Systems Patching and Updating Policy

Purpose

Campus Systems require updating and patching from time to time in order to maintain proper security and functionality.  To this effect, the Office of Information Technology follows this policy when updating or patching systems wherever possible.  Unless specifically noted, this policy impacts all college-owned and managed computers, servers, and technology equipment.

Policy Statement

1. All resources that fall under the umbrella of management by the Office of Information Technology are considered to be part of this policy and the patch management cycle.
2. All servers are patched as a part of a rotating cycle each Tuesday evening at 10:00 PM based on a specified schedule dependent on the time of the academic year.
3. Endpoint systems (workstations/laptops, etc) are managed by remote management software that automatically performs operating system and application updates.
4. The Network Administrator is primarily responsible for the patching of technology-related systems.
5. Technology-related systems are defined as computing, networking, communications, application, and telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and any related materials and services.
6. Any updates to systems managed by third-party vendors (such as Jenzabar, for example, are vetted by the Director of Technology and the specific Subject Matter Expert within the Office of Information Technology and any specific department prior to the execution of the update).
7. All updates, patches, and any associated downtime are listed at this location and regularly updated.