Common use of Patch Management Clause in Contracts

Patch Management. All workstations, laptops and other systems that process and/or store Department PHI or PI must have critical security patches applied, with system reboot if necessary. There must be a documented patch management process which determines installation timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 days of vendor release. Applications and systems that cannot be patched within this time frame due to significant operational reasons must have compensatory controls implemented to minimize risk until the patches can be installed. Applications and systems that cannot be patched must have compensatory controls implemented to minimize risk, where possible.

Patch Management. All workstations, laptops and other systems that process and/or store Department CDPH PHI or PI must have critical security patches applied, with system reboot if necessary. There must be a documented patch management process which determines installation timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 days of vendor release. Applications and systems that cannot be patched within this time frame due to significant operational reasons must have compensatory controls implemented to minimize risk until the patches can be installed. Applications and systems that cannot be patched must have compensatory controls implemented to minimize risk, where possible.

Patch Management. All workstations, laptops and other systems that process and/or store Department DBH PHI or PI must have all critical security patches applied, applied with system reboot if necessary. There must be a documented patch management process which determines installation timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 thirty (30) days of vendor release. Applications and systems that cannot be patched within this time frame due to significant operational reasons must have compensatory controls implemented to minimize risk until the patches can be installed. Applications Application and systems that cannot be patched must have compensatory controls implemented to minimize risk, where possible.

Patch Management. All Any and all workstations, laptops and other systems that process and/or store Department PSEI or PHI or PI must have critical security patches applied, with system reboot capabilities, if necessary. There must be a documented patch management process which determines installation timeframe timeframes based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 thirty (30) days of after vendor release. Applications and systems that cannot be patched within this time frame the required timeframe due to significant operational reasons must have compensatory controls implemented to minimize risk until the patches can be installed. Applications Any and all applications and systems that cannot be patched must have compensatory controls implemented to minimize risk, where possible.

Patch Management. All workstations, laptops and other systems that process and/or store Department Merced PHI or PI must have critical security patches applied, with system reboot if necessary. There must be a documented patch management process which determines installation timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 days of vendor release. Applications and systems that cannot be patched within this time frame due to significant operational reasons must have compensatory controls implemented to minimize risk until the patches can be installed. Applications and systems that cannot be patched must have compensatory controls implemented to minimize risk, where possible.

Patch Management. All workstations, laptops and other systems that process and/or store Department CDPH PHI or PI must have critical security patches applied, with system reboot if necessary. There must be a documented patch management process which determines installation timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 thirty (30) days of vendor release. Applications and systems that cannot be patched within this time frame due to significant operational reasons must have compensatory controls implemented to minimize risk until the patches can be installed. Applications and systems that cannot be patched must have compensatory controls implemented to minimize risk, where possible.

Patch Management. All workstations, laptops and other systems that process and/or store Department DBH PHI or PI must have critical security patches applied, applied with system reboot if necessary. There must be a documented patch management process which determines installation timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 thirty (30) days of vendor release. Applications and systems that cannot be patched within this time frame due to significant operational reasons must have compensatory controls implemented to minimize risk until the patches can be installed. Applications Application and systems that cannot be patched must have compensatory controls implemented to minimize risk, where possible.