Internal

Change & Patch Management Procedure

Document ID : Change & Patch Management Procedure ver 2

Created on : 29-12-2021

Prepared By : Shaik

Approved By : Soundarrajan

Change and Patch Management Procedure

Internal 2 of 4

1. Scope

Information Dynamics Change and Patch Management procedure applies to all individuals that

install, operate or maintain Information Resources as per Change Management policy and

Communication & Operational Management Policy.

2. Definitions / Acronyms

• PTR : Project Tracking and Reporting

• AM : Account Manager

• PM : Project Manager

• TM : Technical Manager

3. Inputs

• IT Helpdesk

• Change Request Form

• Audit Findings

• ISMS Steering Committee suggestions.

• Automated patch installation request through centralized server.

4. Entry Criteria

• Change initiated due to technological changes/requirements

• Change initiated due to Client Requirements

• Change initiated due to vulnerability

• Change initiated due to audit findings

• Change initiated due to Software Process Improvement Suggestions

• Request for installation is thrown automatically through centralized server

5. Tasks

5.1. Change Control

• Any change in the Network Architecture, Servers, and Desktop is initiated through

Change Request Form / Email / Change Management Process.

• A change control number is allotted to each change by Change coordinators.

• Approval for implementation is sought from IT Head.

• Business requirement for the change and its impact on other systems are be analyzed. By

IT Team in consultation with the respective AM/PM/IT Head

• In case, piloting of change request is necessary, it is conducted in actual operating

conditions.

• Pilot results are analyzed and a report is submitted concerned stakeholders for further

approval.

• Once the pilot report is analyzed then actual implementation of change is initiated.

• All affected groups/ departments are informed about the changes and its impact.

Change and Patch Management Procedure

Internal 3 of 4

• After successful implementation of changes, all results are documented for future

references.

Fig: Flow Chart: Change Management

Change and Patch Management Procedure

Internal 4 of 4

5.2. Patch Management

• All security, critical patches, service packs and other are directly downloaded at

centralized server WSUS and from there it pushed based groups to computer at

Information Dynamics.

• Patches are Approved on SSUS Server then downloaded it automatically to all

information systems and users are notified for further installation on PC. Patches are

installed automatically on user’s machines as it needs a re-boot of the system, system

prompts for restart new critical and security patches are pushed to user’s machine

automatically from the Patch Management server. Critical and Security patches are

installed on the servers automatically and then the servers are restarted by the system

administrator.

6. Review and Audits

• Implementation Report

• Change Request Log updated

• Impact Analysis

7. Outputs

• Impact Analysis Report

• Implementation Report

8. Summary

Tasks

Responsibility

Verification/ Validation

Mechanism

Approval authority

Initiate request for change

User

Periodic Review Meetings

--

Impact analysis

Department Heads

Periodic Review Meetings

--

Final approval

IT Head

Periodic Review Meetings

--

9. References

• Communications & Operations Management Policy