System Maintenance Policy and Procedures | MA-1

System Maintenance Policy

MCC recognizes that system maintenance policies and procedures are vital to maintaining the confidentiality, integrity, and availability of information resources.

Purpose

The System Maintenance Policy and associated controls document the requirements to ensure that appropriate and timely maintenance is conducted to reduce the risks associated with unpatched resources.

Scope and Roles

This policy applies to information resources owned or managed by MCC. The intended audience includes the Cybersecurity Manager, Information Resource Owners, and Custodians.

Compliance

System Maintenance controls are implemented to ensure compliance with the Texas Department of Information Resources (DIR) Security Control Standards Catalog as required by Title 1 Texas Administrative Code §202.76.

Implementation

  • Information Resource Owners or their designees are responsible for documenting and disseminating procedures that address the System Maintenance family of controls for the information resources under their control. 
  • The Cybersecurity Manager of their designee is responsible for ensuring that this policy and supporting procedures are periodically reviewed and updated.
  • Information Resource Custodians are responsible for ensuring that information resources are under manufacturer warranty/support for security patches and timely security patching is performed. 
    • Security patches categorized as "Critical" or "High" by the vendor should be installed within the next maintenance window of 7 days of release, whichever is lesser.

Last updated: 5/13/2026

Contact Hours or Questions?

Information on Tech Support