Public Policies
      Back to home
      1. Support@Salute
      2. Policies and Procedures
      3. Public Policies

      Patch Management

      When a vulnerability is found after the release of software or systems used by Salute, or of Salute's application itself, a patch can be used to fix it.

      Overview

      Patch management is important for the following key reasons:

      • Security: Patch management fixes vulnerabilities on Salute software and applications that are susceptible to cyber-attacks, helping reduce its security risk. 
      • System uptime: Patch management ensures applications are kept up-to-date and run smoothly, supporting system uptime.  
      • Compliance: With the continued rise in cyber-attacks, regulatory bodies and client agreements require Salute to maintain a certain level of compliance. Patch management is a necessary piece of adhering to these standards.  
      • Feature improvements: Patch management can go beyond software bug fixes to also include feature/functionality updates. Patches can be critical to ensuring that we have the latest and greatest that each supporting product has to offer. 

      Patch Management Process

      Patch management critical to maintaining a secure environment. 

      Steps include:

      1. Maintain an up-to-date inventory of all your production systems: Monthly review of assets and systems to ensure an up to date list of systems along with their geographic locations and organizational owners. 
      2. Standardizing systems and operating systems to the same version type: Where possible, Salute must standardize asset inventory to make patching faster and more efficient. This will accelerate the remediation process as new patches are released.
      3. Track security controls: Maintain list of our firewalls, antivirus, and vulnerability management tools, and ensure they are updated with latest version.
      4. Compare reported vulnerabilities against your inventory: Using your vulnerability management tool to assess which vulnerabilities exist for which assets in your ecosystem is going to help you understand your security risk as an organization. 
      5. Classify the risk: For any vulnerability that is found or suspected, Salute must classify risk as critical or non-critical to determine priority of implementing patch

      For Critical Risks- ISO must follow the Incident Response guidelines to ensure minimal impact to Salute operations.