Last updated: 01 December 2022
Ref: 707aa23c-2bf0-45c5-8226-4494c30668a0
Purpose
1. The purpose of this Patch Management Policy is to establish guidelines for the identification, testing, installation, and verification of software patches for all company-owned systems and applications. This policy will help to maintain the security of our systems and data by addressing known vulnerabilities in a timely and consistent manner.
Scope
2. This policy applies to all company-owned systems and applications. The IT department is responsible for the implementation and enforcement of this policy.
Policy
3.1 Identification of Patches
The IT department monitors vendor security websites, mailing lists, and other sources for security alerts and software patches related to the company's systems and applications. The department assesses each patch to determine its relevance and priority for installation.
3.2 Testing of Patches
The IT department tests each patch on a non-production system before installing it on the production environment. The testing includes an evaluation of the impact of the patch on the system's performance, stability, and functionality. Only patches that pass the testing phase will be installed in the production environment.
3.3 Installation of Patches
The IT department installs approved patches on company-owned systems and applications. Patches are installed as soon as possible, with a priority given to critical and high-risk patches. The IT department maintains a record of the date and time of patch installation.
3.4 Verification of Patches
After installation, the IT department verifies that the patch has been successfully installed and that the system or application is functioning correctly. Verification includes a review of system logs to confirm that the patch has been installed and that no errors or issues have occurred.
3.5 Patch Documentation
The IT department maintains a record of all installed patches, including the date and time of installation, the system or application patched, and the version number of the patch. This documentation is maintained for a minimum of one year.
Exceptions
4. Exceptions to this policy may be granted on a case-by-case basis by the IT department. Exceptions will be documented and approved by the IT department.
Patch Management Responsibility
5. The IT department is responsible for the management and enforcement of this policy. The IT department will review this policy on an annual basis and update it as necessary.
Conclusion
6. This Patch Management Policy is ensuring that Liqvid PTE. LTD is protected from known vulnerabilities by establishing a clear process for identifying, testing, installing, and verifying software patches. This policy will help to maintain the security and integrity of our systems and data.
Download Liqvid Patch Management Policy