Patch Management

Division: 

Administration & Finance

Department: 

Information Technology Services

Contact Information: 

Nish Malik / Senior Associate Vice President (AVP) and Chief Information Officer (CIO) / (415) 405-4105 / nish@sfsu.edu

Effective Date: 

Thursday, July 1, 2010

Revised Date: 

Wednesday, March 26, 2025

Authority: 

Configuration Management (ISO Domain 12: Operations Security Policy

 

Objective: 

This policy defines requirements for patch management on all SF State-owned information technology systems, network resources, and applications.

Statement: 

All SF State-owned information technology systems, network resources (e.g., switches, routers and firewalls) and applications will have a management-appointed person or persons (formally identified) responsible for maintenance of operating systems, security software and applications. 

Unless an update introduces security or performance issues, all components will be kept current, including the operating system, web servers, application servers, DBMS, applications, and code libraries.

All departments and units will follow documented patch management standards and procedures in conformance with change control policies.

 

 

Non-Compliance 

Non-compliance with applicable policies may result in suspension of procurement, network and systems access privileges.