A good patch management process does not begin with an IT department, or a system administrator or any other technical expert. A patch management process begins with upper management writing a policy that requires patching of all computers on the network. Computer security that maintains the integrity and safety of proprietary company data. The presence of current patches on every single computer in the enterprise is a key component to preventing remote intrusions into company systems. Exploits that take place as hacks and the results of some viruses and worms depend on systems whose patch level is behind current, leaving opportunities for those malicious programs to execute their action of violating a computer and gaining control.
A patch management process will ensure that users are required to keep their patch levels current. The patch management process can also require the use of a system that checks the patches present on computers that attempt network access and has the capability of denying access to computers who are not at a certain patch level. Once the computer has downloaded patches that are missing and required, then it will be allowed to gain access to the network. Other ways to enforce patch management process policy are to use a server that forces machines to accept patches from it by using a group policy that directs the computer to ignore user configuration changes to the patch manager.
There are various ways to accomplish a patch management process that keeps computers updated. In the very least, in an environment where there is no automated way to force patches onto computers, the end users should be informed that they are accountable for their workstations to be patched to the most current patch levels. Users who are made aware of the necessity for certain security practices to be maintained will better equipped to enforce a patch management process.