper published on the patchmanagement.org site.

Other resources that should assist you with designing your policy include:

This was first published in March 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: