This document outlines the procedure within PAS for the assessment and deployment of Microsoft patches and updates, as well as signature definition updates for ESET antivirus..


Microsoft Patches

‘Patch Tuesday’ is the second Tuesday of each month, on which Microsoft regularly releases security patches. The Network Manager is responsible for patching all Microsoft products within one month of the patch being released.

Personal Audit Systems Ltd use WSUS (Windows Server Update Service) to deploy patches to their server infrastructure. Patches should be tested and deployed based on the schedule below:


Severity Rating

Definition

Critical

Patch testing should begin immediately after released and deployed company-wide starting on Friday night and finished no later than Sunday morning

Important

Patch testing should begin no later than Friday after the patch has been released and deployed company-wide on the following Wednesday after 10:00pm.

Moderate

Patch testing should begin within two business weeks after the patch has been released and deployed company-wide on the following Wednesday after 10:00pm.

Low

Patch testing should begin within three business weeks after the patch has been released and deployed company-wide on the following Wednesday after 10:00pm.

Should there be any 'out of schedule' updates issued by Microsoft, these will be treated as Critical. 


Impact Durations

Any patches found with compatibility issues will need to be reviewed by both the Network Manager and the Technical Director before they can be exempt from being deployed.

If it is found that the risk is too high to exempt the patch, the Development team will need to plan to resolve the compatibility issue within one month of the initial findings.

A workaround may be implemented as long as it does not impact security compliance.


Hosted Server Patch Deployment

Deployment of patches to the hosted environment will, by default, only be applied during the planned maintenance windows and against the defined schedule. Should the Network Manager deem that a critical patch needs to be applied to the hosted environment outside of this schedule, this will be escalated to the Technical Director.


Antivirus Updates

The ESET antivirus system is set to automatically apply new signatures as soon as they are made available.


Non-Microsoft Products

Below is a list of the approved non-Microsoft software products that are installed on our infrastructure. All products are regularly monitored, and all patches and updates are tested and applied to all machines.

Please note, this list will not include various 3rd party products often integrated with the OS, things like manufacturer software (Dell, AMD, HP & Microsoft) etc and certain drivers needed, within fair reason will not be listed. 

  • Adobe Acrobat Reader DC
  • Authy
  • BitWarden
  • Brave
  • Epson Scan 
  • ESET Endpoint Antivirus 
  • ESET Remote Administration Agent 
  • Google Chrome
  • Lightshot 
  • LogMeIn GoToAssist 
  • LogMeIn GoToMeeting
  • Microsoft Edge 
  • Microsoft Office 365 
  • Microsoft One Drive
  • Microsoft Visual FoxPro
  • Microsoft Visual Studio 
  • Mozilla Firefox 
  • Notepad++ 
  • P11D Organiser  
  • Paint.Net 
  • Sage Payroll 
  • VMWare Enhanced Authentication Plugin 
  • VMWare Plug in service 
  • VMWare Remote Console 
  • Zoom