"Since 2001, Pasadena Service Federal Credit Union has trusted Btech with many of our IT security needs.  In addition to their technical support, we use their patch management, vulnerability assessment, and EVault data backup services.  These services have been more than satisfactory at meeting compliance regulations and providing the information we need to properly secure our network.  They also worked with our staff on the implementation of our VMware Virtualization.  It was a smooth and easy process thanks to their help.  Btech is a great vendor and I would recommend their services to any credit union."


Ken LandisCEO
Pasadena Service FCU
July 9, 2013 

What the FFIEC, PCI, and NCUA all say about Patch Management

Based on our observance, 2013 should be labeled as "the year of patch management." We have seen a significant increase by credit unions in the discussion and adoption of patch management systems to follow the guidelines created by the FFIECPCI, and NCUA.


Patch management is a key requirement in protecting systems from attacks by ensuring that software is repaired and void of known vulnerabilities - vulnerabilities being the primary target of most attacks.


If you follow the guidelines set forth by these key regulatory bodies regarding patch management, you will see some very clear goals and objectives:


"...effective patch management programs include specific information on monitoring software vulnerabilities and identifying patches." - NCUA


"...obtain the patch from a known, trusted source." - FFIEC


"All critical systems must have the most recently released, appropriate software patches to protect against exploitation and compromise of cardholder data by malicious individuals and malicious software" - PCI


Manually installing the latest software patches on systems is no longer an accepted practice, and definitely not in compliance with the above-mentioned guidelines. Audits will focus on the process to verify that the patch management solution:

  1. Includes detailed reports on each system and its patch status.
  2. Verifies that the patch came from a trusted source.
  3. Identifies when the patches were installed.
  4. Allows the ability to remove a patch if its installation causes problems with key applications.
  5. Allows the ability to mark or label patches that were not installed.
  6. Is done on a regularly scheduled, frequent basis.

Btech offers an affordable patch management solution that accomplishes all of these goals. With our managed patch management service, there is no hardware or software to buy. A senior Btech engineer ensures that patches for all tier-1 applications are deployed on a bi-monthly basis, with detailed "pre" and "post deployment reports created and provided to our clients validating the patch process.



For more information, or a free demonstration of how our managed patch management service works, please contact me at 626-397-1045 or [email protected].  


Lee Bird President

Lee Bird
221 E. Walnut St. Suite 138
Pasadena, CA 91101