Purpose:
The purpose of this policy is to establish minimum standards of expectations related to maintaining appropriate software versions, patches, and upgrades at Dyersburg State Community College as per TBR Guideline G-050.
Scope:
This policy applies to all enterprise information systems, software, and components. This would include, but not be limited to web systems, end-user applications, infrastructure and end-user information systems, and all other software and hardware not specifically noted.
Policy:
- Policy
Enterprise information systems and components used at DSCC should maintain appropriate and timely updates/patches/maintenance to ensure that systems, data, and personal identifiable information (PII) are adequately protected. - DSCC will adhere to TBR Guideline G-050 for priority and timing of Enterprise Information Systems Updates.
a. For ERP Quarterly updates, the following procedure will be followed:
i. The DSCC DBA will install the updates in a test instance and will notify functional areas impacted by the updates. An IssueTrak ticket will be started for the update and give the functional areas a deadline for completing testing.
ii. The functional areas will test the updates and indicate in the IssueTrak ticket when they have completed their testing of the update.
iii. The update will be installed after all approvals are obtained.
b. For Oracle CPU Updates, the OIR staff is responsible for installing these on the Banner servers in the hosted environment. DSCC will work with the other hosted institutions to test as needed by the OIR to ensure timely implementation.
c. Operating System Upgrades
i. Servers running the Windows server operating system will be patched at least monthly.
ii. Servers running other operating systems will be patched periodically as security vulnerabilities are announced.
iii. Operating system upgrades will be done when the OS is considered stable and is compatible with the necessary applications on that server.
d. Other software for Enterprise Information systems not mentioned above will be upgraded as needed to accommodate functionality and security.
Compliance:
DSCC will adhere to TBR Guideline G-050 for priority and timing of Enterprise Information Systems Updates. Any exceptions to the guideline in regards to version requirements for ERP Quarterly Updates and Oracle CPU Updates must be approved by the President and filed with the Chancellor and System CIO. Other exceptions may be approved by the Vice President for Technology. Any exception must be documented in detail and retained in the Vice President for Technology’s office.
Definitions:
Enterprise Information Systems – Information system which improves the functions of enterprise business processes by integration. For example, Banner and its underlying technology to include hardware and software.
Revision History:
Policy approved by Administrative Council on 10/31/14.