We help IT Professionals succeed at work.
Get Started

Help review broadcast on systems patching directive

254 Views
Last Modified: 2017-03-30
There's growing concern on the timeliness & thoroughness of patching.  I need to
broadcast out an email to the organization's hundreds of IT staff (infra & apps teams)
to emphasize this in a firm (but non-offensive) manner from governance perspective.

Appreciate if anyone can review it's wordings & add on any useful points:

======================================================================

IT teams,

This broadcast is to emphasize the importance of performing timely patch assessment
& obtain downtime where needed to apply patches.  The patches may be security or
non-security (ie for functional fixes) related and meant for appliances/devices (eg: for
network/firewall devices) Operating Systems for servers, workstations and hosts,
applications and firmwares/microCodes.

You are urged to :

1.review regularly the availability of patches for the respective products under your
   care (via the principal's web page and assess if the released patch(es) are applicable

2. assess if the patch is applicable to the products under your support within 3
    working days

3.do test out the patches and seek for approved downtime early so that you have
   sufficient time to test out the patches as thoroughly as possible to minimize the
   risk of patches causing service disruptions

4.maintain a patch register and update it asap after patching has been done

5. As a good practice, apply patches to development, SIT/UAT before rolling
    out to production  environment

Failing to apply patches timely will result in extended exposure to vulnerabilities
and product defects/issues

For your attention and compliance,
IT Security Governance
Comment
Watch Question
Exec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This problem has been solved!
Unlock 3 Answers and 6 Comments.
See Answers
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE