PeopleSoft Middleware Security Update Policy Documentation
INFORMATION SECURITY PROGRAM - STUDENT INFORMATION SYSTEMS (SIS) - PEOPLESOFT MIDDLEWARE SECURITY UPDATE POLICY
Purpose and Scope:
The University of Wisconsin-Platteville maintains both paper records and computer information systems to carry out its educational mission. Federal and State laws and regulations govern access to these records. The University establishes local policies and procedures to ensure compliance with these laws and regulations and to protect the integrity of University records and the privacy of individuals. The following policy statements are applicable to all areas of the University and must be observed by all persons dealing with such information, including all University employees and students, as well as other individuals or entities that share University information for business purposes.
Policy and Principles:
The University's systems are the property of the University of Wisconsin-Platteville and maintained to security levels based upon the following guidelines
Middleware systems are updated quarterly (January, April, July, October) according to Oracle Critical Patch Updates (CPU) These updates include security updates and bug fixes to resolve security risks to our systems.
Responsibilities and Tasks:
The Information Technology Services(ITS) - Student Information Systems(SIS) Team is responsible for managing, updating, and safeguarding of PeopleSoft Middleware systems.
Staff with administrative access and knowledge of the systems perform these maintenance tasks. Specific tasks are as follows:
- ITS SIS Team receives emails quarterly (January, April, July, October) from Oracle related to Critical Patch Updates (CPU)
- Oracle Critical Patch Updates (CPU) are downloaded from Oracle the same day they are released
- Oracle documentation is reviewed pertaining to possible security issues within our Middleware software and proper order to apply the patch updates
- Communications are sent by our Information Technology Systems (ITS) Communications Team to impacted individuals prior to taking our development, testing and quality assurance environments offline and applying updates
- Security updates are applied in our development, test, and quality assurance environments the following Thursday after we receive the Oracle CPU emails.
- Communications are sent by our Information Technology Systems (ITS) Communications Team to impacted individuals prior to taking our production environment offline and applying updates.
- Our production environment is updated the following Friday after the development, test, and quality assurance environments have been applied. Updates to production are applied during an approved outage schedule. (5:00PM - 9:00PM)
Management:
We attempt to apply every patch and update in a timely manner. If the ITS SIS Team has to delay or skip a CPU , the reason is documented and reviewed by the Information Technology Service Chief Information Officer(CIO).
Middleware updates are tracked within our internal change tracking tool. A Service Request is created to track and manage the Oracle Critical Patch Updates.
Need help?
If you have questions, please contact the ITS Help Desk at 608.342.1400 or helpdesk@uwplatt.edu. You may also visit the Help Desk on the first floor of the Karrmann Library.