Patch Management Procedure Internal Page 2
1. Introduction
The purpose of this procedure is to ensure that software & computer systems attached to
Information Dynamics network are updated accurately and timely with security
protection mechanisms (patches) for known vulnerabilities and exploits. These
mechanisms are intended to reduce or eliminate the vulnerabilities and exploits with
limited impact to the business.
2.Scope
This procedure applies to all Software, Servers OS, Desktops OS, Laptops OS, Printers
firmware & Network elements firmware of Information Dynamics.
The scope will be applicable to all activities under the scope statement of Information
Dynamics.
ISO 27001:2013 Domain Reference: A.12.6.1 – Technical Vulnerability Management
3. Roles and Responsibilities
Responsibilities required for fulfilling the utilization, support and administration roles for
the patch management procedure are identified and documented within a standardized
framework.
Monitoring
Daily, Weekly and Monthly Review of current patch versions.
Receipt of escalated events
Tracking of vulnerabilities & new fixes
Reporting Medium/High Risk vulnerabilities to the Incident
Response Team.