Title: ITIL Patch Management Best Practices

Keyword: None
Word Count: Up to 1200
Instructions: Talk about what ITIL requires in terms of patch management and give tips about
how customers can comply with ITIL patch management requirements.
Client: Tobias Abdon

Introduction
Patch management is a critical thing to do. Yet a lot of companies still lack the proper processes
and technologies to help keep their servers up to date. This article will briefly cover the
background of ITIL and its recommendations for patch management. Then we will recommend
some actions you can take.

ITIL Patch Management Best Practices

For those not aware, ITIL used to be an acronym for IT Infrastructure Library founded in the
1980s, but now it has a meaning of its own. When ITIL was first introduced it consisted of 48
books with instructions on how to manage and run an IT department.

ITIL stands firm as a beacon of well established and globally accepted best practices in IT
service management.

ITIL
ITIL most commonly consists of processes, checklists, and procedures. These aspects do not
have to be industry or technology-specific. They can have an organization-wide implementation.
Some of the most prominent positive aspects ITIL brings in an organization are improved
strategies, increased delivery value, and high competency

Even though ITIL underpins IS0 20000, which is the International Service Management
Standard, there are few differences between ISO 20000 and ITIL framework. Certification in ITIL
is available only at an individual level.

The ITIL process revolves around the following five processes:

● Service Strategy
● Service Design
● Service Transition
● Service Operation
● Continual Service Improvement

Patch Management
Patch management is a system management strategy that involves acquiring, testing, and
installing multiple patches to a system.

The exact patch management process varies from industry to industry, with each having its own
established best practices.

General patch management tasks include:

● Maintaining an inventory of available patches
● Filtering appropriate patches of systems
● Ensuring proper installation
● Testing systems after patch installation
● Documenting procedures
● Automating patch management if appropriate

Patch management also includes determining when and which patches to install. System
patches are essential as they ensure that vulnerable systems are fixed and are up to date.
Failing to patch an already infected or vulnerable system can have devastating effects.

Role of ITIL in Patch Management

The role of ITIL in patch management is that of a set with intersection property. Every
specification and procedure laid down by ITIL must be met in each patch management practice.
Patch management can include procedures and aspects unique to it, but they must not defy the
instructions and procedures laid down by ITIL.

ITIL provides a framework to follow when defining best practices for the Patch Management
Process of industry, specific scenario, or an organization. It also ensures that the patch is
deployed using standardized methods. Doing so reduces the likelihood of patch related
incidents.

ITIL and Patch Management Requirements

The Patch Management process is defined by ITIL as the “Change Process” as change
management is a must at every stage of patch management. Just like with all system
modifications, updates and patches must also be performed, recorded, and tracked by the help
of the change management system.

The main requirement of ITIL with patch management is to preferably automatically:

● Keep the servers updated
● Keep the workstations updated
● Keep the remote systems updated
And also to ensure to apply the latest security patches.

Compliance Strategies and Best Practices

An essential aspect when defining best practices and creating compliance strategies is to
ensure that as a result of these strategies patches are deployed properly while the production
environment always remains protected from unwanted changes.

The following are some of the Patch Management Best Practices in compliance with ITIL
concerning specialized environments.

ITIL Tips on Configuration Management

1. Determining the baseline infrastructure and finding out what needs to be patched.
2. Identifying infrastructure components.
3. Obtaining and storing master patches.
4. Storing and controlling configuration patch.
5. Accounting for patches infrastructure
6. Verifying patching activities

ITIL Tips on Service Level Management

1. Ensuring SLA’s patching requirements
2. OLA’s patching management
3. Identifying CSIP patching
4. Monitoring and reporting patching activities.

ITIL Tips on Service Continuity Management

1. Analyzing business impact
2. Making risk assessment
3. Implementing risk reduction measures
4. Recovery planning for unsuccessful patches

Following are the tips which are at the crux of ITIL Patch Management Best Practices:

Tip # 1 - On Inventory Creation

Create an exhaustive list, i.e Inventory of all the devices, service, and all the dependencies of
an IT infrastructure.

Tip # 2 - On System Categorization

Perform system categorization according to their risk factor. It mitigates the possibility of critical
failures and also creates a distinctive boundary between low-priority and high-priority patches.
Tip # 3 - On Automation
Use automated tools to streamline your patch management process. In the case of patches for
operating systems, they must be deployed immediately after their release.

Tip # 4 - On Test Environment Deployment

Always apply a new patch first in a test environment. Bad patches deployed have the potential
to break the entire system.

Tip # 5 - On Mitigating Vulnerabilities

Patch management is a continuous process. Make sure all servers are regularly scanned and
reported.

Tip # 6 - On Reporting
Generate regular reports and reviews to ensure that the patch management process set in
place is working as expected.

Closing Statement
Keep in mind that Compliance Strategies and Best Practices change from industry to industry
and from one establishment to another. Before defining best practices, make sure to understand
the infrastructure first.

Having a good patch management process in place is vital. Make sure to fully utilize all the tools
at your disposal to improve the Patch Management Process.