SYSTEM PATCHING

Effective: August 15, 2024

Purpose: All software requires regular maintenance to maintain its optimal function, availability, and security.

As Emporia State University is committed to protecting the information with which it is entrusted, this policy will help contribute to the overall security posture.

Scope: The scope of this policy encompasses all wired and wireless hardware devices and all installed software connecting to the University network.

Responsible Office: Information Technology

Policy Statement: Information Technology (IT) will monitor vendor’s websites as well as other resources for information about updates to all University owned or controlled systems and applications.

Patches will be distributed and applied per the System Patching Guidelines and Standards.

IT will periodically perform a vulnerability scan on the systems attached to the network. Systems not having the proper patch level will be reported to the Information Security Officer (ISO) for further action.

Owners will be responsible for applying system patches to personally owned devices connecting to the ESU network.

The ISO is responsible for monitoring and reporting compliance with this policy and for reviewing this policy on an annual basis.

All wired and wireless devices connecting to the ESU network must be updated with vendor provided patches.

The President or designee must approve any exceptions to this policy.

Definitions: All words and phrases shall be interpreted utilizing their plain meanings unless otherwise defined in another University or Board of Regents policy or by statute or regulation.

Procedures: All procedures linked and related to the policies above shall have the full force and effect of policy if said procedures have first been properly approved by the University’s administrator in charge of Information Technology.

[Information Technology procedures - coming soon]

Related Policy Information: [coming soon]