Skip to main content

UK University - Policy on deployment of new OS?

  • April 2, 2026
  • 1 reply
  • 29 views
Jon P

Hi,

I work at a small creative arts UK University and our IT department has recently contracted a service provider to manage all our Mac devices via JAMF. I am being told that as a new security policy any new OS must be deployed via JAMF within 7 days and any Mac devices not updated will lose web browser functionality.

As a Faculty that uses a wide range of audio, video and graphics software on our Macs - often simultaneously on the same device- we have never previously adopted the latest OS for at least a couple of months until any major bug/conflict fixes from Apple and software providers have been implemented. We have also refrained from updating Mac devices whilst in use for art installations in exhibition or live events in rehearsal/performance - so as to ensure continuity of service over a period of weeks.

I am wondering how this is handled in other University or education institutions? Do other institutions reasonably manage security concerns through a policy of delaying the new OS for a time period but implementing all security updates on the old OS? Is there a ‘standard’ approach?

 

1 reply

PaulHazelden
Forum|alt.badge.img+13

If your security reasons are based on Cyber Essentials Plus, they give you 14 days grace on updates. But they also do allow for earlier supported OS versions to be used as well, that is down to your submission documents for inspection.The seven days time frame may be down to your contract with the outside agency. It is a lot simpler to manage if you know everything is running the same OSX version.
We run a lot of the same types of software as you, and currently have 98% of the fleet on OSX 26. I cant say 100% because we have a few old devices that are available for exhibitions and these will not run OSX 26.

My experience so far, is to not let the software developers sit back and dictate to us when to upgrade. We upgrade within 14 days of a release, some may lag behind by a minor version for a week or so extra, but we aim to have everything running on the same major release. I will normally manage this by spending a few hours on a Saturday morning when the college is closed to upgrade them all. If this means software gets left behind, then we complain to the developers to get it fixed. ALL software developers can pay to access Apple pre release versions, there is no reason why they cant be ready to go within 14 days. We pay for our own access to get developer versions of the OS before release, I will generally if I feel the need, grab a pre release version of OSX and install it on a test Mac and then test all of the Apps and drivers.

 

I am pretty hard line about keeping as up to date as possible, even if that means we drop Apps or drivers by the wayside along the way. My security team prefer it that way too. The teaching staff less so, but that is to be expected. I do try to warn them prior to any updates, but not always. I have forgotten to warn them and rolled out a major OSX upgrade and they did not notice I had done it.

As a UK University from a security stand point, it is a matter of “when” not “if “you or we will face a major network attack. At that point the blame game will start, and you really do not want the fingers pointing at you. Statements involving millions of pounds of cost, and months of downtime will be thrown about. Personally I would prefer those fingers to be pointing elsewhere.

    Terms & ConditionsCookie settingsAccessibility statement