During the server migration we've had some turbulence with respect to who should keep an eye on what and as a consequence some of our websites have gone unpatched (and there is at least one confirmed security incidence).
Historically this has had severe negative impact on a variety of our Wordpress sites, our Piwik installation, SSL certificates as well as our main Drupal site.
To ensure this does not happen again we should
a) Inventory all
* websites/servers we maintain
* components on these which may need monitoring for updates/patches
* ensure there is clear documented info for HOW these are updated patched
* ensure there is one person assigned with the main responsibility for keeping these up-to-date
b) For each component identified above. Ensure that drift@ is subscribed to the relevant feeds/lists for security announcements
c) Ensure that there is
* a schedule for regularly checking in to all of the identified components/websites/servers and updating them
* A protocol so that we can follow up on this having been done
* Time/budget set aside to ensure that this maintenance can be performed without competing for time with other responsibilities.