Can anyone assist with putting together a top level controls checklist of best practice “patch management controls” that should be followed for effective patch management of business critical (with high availability) database servers?
I.e. a list that our audit/risk teams should compare to (( “what should be being done, to what is being done”)) verify what is happening on these systems, to ensure for effective patch management.
Any sort of top 10 controls checklist would be useful. I can’t find much via Google.
If you have had experience in network and systems management before, especially from “availability perspective”, what would good patch management look like, what would you look for, what can typically be improved, what would poor patch management look like?