Do you have scheduled fixed day(s) of a month for downtime to patch each critical system?
No25%
Yes, 1 day of the month47%
Yes, 2 days of the month22%
Others (please specify)5%
971 PARTICIPANTS
Sort By:
Oldest
Director in Finance (non-banking)5 years ago
Patch agents are receiving patches and updating systems 24/7, the only scheduled activity is a reboot if systems are going more than seven days without restarting Director Certifications in Education5 years ago
As needed, and also regular schedule like MS patch Tuesday.Chief Security Officer in Software5 years ago
Patch scheduling depends on severity (CVSS score). Most are fixed during scheduled maintenance windows, but high and critical are dealt with as needed to remediate as quickly as possible. ISSO and Director of the IRU in Healthcare and Biotech5 years ago
Depends on the criticality of the vulnerabilities. We can do urgent immediate patches if necessary outside the cycle. CIO5 years ago
I answered no, because it's not a fixed day of the month. Rather, we have a weekend each quarter where we negotiate a quarterly IT outage. In our work on patching what we found was that it was far easier to hold individual applications accountable for finding their own downtime (negotiating the specific duration/date of each outage with their business customers). But when broader outages were required (think core switches and routing, shared VM infrastructure, etc) that impacted multiple applications -- and maybe multiple critical applications -- it was easier to pre-plan these weekend outages for the year. Our experience was that initially these outages were more impactful to systems because we were dealing with a lot of deferred maintenance. But after the first year (4 weekends) the impacts were much more limited in scope (in general). Our biggest learning was that it was much easier to negotiate the weekends that we needed a year in advance (and then continually remind people that they were coming up!), and that we always had work that needed to be done. Also, having these scheduled outages allowed for better coordination of support staff when bigger changes were necessary.