This is a dedicated watch page for a single video.
An IS auditor identifies several critical systems that have not been patched due to concerns that the updates may disrupt operations. No formal risk assessment or documented exception exists. What is the MOST important recommendation?