patch management checklist for auditing a large indian bank for making a gap assessment report
1. Policy and Governance
2. Inventory Management
- Conduct a comprehensive review of all assets.
- Ensure all recent acquisitions are included.
- Verify that physical and virtual assets are documented.
- Update inventory records regularly to reflect changes.
- Identify key business functions and assess their importance.
- Classify systems into categories: critical, high, medium, low.
- Evaluate potential risks associated with each category.
- Document categorization criteria and review periodically.
- Record the software version numbers for all applications.
- Track current patch levels for operating systems and software.
- Implement automated tools to assist with version tracking.
- Ensure updates are reflected in the inventory promptly.
- Schedule periodic audits of the inventory.
- Use sampling techniques to assess accuracy.
- Document findings and discrepancies observed during audits.
- Implement corrective actions based on audit results.
- Establish a standardized procedure for asset acquisition.
- Assign responsible personnel for inventory updates.
- Ensure timely entry of new assets into the system.
- Train staff on the importance of accurate asset reporting.
- Identify and mark assets that are no longer in use.
- Establish a timeline for removing obsolete assets.
- Document the removal process for auditing purposes.
- Communicate the decommissioning process to relevant teams.
- Identify a suitable inventory management tool.
- Ensure all stakeholders have access to the system.
- Train staff on how to use and update the system.
- Conduct regular reviews of the system’s effectiveness.
- Compile a list of all third-party software utilized.
- Verify licensing and compliance for each application.
- Document version and patch information for third-party tools.
- Include third-party assets in regular inventory audits.
- Record the exact physical locations for each asset.
- Use a systematic naming convention for locations.
- Ensure the inventory is updated with any relocations.
- Conduct site visits to verify location accuracy.
- Designate an owner for each asset type.
- Document responsibilities associated with asset ownership.
- Review ownership assignments periodically for relevance.
- Communicate ownership changes promptly to stakeholders.
- Implement a change management process for assets.
- Use version control systems to track updates.
- Document changes in the inventory for accountability.
- Review change logs regularly for discrepancies.
- Map out dependencies between critical systems.
- Document potential impacts of patching on interrelated assets.
- Review dependency documentation before performing updates.
- Update dependency records as new assets are added.
- Establish criteria for determining patching needs.
- Regularly review inventory status for patch requirements.
- Document assessments and prioritizations.
- Align patching processes with inventory updates.
- Schedule regular backups of inventory data.
- Store backups in secure locations with restricted access.
- Implement encryption for sensitive inventory records.
- Review backup procedures and update as necessary.
- Evaluate existing IT service management tools for compatibility.
- Facilitate integration to streamline data flow.
- Train staff on using integrated systems effectively.
- Review integration outcomes to enhance visibility.
Use in Manifestly