IT & InfrastructureIntermediate 3 to 4 hours

Patch Management Schedule and Policy

Design a patch management schedule that balances security urgency with operational risk.

The Scenario

A SA financial services firm has been deploying Windows updates manually and inconsistently. Some endpoints are months behind on critical patches; other patches were rolled out and broke a key line-of-business application. The CIO wants a documented patch management policy and schedule.

The Brief

Produce a patch management policy and operational schedule. Cover OS patches, application patches, and firmware. Address the trade-off between speed (security) and stability (avoiding breakage).

Deliverables

  • A patch policy document covering: severity tiers (Emergency, Critical, Standard, Optional), the SLA for each tier, the testing requirement, and the rollback criteria
  • An operational schedule showing the monthly cycle: patch release day, test ring, pilot ring, production rings, and the exception process
  • A communications template covering pre-patch user notifications and post-patch confirmation messaging
  • A short risk-and-exception section listing the criteria for delaying a patch and who must approve the exception

Submission Guidance

No patch policy survives the first time a patch breaks the ERP. Build the policy with that day in mind: a defensible rollback path, a fast exception route, and a clear test ring before production.

Submit Your Work

Your submission is graded against the rubric on the right. If you pass, you get a public Badge URL you can share on LinkedIn. There is no draft save, so work offline first and paste your finished response here.

This appears on your public Badge.

We'll email you the permanent link to your Badge so you never lose it. Not shown publicly.

0/20000 charactersMarkdown supported

One per line or comma separated. Up to 5 links.

Loading security check...

By submitting, you agree your submission text, name, and evaluation will appear on a public Badge URL.