Patch Management

Division: 

Administration & Finance

Department: 

Information Technology Services

Contact Information: 

Nish Malik / Associate Vice President and Chief Information Officer, Information Technology Services / (415) 405-4105 / nish@sfsu.edu

Effective Date: 

Thursday, July 1, 2010

Revised Date: 

Thursday, July 1, 2010

Authority: 


Objective: 

This Practice Directive defines requirements for patch management on all SF State owned information technology systems, network resources and applications.


Statement: 

Purpose and Scope

This Practice Directive defines requirements for patch management on all San Francisco State University owned information technology systems, network resources (such as switches, routers and firewalls) and applications.

Practice Directive

All SF State-owned information technology systems, network resources (such as switches, routers and firewalls) and applications will have a management-appointed person or persons (formally identified) responsible for maintenance of operating systems, security software and applications. 

Unless a security patch or update introduces security or performance issues, all components will be kept current, including the operating system, Web server, application server, DBMS, applications and all code libraries.

All departments and units will follow documented patch management standards and procedures in conformance with change control policies.

References

Configuration change and patch management implementation guidelines
CSU Configuration Management Information Security Policy
CSU Change Control Information Security Policy