The University of Texas at San Antonio
Office of Information Technology
Office of Information Security (OIS) Standards
OIS 26 – Standard for Patch Management
I. STANDARD STATEMENT
This standard describes general principles addressing the appropriate testing and installation of operating system patches. Information Security Administrators, Information Technology Associates and others who manage servers and workstations are responsible for the maintenance of security patching on those computers.
II. RATIONALE
This standard supports HOP Policy 8-12 Information Resources Use and Security Policy.
III. SCOPE
This standard applies to all UTSA faculty, staff, and students.
IV. CONTACTS
If you have any questions about OIS 26 – Standard for Patch Management contact the following office:
The Office of Information Security
V. PROCEDURES
- Microsoft, Apple and most other workstation and desktop operating system vendors routinely issue software updates. Security updates published by operating system vendors must be deployed within 30 days of their release if published within the vendor’s patch release cycle, and within 15 days if published via an out-of-cycle update. If the patch addresses a critical time-sensitive issue, OIT will notify the departmental IT staff to install the patch immediately.
- This standard is closely related to the Standard for Configuration and Asset Management.
______________________________________________________________________________
Effective Date: January 5, 2012
Last Revised: September 10, 2015