Sarah is the CIO for a small company. The company uses several custom applications that have complicated interactions with the host operating system. She is concerned about ensuring that systems on her network are all properly patched. What is the best approach in her environment?

The correct answer is to first test patches. It is always possible that a patch might cause issues for one or more current applications. This is particularly a concern with applications that have a lot of interaction with the host operating system. An operating system patch can prevent the application from executing properly. But as soon as the patches are tested, a phased rollout to the company should begin. Automatic patching is not recommended in corporate environments because a patch could possibly interfere with one or more applications thus, a managed patch deployment process is implemented that requires more administrative time but avoids outages due to patches with issues in an organization’s specific environment. Having individual users patch their own machines is a bad idea and will lead to inconsistent patching and the application of untested patches. Delegating patch management to managers instead of IT staff can lead to problems, too, due to varying skillsets and practices.