Patching target timelines

The following color scheme will be used to describe expected timelines for applying most operating system and application patches.  

  1. Red = Drop everything and address situation (e.g., patch) immediately.

  2. Orange = 24 hours or less

  3. Yellow = 1 week (default unless escalated by IT Security Office, CIO, or IT LT Director)

  4. Anything that needs to exceed a week is to be discussed with IT Security Office

Vendors and systems that provide patches on a schedule with frequency greater than monthly, e.g., Oracle, will have a schedule as agreed to by the unit involved and the Information Security office.

  • ITTC 36
  • (319) 273-5555
  • Service Hub