Highline College

Connect with Highline College

Winter quarter starts January 6. View the class schedule and enroll today for the best selection of classes.

2.7 Patch Management Standard

Home/IT Security/IT Security Policy/2.7 Patch Management Standard
2.7 Patch Management Standard 2024-03-25T12:18:03+00:00

2.7 Patch Management Standard

 

2.7.1. Overview

Highline College is responsible for ensuring the confidentiality, integrity, and availability its data and that of customer data stored on its systems.  Highline College has an obligation to provide appropriate protection against malware threats, such as viruses, Trojans, and worms which could adversely affect the security of the system or its data entrusted on the system.  Effective implementation of this standard will limit the exposure and effect of common malware threats to the systems within this scope.

 

2.7.2. Purpose

This standard describes the ITS requirements for maintaining up-to-date operating system security patches on all Highline College owned and managed workstations and servers.

 

2.7.3. Scope

This standard applies to workstations or servers owned or managed by Highline College. This includes systems that contain company or customer data owned or managed by Highline College regardless of location.

 

2.7.4. Standard

Workstations, servers, and networking equipment (routers and switches) owned by Highline College must have up-to-date operating system security patches installed to protect the asset from known vulnerabilities.

2.7.4.1 Workstations

Desktops and laptops must have automatic updates enabled for operating system patches.  This is the default configuration for all workstations built by Highline College. Any exception to the standard must be documented with ITS.

2.7.4.2 Servers

Production servers must have up-to-date security patches, hotfixes, and service packs installed to protect them from known vulnerabilities. Any exception to the standard must be documented with ITS.

2.7.4.3 Routers and Switches

Production routers and switches must have up-to-date security patches, hotfixes, and service packs installed to protect them from known vulnerabilities. Any exception to the standard must be documented with ITS.

 

2.7.5. Compliance

2.7.5.1 Compliance Measurement

ITS will verify compliance to this standard through various methods, including but not limited to, periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the standard owner.

2.7.5.2 Exceptions

Any exception to the standard must be approved by ITS in advance.

2.7.5.3 Non-Compliance

An employee found to have violated this standard may be subject to disciplinary action, up to and including termination of employment.

 

2.7.6. Related Standards, Policies, and Processes

None.

 

2.7.7. Revision History

Date By Summary