Project Quant: Patch Management Process Survey

 
Thank you for participating in the Project Quant patch management survey. The goal of this survey is to gain a better understanding of current real-world patch management processes. Future surveys will help us validate the processes and specific patch management metrics developed as part of the project. All questions are optional, but the more details you provide the more accurate the eventual model will be. All results will be made publicly available (email addresses and personally or corporate identifiable information will be kept confidential).
1. Please provide the following size information on your organization. This will help us map processes based on the scale of an organization (rough estimates are fine):
2. Additional organization information:
3. If you were provided with a Registration Code, please enter it here:
4. My organization's patch management process can be generally characterized as:
5. Using the following criteria, categorize the maturity of your patch management process for the specified areas:
Do not knowMature: well defined policies, workflow, and tools/resources.Policy Driven: relies on adherence to policies, lacking strict workflow or tools/resources.Tool Driven: relies strongly on tools and their workflow, but without defined policies.Informal: Lacking both policies and tools; an ad-hoc/as needed exercise.N/A: No formal or informal patching.
Workstation OS
Workstation Applications
Workstation Device Drivers and Firmware
General Use Server OS
General Use Server Applications
General Use Server Device Drivers and Firmware
Database Management Systems
Enterprise Application Servers (e.g. ERP, CRM, document management, other business applications)
Web Application Servers
Networking Hardware/Software (routers, switches, DHCP, DNS)
Infrastructure Applications (directories, security hardware/software, etc.)
6. Do you currently collect metrics for:
YesNoDo not know
Patch management effectiveness- how well the organization adheres to policies (e.g. % of systems in compliance or a similar metric):
Patch management efficiency- how well the organization deploys patches (e.g. time to patch):
7. We outsource patch management for the following:
Below is a sample patch management process for the next question
Image as described above
8. The following is a list of potential steps in a patch management process (see the diagram above). Please let us know which steps you use in your process, and in the comments field you can describe your process if it's different, or any other steps you use. Since your goal is to understand real-world processes, please only check steps you know match, and use the comments for where you are different.
9. If you are willing to be interviewed to determine the resources you dedicate for patch management, please give us your email address for follow up:
10. We use the following sources and methods to know when patches are released:
11. When a patch is released, the following roles/teams are involved in evaluating the patch for possible deployment:
12. Please rank how the following factors help determine a patch priority (rank in order, with 1 being the most important):
13. How are patches and/or deployment packages tested before deployment?
14. Please describe which kinds of tools you use for which kinds of systems:
Third party, cross platform patch management toolThird party, single platform patch management toolVendor/product feature of our software (e.g. built-in autoupdate mechanism)Vendor/product patch management tool for specific products (e.g. an external patch management tool for the product by the same vendor)
Workstation OS
Workstation Applications
Workstation Device Drivers and Firmware
General Use Server OS
General Use Server Applications
General Use Server Device Drivers and Firmware
Database Management Systems
Enterprise Application Servers (e.g. ERP, CRM, document management, other business applications)
Web Application Servers
Networking Hardware/Software (routers, switches, DHCP, DNS)
Infrastructure Applications (directories, security hardware/software, etc.)
15. Our patch management tool(s) cover the following platforms:
16. We validate successful patch deployment via:
17. How often do you validate registration of IT assets in the patch management tool? (Number of days, or fraction thereof)
18. We formally document configuration changes
19. Are patches managed by inclusion or exclusion?
20. Do you:
YesNo
Have a formal change control process that authorizes patches to be released and schedules the release?
Have a defined, recurring "patch window"?
Have a defined, recurring "reboot window"?
Patch during business hours in general?
Patch during business hours based on technology type?
Force reboots after patching or...?
... allow administrators or users to reboot on their own?
Vary reboot requirements by technology type?
Report patch compliance as a metric?
21. If you would like us to contact you for a more-detailed interview, please provide your email address:
Powered by SurveyMonkey
Check out our sample surveys and create your own now!