Software Patches And Risk Assessment

Software patches are issued periodically by virtually every (major) software producer on the planet

. From Microsoft to Apple; Adobe to Corel. Patching is required to fix faults, increase functionality and generally just iron out faults or correct things that could be better, never mind security! Patches in a regulated environment like a Pharmaceutical company must be treated with respect.

Technology comes with a high price to pay such as security risk. Hackers are everywhere to sabotage our system. Businesses allot extra funds to make sure that every record and transaction is secured. Patches, in either reactive or proactive state, enhance security and fix its vulnerability. They provide a new feature, fix a bug, or add documentations. Risk assessments are important before a patch is installed.

Reactive patches occur if there is a problem affecting the current system that needs immediate fixing. Hackers or "cyber terrorists" have learned to develop ways to penetrate the system and cripple businesses. The latest patch such as the one released by Microsoft is not a guarantee. Most probably, its compatibility has not been tested with all systems such as with your Delta V or LIMS. If this approach is not compatible in your current system, the risk would be losing performance, or it could do more damage such as losing production and the company's integrity. You are often worse off than before the patch application. Software validation is an important aspect of installing a new patch, your risk assessment should detail what level of revalidation is required with a new patch.

A series of documented test should be done before the actual application of the software patches. Let the test run for a few days. Minimizing the risk is always worth the procedure rather than being totally reliant and confident in the security system. Weigh the benefits of installing the patch to the business against the risk that it may cause. After conducting several tests and the installation is finally approved, apply it under change control while observing risk management procedures. There should be planned options presented for worse case scenarios to be able to go back to the original system.

Even in urgent situations, the safe and reliable application of patches should be accounted for. This is where change management would come in that includes roll-back plans and rational testing stages.The question is, where would the patch be applied first? Should it be in the production area first or in a smaller area that requires a patch? There is a greater chance that the applied changes will have negative consequences elsewhere on the system, which will lead to more complexities. If a fix can be identified from such investigation, and that fix involves applying one or more patches, then at least the change is minimized to just the patch or set of patches required to fix the problem. Apply the changes gradually in such a way that the process of installation is documented; options for roll-backs are stated so that the system can be restored to the pre-patch condition.

All procedures should require documentation of any patch installations. Secure a signed document for the approval of the change. A record or a log of the complete process would be relevant in future situations. This can be your proof of defense in case of future malfunctions that they might trace back to what have been done, or this can serve as your reference if you will encounter, improve, and apply more software patches in the future.

by: Graham O'Keeffe

POST COMMENT

Benefits of Payroll Software to Your Company How to Install Remote Access Software Software Localization Pros And Common Mistakes Live Long and Prosper with POS Retail Software Reduce Time And Investment With Recruitment Software Breathe Easy with Point of Sale Software Disorganized? Invest in POS Software What is POS Software? What Are the Benefits of Sales Software? What are the benefits of POS software? Choosing A Richly Designed Video Editing Software A Brief About Indian Offshore Software And Applications Development Companies Outsourcing Software Development Projects Saves Money!