Security optimize

Download TechRepublic's Server Update and Patch Management Policy

Consultants can better prepare clients for required server patch and upgrade maintenance operations by using this TechRepublic policy.

It never fails -- clients almost always want their servers patched and updated at inopportune times. Let the IT staff work at 2:00 AM on a holiday weekend to update servers and critical systems with the latest patches and updates. It makes sense --saving patch management tasks for odd times often ensures business operations aren't interrupted, and no client employees or contractors are inconvenienced. The hitch is holiday weekends are too few and far apart. Even worse, when a consultancy grows to a decent size, there will be too many servers to patch even if the maintenance is relegated to simply after-hours periods.

Then there's the fact that the patching process isn't perfect. Sometimes servers won't restart. Other times incompatibilities are introduced or a critical application or service won't load. Additional time is then required to troubleshoot and correct the issue. But if patching is scheduled during the middle-of-the-night during a holiday weekend, support from third-party application and software providers may prove unavailable. Thus, careful thought and planning should be dedicated to client patch management.

Setting expectations is key

TechRepublic's Server Update and Patch Management Policy provides consultants with an easy way to complete several important elements at once. The policy:
  • Educates clients and justifies the need for server operating system and application updates, patches, and hotfixes;
  • Schedules the patch maintenance service at a time the client agrees is acceptable;
  • Warns clients, in writing, that patches and updates occasionally introduce errors or incompatibilities, and that if patches and updates are not installed, there is a risk that significant and known vulnerabilities would persist;
  • Determines which client staff member will be contacted to provide advance notice of server patch and update services;
  • Records the telephone number at which the client contact will be reached if server patch management trouble should arise;
  • States how soon in advance the client needs to be notified of server patch maintenance service;
  • Warns the client that critical services, files, and applications may be unavailable during maintenance windows;
  • Reminds clients that patch services performed during regular hours incurs costs and reminds clients that patch maintenance performed after hours may incur additional expense.
The Server Update and Patch Management Policy is an editable Word document, so your consultancy can customize the file to meet your needs.

Once the policy is implemented, you can rest a little easier knowing that server OS and application patch management have a regular schedule, the client's expectations match yours, and that documentation exists about who to contact from the client's organization and at which number if trouble does arise.

About

Erik Eckel owns and operates two technology companies. As a managing partner with Louisville Geek, he works daily as an IT consultant to assist small businesses in overcoming technology challenges and maximizing IT investments. He is also president o...

0 comments