A Policy MUST be in place both for patching of corporate servers and rollout to all clients.
All software on the network must be patchable. An upgrade path for any unpatchable software still on the network must be indentified.
Major vendors and WARP alerts must be regularly monitored. Relevant software and service packs MUST be applied where practicable.