Patch Priority Matrix

Document Sample
Patch Priority Matrix Powered By Docstoc
					Patch Priority Matrix
For each application, use the following procedure to assign criticality levels and patch timeframes. Copy
and paste the completed matrix into your Patch Management Policy.

1.    Give each application a criticality rating of high, medium or low based on management’s
      assessment of the importance of the application to the functioning of the business, risk for
      exposure, and tolerance for risk.

2.    Patch priority will be determined by vendor-reported criticality, the existence of a known
      exploit, system criticality, and system exposure to risk. In each patch priority column, apply
      one of the following patch timeframes: Immediate, 7 days, 14 days, or 30 days. Use the
      following guidelines to assign timeframes. These are only guidelines – you may wish to make
      adjustments as necessary.

              High Criticality, High Priority           = Immediate
              High Criticality, Moderate Priority       = Immediate
              High Criticality, Low Priority            = 7 days
              Medium Criticality, High Priority         = Immediate
              Medium Criticality, Moderate Priority = 7 days
              Medium Criticality, Low Priority          = 14 days
              Low Criticality, High Priority            = 7 days
              Low Criticality, Moderate Priority        = 14 days
              Low Criticality, Low Priority             = 30 
Description: Info-Tech's bundle of The Top 50 IT Policies are valuable tools designed to help you bank your most precious asset – time. Their ready-to-use format means that you can download and edit these tools whenever you need them to suit your specific IT and business needs. Let us do the time-consuming work for you – take advantage of our ever-expanding collection of downloadable policies.
This document is also part of a package Top 50 IT Policies 50 Documents Included