S 4.323 Synchronisation within patch and change management

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Change Manager, Administrator

Most government agencies and companies frequently change their IT infrastructures. The patch and change management process has to react to these changes. It is important to ensure that the respective patches and changes are installed promptly and, if possible, simultaneously to all IT systems concerned.

In case of mobile end devices and/or overloading of the used network, the IT systems may be unavailable during the distribution of hardware or software changes. For such cases, suitable mechanisms have to be implemented that make sure that the systems can only log in to the network after they received suitable updates. There are various tools that check if security programs and patches are up to date prior to accessing the productive network. If there are security deficiencies these tools deny access to the internal network. Usually, such tools are used to determine the software version of the systems and to then compile the software for the update. Depending on the type of the patch and change process, this software may be distributed and installed automatically or following release for the respective systems. Changes which require rebooting the system should be installed last or when the IT system is shut down. Depending on the technical process support and implementation, the updates may also be installed and the required restart is released separately later on.

Review questions:

• Does the patch and change management process react to changes in the IT infrastructure?