The Official Web site for the Office of Information Technology - UTSA

This document should be rendered in an HTML format with cascading style sheets and JavaScript turned on.

Office of Information Technology Home Page

Skip to Main Content

Skip to Navigation

Please take a few minutes to read our Accessibility Page which will make your visit through this Web site easier.

Copyright (c) 2010. The University of Texas at San Antonio. All rights reserved.

OIT Home > About OIT > Information Resource Standards > Patch Management Standard

Patch Management Standard

This standard describes general principles addressing the appropriate testing and installation of operating system patches.  ISA’s, ITA’s and others who manage servers and workstations are responsible for the maintenance of security patching on those computers.

Microsoft, Apple and most other workstation and desktop operating system vendors routinely issue software updates.   Security updates published by operating system vendors must be deployed within 30 days of their release if published within the vendor’s patch release cycle, and within 15 days if published via an out-of-cycle update.  If the patch addresses a critical time-sensitive issue, OIT will notify the departmental IT staff to install the patch immediately.

OIT will install the updates to the servers and workstations it manages.  Departmental IT staff and end users are responsible for installing the updates to their computers.  A period for testing is recommended for any patches received; pertinent procedures and guidelines can be found on the Information Security Website.

This standard is closely related to the Configuration and Assets Management Standard.
Effective Date:

May 1, 2011

Compliance Date:

June 30, 2011

Last Revision:

March 30, 2011

Account Management

Disposal of Computers
Other Electronic Devices

Laptop Encryption

Policy Exception and Risk Assumption Procedures

Administrative/Special Access

E-Mail Management

Log-in Disclaimer

Security Monitoring

Application Registration

Incident Management

Network Access

Security Training

Enterprise Backup &
Data Recovery

Information Resource Use and Security (pending)

Network Configuration

Server Hardening

Change Management

Information Security Risk Assessment

Password

Software Licensing

Computer Naming Convention

Information Security Administrator (ISA)

Patch Management Standard

Threat Detection and Prevention

Configuration and Asset Management

Information Security Training Standard

Personal Computing

Unauthorized File Sharing

Copiers and Printers

Information Services Privacy

Physical Access

Vendor Access

Data Center

Internet Use

Portable Computing

Web Application Vulnerability Scanning

Data Classification

Intrusion Detection

Protection Against Malicious Software

Wireless Network

 

 

 

Workstation Operating Systems Support

Tools