At Weston, we’ve always known that you should keep your system patched and fully up-to-date. This is especially important in regulated HIPAA environments. The HIPAA Security Rule requires that you protect patient information with system patches and updates (which do not exist for Windows XP) with NIST going into more detail. At the same time, you do not want a Windows patch to bring down your entire operation because of a compatibility issue with your EMR Software or other critical software to your operation. What’s the best approach?
Weston offers managed patching services (included with CompleteCare and Essentials contracts for covered machines) with the hopes to minimize problems and keep your systems safe. While we know the value of patching, we also know that patching can be hazardous to the health of your office productivity. Some applications work better with patches than others, and the last thing you need is your office productivity brought to a standstill because of a Windows patch.
This is why we follow a bit more managed and predictable of an approach. Here’s our general process on patching a network environment (we do this with our own systems as well):
- Patches for Windows operating systems are (for the most part, but there are obviously exceptions) released on what is referred to Patch Tuesday. Prior to and after Patch Tuesday, we look into the patches released and do some preliminary research to see what the patch applies to and if there are any obvious side-effects. We’ll also check if additional steps or reboots that will need to be done after the patch gets installed. We also check to see if there are any patches that are going to conflict with a particular environment.
- After that research, use our own systems as guinea pigs. Before rolling out to any of our client networks, we test the patches on our own set of test machines as well as our production machines and make sure things work properly. After we verify things work with our systems, we’ll go through and approve the patches on our centralized tools for test deployment at a client site.
- Before anything gets installed anywhere, we work with you to designate machines in your organization that we can use as “Test” machines. If you have multiple locations, we can actually test a computer or two at each location. Those are the machines that will get the patches before anybody else in the office. We push out these patches overnight to those systems on a schedule you determine.
- We’ll leave those newly-patched machines in production to ensure compatibility with third-party applications and to make sure there are no issues. After we verify and get approval that things are working properly on the test systems, we will roll out the patches to the rest of the environment.
- We also run patch compliance reports and monitoring on a scheduled basis on the systems we monitor so that we can make sure that all the systems are receiving the patches properly.
We know that downtime in your technology can have a large financial impact on your company’s bottom line. That is why we follow this methodical approach to system patching.
Interested in hearing more about our managed Windows patching and how it can save you and your IT department a bunch of headaches? Contact Weston today!