Business Practice for Patch Management

Printable Version in PDF Format (Get Adobe Acrobat)

Table of Contents

• History
• Purpose
• Background
• Business Practice
  • Accountability
  • Applicability
  • Definition(s)
  • Text
• Exhibit(s)
  • Assessment History

History [top]

• Business Practice Number: BP.02.006
• Version: 2
• Drafted By: Carlos Miranda
• Approved By: James August
• Approval Date: 08/25/2017
• Latest Revision Date: 11/15/2023

Purpose [top]

To assure the confidentiality, integrity, and availability of CSU Channel Islands information assets by regularly assessing the University’s patch management practices and administration for efficacy and timeliness.

Background [top]

The University is required by CSU system-wide policy to protect its information assets. One industry best practice in information security is the regular assessment and implementation of software and hardware patching of all computing devices within the computing environment.

Business Practice [top]

Accountability [top]

Associate Vice President for Information Technology Services
Chief Information Security Officer

Applicability [top]

All University-owned hardware connected to the University network

Definition(s) [top]

Patch: A patch is a software designed to update a computer program or its supporting data to fix or improve it. This includes fixing security vulnerabilities and other bugs and improving the usability or performance with such patches, usually called bugfixes or bug fixes.

Patch Management: Patch management is a strategy for managing patches or upgrades for software applications and technologies. A patch management plan can help a business or organization handle these changes efficiently.

Text [top]

General

Information Technology Services (ITS) will implement the following regular patch management practices to ensure the confidentiality, integrity, and availability of the University’s information assets.

Regular patch management practices

ITS will regularly test and apply available software and hardware patches across the University environment for University-owned computing devices, using an industry-accepted standard for patch management.  Patch management and administration will follow CSUCI’s existing standard change control practices (see BP.00.002).

The University currently utilizes Microsoft’s Endpoint Configuration Manager (MCEP), as its patch management system

Exhibit(s) [top]

Assessment History [top]