Design and Implementation of an Automated Patch Management and Compliance Framework for Institutional IT Systems

Authors

DOI:

https://doi.org/10.5281/zenodo.16917097

Keywords:

patch management, IT compliance, automation, institutional IT systems, vulnerability remediation, system security, design science research, endpoint management

Abstract

Delays in patching and uneven adherence to legal requirements make institutional IT systems more susceptible to security risks. The design and implementation of an automated patch management and compliance framework suited to institutional environments was the main emphasis of this project. The framework was implemented and tested in a simulated IT infrastructure with a variety of operating systems and device roles using a design science research methodology. According to the findings, there were notable gains in patch deployment success rates (96% vs. 78%), remediation time (3.2 vs. 14.5 hours), compliance (98% vs. 72%), and system downtime. The automated system was a strong and scalable paradigm for institutional IT governance since it also improved administrative efficiency and offered real-time compliance reports. These results imply that patch management automation improves cybersecurity and simplifies IT operations in both academic and business contexts.

Downloads

Download data is not yet available.

References

Abdulrasool, F. E., & Turnbull, S. J. (2020). Exploring security, risk, and compliance driven IT governance model for universities: applied research based on the COBIT framework. International Journal of Electronic Banking, 2(3), 237-265.

Akinade, A. O., Adepoju, P. A., Ige, A. B., Afolabi, A. I., & Amoo, O. O. (2021). A conceptual model for network security automation: Leveraging AI-driven frameworks to enhance multi-vendor infrastructure resilience. International Journal of Science and Technology Research Archive, 1(1), 39-59.

Bat-Erdene, D., Enkhbayar, A., Ganbaatar, T. O., & Enkhbold, N. (2022). CI/CD integration for patch compliance in biomedical systems.

Bicaku, A., Tauber, M., & Delsing, J. (2020). Security standard compliance and continuous verification for Industrial Internet of Things. International Journal of Distributed Sensor Networks, 16(6), 1550147720922731.

Dissanayake, N., Jayatilaka, A., Zahedi, M., & Babar, M. A. (2022, October). An empirical study of automation in software security patch management. in Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering, pp. 1-13.

Ghanem, M. C., Chen, T. M., Ferrag, M. A., & Kettouche, M. E. (2023). ESASCF: Expertise extraction, generalization and reply framework for optimized automation of network security compliance. IEEE Access, 11, 129840-129853.

Hassani, P. (2020). Implementing patch management process.

Jayawardena, D., Rathnayake, K., Dissanayake, N., & Abeysekera, S. (2021). The review on patching strategies for always-on biomedical data systems.

Kocsis, D. (2019). A conceptual foundation of design and implementation research in accounting information systems. International Journal of Accounting Information Systems, 34, 100420.

Komaragiri, V. B., & Edward, A. (2022). AI-driven vulnerability management and automated threat mitigation. International Journal of Scientific Research and Management (IJSRM), 10(10), 981-998.

Martin, F. A., & Rey, W. P. (2024, July). Patch perfect: System administrator strategies for effective patch management and securing systems, minimizing risks. in International Conference on Control, Robotics and Informatics (ICCRI), pp. 1-6. IEEE.

Merchan-Lima, J., Astudillo-Salinas, F., Tello-Oquendo, L., Sanchez, F., Lopez-Fonseca, G., & Quiroz, D. (2021). Information security management frameworks and strategies in higher education institutions: a systematic review. Annals of Telecommunications, 76(3), 255-270.

Mohammed, A. (2023). SOC audits in action: Best practices for strengthening threat detection and ensuring compliance. Baltic Journal of Engineering and Technology, 2(1), 62-69.

Park, H., Kim, M., Lee, J., & Choi, T. (2022). Continuous compliance pipelines using GIT and puppet.

Shahi, K., McCabe, B. Y., & Shahi, A. (2019). Framework for automated model-based e-permitting system for municipal jurisdictions. Journal of Management in Engineering, 35(6), 04019025.

Downloads

Published

2025-07-29

How to Cite

Thota, K. (2025). Design and Implementation of an Automated Patch Management and Compliance Framework for Institutional IT Systems. Applied Science and Engineering Journal for Advanced Research, 4(4), 27–32. https://doi.org/10.5281/zenodo.16917097

Issue

Vol. 4 No. 4 (2025): July Issue

Section

Articles

ARK

https://n2t.net/ark:/88926/ASEJAR.v4i4.159

License

Copyright (c) 2025 Kishore Thota

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Research Articles in 'Applied Science and Engineering Journal for Advanced Research' are Open Access articles published under the Creative Commons CC BY License Creative Commons Attribution 4.0 International License http://creativecommons.org/licenses/by/4.0/. This license allows you to share – copy and redistribute the material in any medium or format. Adapt – remix, transform, and build upon the material for any purpose, even commercially.