Having a grouping of computers brings forth a certain level of responsibility. With computers that are used for professional purposes, there is an assumption that the data contained on those systems is critical to the business, in both up time for active production and for the storage of corporate data that can contain sensitive, even secret company information. This data must be protected by security policies that take into account the most likely venues for outside parties to use to get inside the computers and gain access to the data stored within. A security policy will cover specifications on how each computer is built, regulations on how openings are handles in the firewall configuration, mandatory use on antivirus software.
Focus will also be placed on a no exceptions patch management process. The more solid the patch management process, the less likely a machine will be operating outdated software and be left with a gaping and unacceptable vulnerability. The patch management process in use should clearly lay out your intended update frequency and method for obtaining software patches. This may entail a requirement for end users to seek out and install patches by themselves as a manual process, or the use of an automated method. It would be expected that an automated patch management process would exist in most cases, as any for of manual maintenance is a practical guarantee to be overlook, as people simply are more likely to forget to execute a patch management process than a scheduled computer task is. A patch management process depends on regular execution to update a computer, as security holes are discovered every day and the critical ones are fixed on monthly basis for most applications. Slip behind a couple months and your patch management process has basically failed. Regular, consistent updates are key to a great patch management process.