PortfolioIT & InfrastructureEndpoint & Device ManagementIntermediate
IT & InfrastructureIntermediate 3 to 4 hours

Patch Management Schedule and Policy

Design a patch management schedule that balances security urgency with operational risk.

The Scenario

A SA financial services firm has been deploying Windows updates manually and inconsistently. Some endpoints are months behind on critical patches; other patches were rolled out and broke a key line-of-business application. The CIO wants a documented patch management policy and schedule.

The Brief

Produce a patch management policy and operational schedule. Cover OS patches, application patches, and firmware. Address the trade-off between speed (security) and stability (avoiding breakage).

Deliverables

  • A patch policy document covering: severity tiers (Emergency, Critical, Standard, Optional), the SLA for each tier, the testing requirement, and the rollback criteria
  • An operational schedule showing the monthly cycle: patch release day, test ring, pilot ring, production rings, and the exception process
  • A communications template covering pre-patch user notifications and post-patch confirmation messaging
  • A short risk-and-exception section listing the criteria for delaying a patch and who must approve the exception

Submission Guidance

No patch policy survives the first time a patch breaks the ERP. Build the policy with that day in mind: a defensible rollback path, a fast exception route, and a clear test ring before production.

Submit Your Work

Your submission is graded against the rubric on the right. If you pass, you get a public Badge URL you can share on LinkedIn. There is no draft save, so work offline first and paste your finished response here.

This appears on your public Badge.

0/20000 charactersMarkdown supported

One per line or comma separated. Up to 5 links.

By submitting, you agree your submission text, name, and evaluation will appear on a public Badge URL.