Proactive risk analysis and governance of upgrade process

摘要

An incompatible software level of an information technology infrastructure component is determined by comparing collected inventory information to a minimum recommended software level. If a knowledge base search finds that the incompatible software level is associated with a prior infrastructure outage event, an outage count score is determined for the incompatible software level by applying an outage rule to a historic count of outages caused by a similar incompatible software level, and combined with an average outage severity score assigned to the incompatible software level based on a level of severity of an actual historic failure of the component within a context of the infrastructure to generate a normalized historical affinity risk score. The normalized historical affinity risk score is provided for prioritizing the correction of the incompatible software level in the context of other normalized historical risk level scores of other determined incompatible software levels.