Patch management in SharePoint

Application of regular security patches and updates is vital for any system. It is same for our SharePoint environment as well. But we should be very careful in patching, as our SharePoint environment can contain mission critical data as well as customization. Data and customization need to be preserved 100% for the patching exercise to be a success.

First we need to understand how Microsoft releases patches for SharePoint.Microsoft provides following types of patches

Hot fixes	Released whenever Microsoft encounter vulnerability/issue on SharePoint
Cumulative updates	Collection of hot fixes and security updates released every 2 months
Service Packs	Collection of fully tested cumulative updates

We can get information on any security update or vulnerability from Microsoft Security Bulletins site. In that site we can search for SharePoint related updates. Once we get the update we need to assess the risk of applying such update.
To assess risks and identify the course of action I use following as the guideline

After risk assessment I follow the process given below to apply patches and updates to my production environments