Vulnerabilities, updates, and patch management are handled according to the ISMS guidelines, ISO 27001, Annex A.12.6.1 (Management of Technical Vulnerabilities) and SOC 2 Common Controls CC 5.2-15 and CC 8.1-03. A policy document is available on request.

The updates contain enhancements, bug fixes, and new features. With each release, the customers get a notification, release notes, and updated documentation.

For the Cloud deployments, the Agent, and the server components (e.g., the Dashboard/backend, BI, etc.) are updated several times a month. The server components are maintained by Teramind and there is no downtime during the update process. If auto-update is enabled, the Agent is updated automatically and only takes a few minutes in the background.

For On-Premise and Private Cloud deployments, Teramind releases updated virtual machine (VM) images several times a year. The release notes for these can be found under the Platform Release Notes. The VM image contains the Agent and server components. The customer can download the VM image from the Self-Hosted Portal and update their instance via the Dashboard. It can take a few minutes to several hours depending on the complexity of the deployment. Agent updates can be done locally or remotely via SCCM / Group Policy / other remote deployment tools.

Server OS/package updates for On-Premise deployments can be applied via the VM console or through an SSH session. OS/package updates for Private Cloud (e.g., AWS, Azure, etc.) deployments can be done through the hosting providers portal.

The target for security event response time and trend is several hours*. The target maximum delay of critical security updates (releases) or other corrective measures is less than 1 workday*. Target max delay of implementation of corrective measures and information security controls is less than 5 workdays*.

*These are target times. The actual time may vary.