The University of Texas at San Antonio

Office of Information Technology

Office of Information Security (OIS) Standards


OIS 26 – Standard for Patch Management



This standard describes general principles addressing the appropriate testing and installation of operating system patches. Information Security Administrators, Information Technology Associates and others who manage servers and workstations are responsible for the maintenance of security patching on those computers.



This standard supports HOP Policy 8-12 Information Resources Use and Security Policy.



This standard applies to all UTSA faculty, staff, and students.



If you have any questions about OIS 26 – Standard for Patch Management contact the following office:


The Office of Information Security



  1. Microsoft, Apple and most other workstation and desktop operating system vendors routinely issue software updates. Security updates published by operating system vendors must be deployed within 30 days of their release if published within the vendor’s patch release cycle, and within 15 days if published via an out-of-cycle update. If the patch addresses a critical time-sensitive issue, OIT will notify the departmental IT staff to install the patch immediately.


2. OIT will install the updates to the servers and workstations it manages. Departmental IT staff and end users are responsible for installing the updates to their computers. A period for testing is recommended for any patches received; pertinent procedures and guidelines can be found on the Information Security Website.


  • This standard is closely related to the Standard for Configuration and Asset Management.



Effective Date: January 5, 2012

Last Revised: September 10, 2015