Patch Management Policy

The Patch Management Policy uses a structured process of testing, documentation, implementation, validation, and tracking to manage the installation of patches. It applies to all assets owned by Netspective Communications LLC, including devices, employees, contractors, and temporary workers, regardless of location. [FII-SCF-027-VPM-01.1]

Procedure Invocation

Procedure must be followed whenever there is:

Task	Description
New Update/Patch	Prior to applying new update/patch the system inventory must be checked in order to verify if the update/patch is relevant to any of the information resources and they are tested for any harmful effect on Netspective Communications LLC Information Systems in test environment before installing it live environment.
Security Audit	If in the security audit a missing update/patch has been identified, it’s necessary to apply the missing updates/patch on Netspective Communications LLC Information System.

Responsibilities

Each role involved in this procedure should have main responsibilities as follows:

Role	Responsibilities
Department Management	Is accountable for ensuring that the “Patch Management Procedure” is properly communicated and understood within its respective Netspective Communications LLC directorates. - Is responsible for defining, approving, and implementing the “Patch Management Procedure” in entire Netspective Communications LLC Information Systems environment.
Information Security Department	The Information Security Officer is responsible for ensuring the development, implementation, and maintenance of the “Patch Management Procedure” in Netspective Communications LLC
Asset Owner	Submitting new update/patch requests for approval using Netspective Communications LLC approved procedures and tools. - Ensuring proper testing has been performed and documentation has been developed prior to changes implementation to the production environment.
Information Technology Department	Evaluate the new patch in terms of priority, importance, and necessity and provide the specific reasons for acceptance or rejection. Perform all the necessary Testing in test environment before releasing it to live environment (functional, security, etc.) Implement the required/approved patches. - Maintain a current record of all patches applied to production environment.

Procedure Details

Procedures Flow Chart
Flow Chart Symbols
- Procedure Flow Chart Details
  - User / Asset Owner Role

Step 1: Need for new Patch / Update
Inputs	Scheduled Patch. New patch available. - Patches Audit Report.
Activities	A business request or a technical requirement has to be identified. A patch/change request form should be submitted to the Department Management.
Outputs	Change request form.

Step 1: Need for new Patch / Update

Inputs

Scheduled Patch.

New patch available.
- Patches Audit Report.

Activities

A business request or a technical requirement has to be identified. A patch/change request form should be submitted to the Department Management.

Outputs

Change request form.

Department Management

Step 2: Evaluate Business Needs
Inputs	Change request form.
Activities	Review the change request form and evaluate the need for change in term of business needs. - Review and evaluate the change request form in terms of priority, importance, necessity, nature of the change, mainly, the need of update/patch in the system, Decide for approval.
Outputs	Evaluated change Request, If approved proceed to step 3 for evaluate request, If not approved proceed to step 6.
Step 6: Inform Requester
Inputs	Change Request Form.
Activities	If the patch/change is not approved, Update the requester of the outcome of the patch/change request.
Outputs	Change Request Form and End the request.

Information Technology Department

Step 3: Evaluate Request/Test Patch
Inputs	Evaluated change request form.
Activities	Evaluate request form and decide for approval, if approved test patch in test environment.
Outputs	Tested change request form and if approved proceed to step 4. - If not approved inform requestor, proceed step 6.
Step 4: Implement Patch
Inputs	Successfully Tested Change request form.
Activities	Implement the approved/necessary Patches. - Proceed to step 6 and step 5.
Outputs	Implemented change Request
Step 5: Update Change History Log
Inputs	Implemented change request.
Activities	- Update the specific change history log
Outputs	Change/Update history log.

Approved by

Ajay Kumaran Nair on June 13, 2023 |

Last Updated by

Sreejith K on June 13, 2023