END-03: Software Updates
Objective
Reduce vulnerability exposure through timely patching.
Description
Operating systems and applications are kept up to date with security patches. Critical security updates are applied within 7 days. Patch status is monitored.
Implementation Details
Automatic Updates: MDM policy enables automatic macOS security updates. Users cannot disable.
Patch Schedule: Critical security patches applied within 7 days. Other updates within 30 days.
Application Updates: Homebrew or automatic updaters for development tools. Security-critical apps (browsers) auto-update.
Monitoring: MDM dashboard shows OS version for all devices. Outdated devices flagged and users notified.
Examples
- 95% of employee Macs on latest macOS version within 30 days of release
- Critical macOS security update deployed to all devices within 5 days
- Chrome browser automatically updates to latest version within 24 hours
- MDM report shows zero devices more than 60 days behind on patches
Audit Evidence
- MDM update policy configuration
- Device OS version report
- Patch deployment timeline for recent critical updates
- Update compliance dashboard
Framework Mapping
SOC 2
- CC7.1 ^[Timely patching detects and mitigates processing errors and security vulnerabilities]
- CC8.1 ^[Patch management process implements changes to mitigate vulnerabilities within defined SLAs]
GDPR
- Article 32 ^[Regular security updates and patch management ensure ongoing security of processing systems]
Referenced By
This section is automatically generated by make generate-backlinks. Do not edit manually.
Standards:
Processes:
Policies: