Patch Management. All workstations, laptops and other systems that process and/or store Department PHI or PI must have critical security patches applied, with system reboot if necessary. There must be a documented patch management process which determines installation timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 days of vendor release. Applications and systems that cannot be patched within this time frame due to significant operational reasons must have compensatory controls implemented to minimize risk until the patches can be installed. Applications and systems that cannot be patched must have compensatory controls implemented to minimize risk, where possible.
Appears in 11 contracts
Samples: Standard Agreement Agreement, legistarweb-production.s3.amazonaws.com, Standard Agreement
Patch Management. All workstations, laptops and other systems that process and/or store Department CDPH PHI or PI must have critical security patches applied, with system reboot if necessary. There must be a documented patch management process which determines installation timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 days of vendor release. Applications and systems that cannot be patched within this time frame due to significant operational reasons must have compensatory controls implemented to minimize risk until the patches can be installed. Applications and systems that cannot be patched must have compensatory controls implemented to minimize risk, where possible.
Appears in 4 contracts
Samples: Services Agreement, Standard Agreement, Standard Agreement
Patch Management. All workstations, laptops and other systems that process and/or store Department DBH PHI or PI must have all critical security patches applied, applied with system reboot if necessary. There must be a documented patch management process which determines installation timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 thirty (30) days of vendor release. Applications and systems that cannot be patched within this time frame due to significant operational reasons must have compensatory controls implemented to minimize risk until the patches can be installed. Applications Application and systems that cannot be patched must have compensatory controls implemented to minimize risk, where possible.
Appears in 3 contracts
Samples: sanbernardino.legistar.com, sanbernardino.legistar.com, ncjtc-static.fvtc.edu
Patch Management. All Any and all workstations, laptops and other systems that process and/or store Department PSEI or PHI or PI must have critical security patches applied, with system reboot capabilities, if necessary. There must be a documented patch management process which determines installation timeframe timeframes based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 thirty (30) days of after vendor release. Applications and systems that cannot be patched within this time frame the required timeframe due to significant operational reasons must have compensatory controls implemented to minimize risk until the patches can be installed. Applications Any and all applications and systems that cannot be patched must have compensatory controls implemented to minimize risk, where possible.
Appears in 3 contracts
Samples: Local Implementation Agreement, Local Implementation Agreement, Professional Services Agreement by And
Patch Management. All workstations, laptops and other systems that process and/or store Department Merced PHI or PI must have critical security patches applied, with system reboot if necessary. There must be a documented patch management process which determines installation timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 days of vendor release. Applications and systems that cannot be patched within this time frame due to significant operational reasons must have compensatory controls implemented to minimize risk until the patches can be installed. Applications and systems that cannot be patched must have compensatory controls implemented to minimize risk, where possible.
Appears in 1 contract
Samples: web2.co.merced.ca.us
Patch Management. All workstations, laptops and other systems that process and/or store Department CDPH PHI or PI must have critical security patches applied, with system reboot if necessary. There must be a documented patch management process which determines installation timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 thirty (30) days of vendor release. Applications and systems that cannot be patched within this time frame due to significant operational reasons must have compensatory controls implemented to minimize risk until the patches can be installed. Applications and systems that cannot be patched must have compensatory controls implemented to minimize risk, where possible.
Appears in 1 contract
Samples: Agreement
Patch Management. All workstations, laptops and other systems that process and/or store Department DBH PHI or PI must have critical security patches applied, applied with system reboot if necessary. There must be a documented patch management process which determines installation timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 thirty (30) days of vendor release. Applications and systems that cannot be patched within this time frame due to significant operational reasons must have compensatory controls implemented to minimize risk until the patches can be installed. Applications Application and systems that cannot be patched must have compensatory controls implemented to minimize risk, where possible.
Appears in 1 contract
Samples: s3.amazonaws.com