Non-security updates: “Ongoing maintenance” for CiviCRM

Written By Allen Shaw

Yesterday we talked about keeping up with security updates for your CiviCRM site.

But you'll also need to think about non-security updates.

What it is:

Your CiviCRM site depends on a number of components working together in harmony: the CMS (usually Drupal or WordPress) with its plugins or modules, and CiviCRM with its extensions.

These are all separate software packages, provided by a variety of development teams. And each of them will periodically release new versions that provide bug fixes or feature improvements.

Sometimes you’ll want those, and sometimes you won’t.

But either way, somebody will have to be in charge of applying them, and of deciding whether and when to do so.

Who can do it:

As with security updates, you can probably do this in-house.

And I generally recommend that you do. Here's why:

Any upgrade has the potential to create surprises — features that work differently, or even changes that break some behavior specific to your site — and because these non-security updates are discretionary, it's important for you as a site owner to make an informed decision about any such update.

And, because those decisions are unique to your organization and your site configuration, you're not very likely to find an external service provider who will "just do it" for you without your ongoing input.

It's a lot like the job of maintaining your own house: fixing a loose doorknob is something you could call in a specialist for; but once you know how to do it, it's faster and easier to fix it yourself.

And regardless of who actually fixes the doorknob, it must be you, as the owner, who decides on getting it done.

Getting help:

Fortunately, you’re not entirely on your own here.

You can get some very good training and/or coaching to help you make these decisions. You might need a lot of guidance in the beginning, but you will soon become familiar with the process and be in a position to make good solid decisions without outside help.

In summary:

  • The owner of any CiviCRM site has to be closely involved in deciding on non-security updates.

  • This kind of thing needs your attention at least every couple of months.

  • Once you get the hang of it, it’s typically quicker and easier to handle this in-house than to hand it off to a specialist.

  • Coaching and training can help you to get familiar with this part of maintaining your site.

Tune in tomorrow for a brief look at ongoing configuration management and why it’s usually best to handle this in-house.

All the best,
A.

Allen Shaw
Previous

“Outsource” vs. “in-house”: a framework
Next

"Ongoing maintenance" for CiviCRM: Website security updates