Watch this video on YouTube
You are the Information Security Manager of HDA Inc. You discover, through an internal audit, that critical patches were not implemented within the policy-established timeline without a valid reason. What is the most appropriate action to take?