I came across the following resource today and I believe you’ll find useful in understanding our approach to patching, patch Tuesday, and software updates overall. Please share this with the people in your organization responsible for security updates.
This Guide was designed to help IT professionals better understand and use Microsoft security release information, processes, communications, and tools. Our goal is to help IT professionals manage organizational risk and develop a repeatable, effective deployment mechanism for security updates. In this Guide, you will find a convenient glossary of terms, an overview of the Microsoft Security Bulletin process, and a stage-by-stage review of Microsoft Security Updates. The Guide is organized according to the following stages of the security update process: Stage 1, Receive Microsoft Security Release Communications; Stage 2, Evaluate Risk; Stage 3, Evaluate Mitigation; Stage 4, Standard or Urgent Update Deployment Timeline; Stage 5, Monitor Systems, and; Ongoing Stage, Watch. Each section outlines the purpose and objective for that stage, as well as the expected target outcomes upon that stage’s completion.
You can download this guide HERE. At a minimum, please be sure you sign up to receive Security Release Communications!