Not a Tech Pro Research member? Sign up for a Free Trial and get access to this content and more for one week.
System update policy
- Originally Published:
- Dec 2017
To ensure security and stability, it’s critical to have standardized, well-documented practices for installing software updates. This policy offers guidelines for managing the update process, logging changes, and handling backups and device decommissioning.
From the policy: Maintaining a regular schedule of updates—as well as applying critical out-of-band patches as vulnerabilities are discovered—is paramount to maintaining the integrity of corporate security. With the advent of such threats as ransomware, performing regular security and platform updates, as well as creating backups in the event that an update fails to install properly, is necessary to ensure that business operations can be conducted smoothly.
There are two methods to determine whether updates are available or need to be performed.
For Windows workstations and servers, preinstalled vendor-supplied software such as HP Support Assistant or Lenovo System Update automatically checks a database supplied by the vendor for updates to Intel ME or AMD PSP, system BIOS and firmware, and hardware drivers. Windows Update provides updates to the OS. Alternatively, Microsoft Update provides updates to Windows and other Microsoft software, including Office applications installed via the Microsoft Store that are updated through that interface. Other applications (such as Mozilla Firefox or Google Chrome) have their own internal update mechanism.
For devices running OS X, all of these functions are handled in the Mac App Store.
For servers and workstations running Linux, these functions are handled in the package manager for your distribution. System BIOS updates may require manual patching.
For mobile and tablet devices, these functions are handled by the OS and app stores.
Periodic checking of security bulletins relevant to the devices in use by the company is necessary. Critical vulnerabilities that prompt vendors to issue out-of-band updates may necessitate emergency maintenance.
Already a member? Log in here