Internal
Change & Patch Management Procedure
Document ID : Change & Patch Management Procedure ver 2
Created on : 29-12-2021
Prepared By : Shaik
Approved By : Soundarrajan
Change and Patch Management Procedure
Internal 2 of 4
1. Scope
Information Dynamics Change and Patch Management procedure applies to all individuals that
install, operate or maintain Information Resources as per Change Management policy and
Communication & Operational Management Policy.
2. Definitions / Acronyms
PTR : Project Tracking and Reporting
AM : Account Manager
PM : Project Manager
TM : Technical Manager
3. Inputs
IT Helpdesk
Change Request Form
Audit Findings
ISMS Steering Committee suggestions.
Automated patch installation request through centralized server.
4. Entry Criteria
Change initiated due to technological changes/requirements
Change initiated due to Client Requirements
Change initiated due to vulnerability
Change initiated due to audit findings
Change initiated due to Software Process Improvement Suggestions
Request for installation is thrown automatically through centralized server
5. Tasks
5.1. Change Control
Any change in the Network Architecture, Servers, and Desktop is initiated through
Change Request Form / Email / Change Management Process.
A change control number is allotted to each change by Change coordinators.
Approval for implementation is sought from IT Head.
Business requirement for the change and its impact on other systems are be analyzed. By
IT Team in consultation with the respective AM/PM/IT Head
In case, piloting of change request is necessary, it is conducted in actual operating
conditions.
Pilot results are analyzed and a report is submitted concerned stakeholders for further
approval.
Once the pilot report is analyzed then actual implementation of change is initiated.
All affected groups/ departments are informed about the changes and its impact.
Change and Patch Management Procedure
Internal 3 of 4
After successful implementation of changes, all results are documented for future
references.
Fig: Flow Chart: Change Management
Change and Patch Management Procedure
Internal 4 of 4
5.2. Patch Management
All security, critical patches, service packs and other are directly downloaded at
centralized server WSUS and from there it pushed based groups to computer at
Information Dynamics.
Patches are Approved on SSUS Server then downloaded it automatically to all
information systems and users are notified for further installation on PC. Patches are
installed automatically on user’s machines as it needs a re-boot of the system, system
prompts for restart new critical and security patches are pushed to user’s machine
automatically from the Patch Management server. Critical and Security patches are
installed on the servers automatically and then the servers are restarted by the system
administrator.
6. Review and Audits
Implementation Report
Change Request Log updated
Impact Analysis
7. Outputs
Impact Analysis Report
Implementation Report
8. Summary
Tasks
Responsibility
Verification/ Validation
Mechanism
Approval authority
Initiate request for change
User
Periodic Review Meetings
--
Impact analysis
Department Heads
Periodic Review Meetings
--
Final approval
IT Head
Periodic Review Meetings
--
9. References
Communications & Operations Management Policy