Patch Management Policy

Similar documents
UNSW Technology Policy:

Wide Area Network (WAN)

Customer Information. Agilent 2100 Bioanalyzer System Startup Service G2949CA - Checklist

Admin Report Kit for Exchange Server

Announcing Veco AuditMate from Eurolink Technology Ltd

Overview of Data Furnisher Batch Processing

Point-to-Point Encryption (P2PE)

ABELDent Platform Setup Conventions

TPP: Date: October, 2012 Product: ShoreTel PathSolutions System version: ShoreTel 13.x

Security of Information Technology Resources

Service Level Agreement

ABELMed Platform Setup Conventions

Enrolling onto the Open Banking Directory How To Guide

Service Level Agreement

CSC IT practix Recommendations

Software Usage Policy Template

HPE LoadRunner Best Practices Series. LoadRunner Upgrade Best Practices

HP Server Virtualization Solution Planning & Design

UPGRADING TO DISCOVERY 2005

NCTA-Certified Cloud Technologist (NCT) Exam NCT-110

App Orchestration 2.6

Date: October User guide. Integration through ONVIF driver. Partner Self-test. Prepared By: Devices & Integrations Team, Milestone Systems

HPE AppPulse Mobile. Software Version: 2.1. IT Operations Management Integration Guide

Information Technology Services MCG New Student Orientation Fall 2016

ITD Information Security October 19, 2015

OmniPCX Record PCI Compliance 2.3

Rapid Implementation Package

MHS BYOD Policy MUDGEE HIGH SCHOOL STUDENT BRING YOUR OWN DEVICE (BYOD) POLICY

IMC QoS Manager 7.3 (E0502) Copyright 2015, 2016 Hewlett Packard Enterprise Development LP

DELL EMC PERSONALIZED SUPPORT SERVICES

High Security SaaS Concept Software as a Service (SaaS) for Life Science

Net1 Mobile Solutions (Pty) Ltd COMPLAINT HANDLING PROCEDURE

Custod. July 30, 20100

Utilities Global Business* Service Descriptions and Metrics

Firmware Upgrade Wizard v A Technical Guide

1 Getting and Extracting the Upgrader

BME Smart-Colo. Smart-Colo is a solution optimized for the colocation of trading applications, built and managed by BME.


ERS IT Portfolio Report

CONTROL-COMMAND. Software Technical Specifications for ThomX Suppliers 1.INTRODUCTION TECHNICAL REQUIREMENTS... 2

Element Creator for Enterprise Architect

CaseWare Working Papers. Data Store user guide

Avaya Oceanalytics Insights for Elite Release Notes Issue 1.0 November 30, 2017

Keeping Dynamics GP Secure

What guidelines are available for Sub-editors and Referees?

OO Shell for Authoring (OOSHA) User Guide

Supported System Requirements for DRC CTB LAS Links Online Testing Effective August September 2017

EcoStruxure for Data Centers FAQ

1 Getting and Extracting the Upgrader

SAP Intelligent Notification 365, Service. On-boarding process for SAP Hybris Marketing Cloud / SAP Hybris Marketing customers

Oracle CPQ Cloud Release 1. New Feature Summary

KNX integration for Project Designer

Installation and Getting Started

Performance of usage of MindSphere depends on the bandwidth of your internet connection.

USD 373 s General Guidelines for Web Page Publishing. The USD 373 Internet community domain address will be located at

SOLA and Lifecycle Manager Integration Guide

NiceLabel LMS. Installation Guide for Single Server Deployment. Rev-1702 NiceLabel

- International Offline. Installation Guide. For authorised Franklin Templeton use only

McGill University Firewall Sharing Services Service Description and Service Level Agreement. Prepared by Network and Communications Services

SAP Business One Hardware Requirements Guide

Succeed in ISO/IEC Audit Checks. Bob Cordisco Systems Engineer

Welcome to Manage Risk to Your Organization with Effective Data Security

The screenshots/advice are based on upgrading Controller 10.1 RTM to 10.1 IF6 on Win2003

Service Description: Advanced Services Fixed Price

UNIVERSITY OF MIAMI POLICY AND PROCEDURE MANUAL

DIVAR IP 3000 Field Installation Guide

DocAve 6 Software Platform

Service Description Safecom Secure Mail Relay Version 3.5

Westinghouse Nuclear Automation. Ovation -based Rod Control Logic Cabinet

TRAUMACAD 2.5 PREREQUISITES

Managed Infrastructure SLA

Avigilon Control Center Server User Guide. Version 6.4

TIBCO Statistica Options Configuration

Oracle Health Sciences. InForm Trial Capacity Cloud Service Service Descriptions and Metrics

Extended Traceability Report for Enterprise Architect

Upgrade Guide. Medtech Evolution Specialist. Version 1.11 Build (October 2018)

John R. Robles CISA, CISM, CRISC

Managed Infrastructure SLA

SERVICE LEVEL AGREEMENT. Mission: Certificates Management

SAS Viya 3.2 Administration: Mobile Devices

SUPPLIER CONNECTION SUPPLIER REFERENCE GUIDE FOR LEAR SUPPLIERS

Release Notes Version: - v18.13 For ClickSoftware StreetSmart September 22, 2018

HP Universal CMDB. Software Version: Backup and Recovery Guide

Assignment Format Download from LMS 30 mins VIDEO Video: Self-paced, available anytime PDF quick reference. Later a recording will be on the LMS.

Your New Service Request Process: Technical Support Reference Guide for Cisco Customer Journey Platform

Avigilon Control Center Server User Guide. Version 6.8

FUNDAMENTALS OF INFORMATION SYSTEMS AUDIT

BlackBerry Server Installation and Upgrade Service

App Center User Experience Guidelines for Apps for Me

1. The first section examines common performance bottlenecks that need to be considered.

ALCATEL-LUCENT RAINBOW TM

MySabre API RELEASE NOTES MYSABRE API VERSION 2.0 (PART OF MYSABRE RELEASE 7.0) OCTOBER 28, 2006 PRODUCTION

Cisco Tetration Analytics, Release , Release Notes

Vulnerability Protection A Buffer for Patching

ADSS Server Evaluation Quick Guide

Computer Science Department cs.salemstate.edu. ITE330 Web Systems. Catalog description:

CLOUD & DATACENTER MONITORING WITH SYSTEM CENTER OPERATIONS MANAGER. Course 10964B; Duration: 5 Days; Instructor-led

Shavlik Protect. Upgrade Guide

ES93x INCA Add-On V1.4.0

Supported System Requirements for ACCESS for ELLs 2.0 and Screener. Effective June September 2018

Transcription:

Patch Management Plicy (Versin 1) Dcument Cntrl Infrmatin: Date: 21/5/18 Master Tracking Name Patch Management Plicy Master Tracking Reference Owning Service / Department Exeter IT Issue: 1 Apprvals: Authrs: Apprved By: Authrised By: P. Jnes, T. Dyhuse and Ali Mitchell Exeter IT Senir Management Team Chief Infrmatin & Digital Officer Patch Management Plicy v1 1

Dcument Cntrl Authr Versin Date Issued Changes Apprval P. Jnes 0.1 04/09/17 Creatin f dcument T. Dyhuse 0.2 27/09/17 QA f V0.1 additin f CAB measures. P Jnes 0.3 Octber 2017 Updates frm CGR and split int tw dcuments. Ali Mitchell 1.0 May 2018 Frmat and added in Third Party Suppliers Published Next review due: July 2018 Patch Management Plicy v1 2

Cntents 1 Intrductin.4 2 Purpse.4 3 Definitins 4 4 Scpe.4 5 Plicy.5 6 Rles and respnsibilities 6 7 Mnitring and reprting..6 8 Plicy review and maintenance..6 9 Advice 6 Patch Management Plicy v1 3

1. Intrductin The University f Exeter has a respnsibility t uphld the cnfidentiality, integrity and availability f the data held n its IT systems n and ff site which includes systems and services supplied by third parties. The university has an bligatin t prvide apprpriate and adequate prtectin f all IT estate whether it is IT systems n premise, in the Clud r systems and services supplied by third parties. Effective implementatin f this plicy reduces the likelihd f cmprmise which may cme frm a malicius threat actr r threat surce. 2. Purpse This dcument describes the requirements fr maintaining up-t-date perating system security patches and sftware versin levels n all the University f Exeter wned estate and services supplied by third parties. 3. Definitins The term IT systems includes: Wrkstatins Servers (physical and virtual) Firmware Netwrks (including hardwired, Wi-Fi, switches, ruters etc.) Hardware Sftware (databases, platfrms etc.) Applicatins (including mbile apps) Clud Services 4. Scpe This plicy applies t: Wrkstatins, servers, netwrks, hardware devices, sftware and applicatins wned by the University f Exeter and managed by Exeter IT. This includes third parties supprting University f Exeter IT systems. Systems that cntain cmpany r custmer data wned r managed by Exeter IT regardless f lcatin. Again, this includes third party suppliers. CCTV systems where recrdings are backed up t the University s netwrks. Pint f payment terminals using University f Exeter s netwrks. Third party suppliers f IT systems as defined in Sectin 3. Patch Management Plicy v1 4

5. Plicy University cntrls: All IT systems (as defined in sectin 3), either wned by the University f Exeter r thse in the prcess f being develped and supprted by third parties, must be manufacturer supprted and have up-t-date and security patched perating systems and applicatin sftware. Security patches must be installed t prtect the assets frm knwn vulnerabilities. Any patches categrised as Critical r High risk by the vendr must be installed within 14 days f release frm the perating system r applicatin vendr unless prevented by University IT Change Cntrl (CAB Change Advisry Bard) prcedures. Where CAB prcedures prevent the installatin f Critical r High risk security patches within 14 days a temprary means f mitigatin will be applied t reduce the risk. Wrkstatins All desktps and laptps that are managed by Exeter IT must meet the Laptp and Wrkstatin Build Plicy minimum requirements in build and setup. Any exceptins shall be dcumented and reprted t Exeter IT Head f IT Security and Cmpliance. Servers Servers must cmply with the recmmended minimum requirements that are specified by Exeter IT which includes the default perating system level, service packs, htfixes and patching levels. Any exceptins shall be dcumented and reprted t Exeter IT Head f Security and Cmpliance. Third Party Suppliers: Security patches must be up-t-date fr IT systems which are being designed and delivered by third party suppliers prir t ging peratinal. Third party suppliers much be prepared t prvide evidence f up-t-date patching befre IT systems are accepted int service and thus becme peratinal. Once the IT systems are peratinal the fllwing patching timescales apply: Critical r High Risk vulnerabilities 14 calendar days Medium 21 calendar days Lw 28 calendar days Patch Management Plicy v1 5

6. Rles and Respnsibilities Exeter IT. Will manage the patching needs fr the Windws, Apple Mac OS and Linux estate that is cnnected t the University f Exeter dmain. Respnsible fr rutinely assessing cmpliance with the patching plicy and will prvide guidance t all the stakehlder grups in relatin t issues f security and patch management. Change Advisry Bard. End User. Respnsible fr apprving the mnthly and emergency patch management deplyment requests. The end user has a respnsibility t ensure that patches are installed and the machine is rebted when required. Any prblems must be reprted t Exeter IT. Third Party Suppliers Will ensure security patches must be up-t-date fr IT systems which are being designed and delivered by third party suppliers prir t ging peratinal. Once the IT systems are peratinal third party suppliers must ensure vulnerability patching is carried ut as stipulated in Sectin 5 Plicy. Where this is nt pssible, this must be escalated t the Head f IT Security and Cmpliance. 7. Mnitring and Reprting Thse with patching rles as detailed in sectin 6 abve are required t cmpile and maintain reprting metrics that summarise the utcme f each patching cycle. These reprts shall be used t evaluate the current patching levels f all systems and t assess the current level f risk. These reprts shall be made available t Cyber Security Team and Internal Audit upn request. 8. Plicy Review and Maintenance The Plicy will be reviewed and updated, annually, r as needed, t ensure that the plicy remains aligned with changes t relevant laws, cntractually bligatins and best practice. 9. Fr advice Please cntact either the Head f IT Security and Cmpliance r the IT Operatins and Security Manager. Queries can be emailed t infrmatin-security@exeter.ac.uk Patch Management Plicy v1 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback