Following are the objectives in a review of network patch managment. The audit procedures are included for each objective.
Objectives
Review and assess for adequacy of policies and procedures for patch management.
Determine compliance to written policies and procedures or best practices for patch management
Determine that management has a sufficient process in place related to unapplied patches labeled as critical and high priority by the vendor.