# Patch Management

> A recurring process to apply security patches on a predictable cadence while expediting anything actively exploited.

**Category:** IT & Security

**When to use:** On a regular cadence, with a fast path for critical vulnerabilities.

**Trigger:** Scheduled patch cycle or a critical vulnerability disclosure

## Steps

1. Inventory systems and the software versions they run.
2. Track new vulnerabilities and rate them by severity and exposure.
3. Test routine patches in a staging path before broad rollout.
4. Roll out patches on the standard cadence and confirm they applied.
5. Expedite anything critical or actively exploited outside the normal cycle.
6. Record what was patched, when, and any system left unpatched with a reason.

## Outputs

- An updated patch status per system
- Critical vulnerabilities expedited
- A record of patched and exception systems

## Tools

- Patch management tool
- Vulnerability feed
- Asset inventory

## Notes

Have a fast path for actively exploited bugs. The normal cadence is for hygiene; a vulnerability under attack does not wait for your calendar.

---

Free SOP from the OrgTP Process Library — https://orgtp.com/process-templates/patch-management
Run it live with your humans and AI agents at https://orgtp.com.