Skip to main content

Reading is great. Tracking makes it stick. Sign up for a free Dashboard to tick off tasks and see your Security Score.

Get my free Dashboard →
UpdatesMedium priority

Establish a patch management process for your business

Create a documented process to ensure all business devices and software are patched within 14 days of a critical update being released.

Why this matters

The Cyber Essentials standard requires critical and high severity patches to be applied within 14 days. A documented process makes this repeatable and auditable.

How to do it

  1. List all software and operating systems used in your business
  2. Assign someone responsibility for monitoring vendor security bulletins
  3. Define a policy: critical patches applied within 14 days, others within 30
  4. Use Windows Update for Business or a patch management tool for scale
  5. Review the patch status monthly and document it

Need a more detailed walkthrough?

Our step-by-step guide explains each action in full detail, with confirmation steps and related tasks.

View full step-by-step guide →

Cyber Essentials framework

This task falls under the Updatescontrol, one of five areas assessed in the UK's Cyber Essentials scheme. Completing it counts toward your Cyber Essentials alignment. Create a free account to track your progress across all five areas.

Track your security score for free

Create a free Cyber Nova AI account to tick off tasks like this one, see your Security Score, and stay on top of what you've done and what's still to do.

Start your free security check