Professional Documents
Culture Documents
Patch Deployment Process
Patch Deployment Process
SUMMARY
The objective of this SOP is to make all the user computers to get latest patches and security
updates to avoid vulnerabilities and protect from virus, malware etc.
Scope :
This procedure will cover
1. Antivirus Patch management
2. Windows Patch Management
Procedure :
1. Antivirus Patch Management
a. The latest version of Antivirus will be installed on the computer
Note: - All the monthly patches must be deployed on all the all PCs across the organization regularly
Emergency Patch update process
3. PATCH TESTING
Before moving to the pilot phase, applicable set of security updates should be rolled out
to Pre-Pilot work stations using Patch Management tool. It is highly recommended that
workstations should be rebooted after security updates are applied and to get optimum
performance from the system.
4. RAISE CHANGE REQUEST FOR CAB CALL – PILOT & PRODUCTION (SEPARATE CRs)
Change request should be created within IT Service Management tool detailing about the
Security updates which will be rolled out to Pilot & Production Servers and workstation along with
the schedule and any impacts which this change has in terms of reboot, user interaction etc. The
respective Change ticket should be represented by Workplace services team to CAB and answer
any queries if CAB has.
5. COMMUNICATION
A communication should be rolled out to client stakeholders informing them about the
security bulletins which are applicable to environment along with the agreed scheduled.
6. PILOT DEPLOYMENT
Applicable set of security updates should be rolled out on Pilot PCs using Patch Management
tool. It is highly recommended that workstations should be rebooted after security updates are
applied and to get optimum performance from the system.
7. PRODUCTION DEPLOYMENT
Applicable set of security updates should be rolled out Production workstation using Patch
Management tool. It is highly recommended that workstation should be rebooted after security
updates are applied and to get optimum performance from the system.
8. MONITORING
Deployment of updates will be monitored using patch management tool (Desktop Central)
reporting feature to track the progress of security / Patch updates on weekly basis. This is one the
vital steps to keep the workstation environment compliant and vulnerability free.
1. Communication to IT Security, asking approval for the deployment of out of band patch.
2. Raise an emergency change request and ask for approval from CAB.
3. Deploy the patch on all the workstations (asap).
END