VUMC IT Hosting Services conducts regular, scheduled maintenance on all VUMC IT-managed servers. This includes patches for security, operating systems, databases, and Java.
There are planned production maintenance windows each month for:
- Clinical Applications - Epic and other Epic-dependent critical applications.
- Non-Clinical Applications - Non-Epic dependent and other applications – administrative, financial, research, etc.
- Non-production environments - Development and testing environments for new applications, equipment, etc.
For Oracle-based systems, Oracle Corp. releases patches (CPUs) on a quarterly basis (This also includes Weblogic (WL), Java Server patching, and Oracle databases).
Application owners receive communications prior to each maintenance date for both Production and Non-Production systems through the Pegasus Change Management system.
Additional patching dates might include those for special business requirements and vendor-driven requirements.
Exceptions are granted in rare cases. Application owners must first submit a Pegasus Ticket for an Exemption Request to Enterprise Cybersecurity. This request will go through a review and approval process that includes the VUMC CISO and Corporate Chief of Staff.
How can I get it?
- All VUMC IT-managed computing resources are included in the planned production maintenance windows.
- All non-VUMC IT-managed computing resources must adhere to VUMC Policy on Security Patch Management Compliance.