³ÉÈËÊÓƵ

Skip to main content
Site navigation
University Policies and Procedures

Policy 7:11 - Updating and Patching Operating Systems

Policy Contact: Division of Technology and Security

  1. Purpose

    This policy and its procedures define the Division of Technology and Security’s requirements for maintaining up-to-date operating system security patches on all University owned and managed devices, workstations and servers.

  2. Policy
     
    1. Devices, workstations and servers owned or managed by the University must have up-to-date operating system security patches installed to protect against known vulnerabilities. This includes all laptops, desktops, and servers owned and managed by the University.
       
    2. Privately owned information technology devices that are connected to the University’s network are also subject to this policy, and individuals using these devices are responsible for ensuring the devices have up-to-date operating system security patches installed.
       
  3. Procedures
     
    1. Devices, Workstations and Servers
      1. The University publishes security patches on a monthly basis after approval from the Division of Technology and Security. Security patches and updates are distributed to University owned devices, workstations, including laptops and desktops, and servers.
      2. End users must make sure that all published security patches are installed for each device, workstation or server they operate for the operating system, browsers, network client, and software.
      3. Users without a designated Computer Support Specialist should contact the University Support Desk for assistance or training and are responsible to maintain their designated device, workstation or server.
      4. Owners of non-University owned devices will be responsible for applying patches to personally owned devices connecting to the University information technology system.
         
    2. Software Updates
      1. The Computer Support Specialist, or other designated departmental computer support personnel, shall install software security updates and patches as they become available.

  4. Responsible Administrator

    The Vice President for Technology & Security, or designee, is responsible for the annual and ad hoc review of this policy and its procedures. The University President is responsible for formal policy approval.

Approved by President 09/28/2017. Revised 01/31/2024 (clerical).

Sources: SDBOR Policies and