Draft procedure is work in progress. |
This is a comprehensive Procedure document for SyWay SAP systems Patch Maintenance, covering both On-Premise and SaaS/Cloud (Public and Private) deployments. This procedure defines the standardized process for planning, assessing, applying, testing, validating and documenting SAP patches (Support Packages, Security Notes, Kernel patches, Hotfixes etc.) across the landscape. The goal is to minimize security risks, ensure system stability and compliance, reduce downtime, and maintain business continuity while adhering to the shared responsibility model in cloud environments.
The process mentioned in this document is applicable to following categories of Applications for both ROW and China specific instances.
| Category | Primary Application | Supplementary Application |
|---|---|---|
| SAP Rise | SAP S/4HANA Kinaxis Maestro | SAP Cloud Connector SAP Data Provisioning Agent SAC Agent OpenText Connector SAP Web Dispatcher SAP TM Optimizer |
| Azure | SAP WWI Server Syniti Replicate (China) Syniti Connector (China) NextLabs Policy Server OpenText xECM | |
| AWS | Syniti Replicate (ROW) Syniti Connector (ROW) | |
| SAP BTP | Asset Performance Management Profitability and Performance Management Business Network Freight Collaboration Business Network Global Track and Trace Sustainability Footprint Management Sustainability Control Tower Group Reporting Data Collection Advanced Financial Closing Document Reporting Compliance Build Work Zone Task Center Cloud Identity Services (IPS+IAS) Risk and Assurance Management Identity Access Governance DataSphere SAP Analytics Cloud (SAC) Integration Suite Forms Service by Adobe | |
| SaaS | SuccessFactors Ariba ICertis Salesforce | BlackLine WalkMe Syniti Knowledge Platform OpenText Cloud (Core Capture & Archiving) Bloomberg Vertex EDICOM |
Under RISE with SAP, security responsibilities are divided between SAP Enterprise Cloud Services (ECS) and the customer. That means SAP do not handles all patching automatically
SAP ECS — Infrastructure Layer | Customer — Application Layer |
• OS-level security patching (hyperscaler VMs) • Database (HANA) patching & administration • Network, compute & storage maintenance • HotNews/Emergency notes with no manual steps • JAVA component patches (standard contract) • System reboots for infrastructure patches • 24×7 infrastructure monitoring • Key management for data at rest | • Review & risk-assess all SAP Security Notes • Request application patches via Service Request • Provide downtime windows for scheduled patches • Test all implemented notes in DEV and QAS • Authorise transport to Production • User administration, roles & authorisations • Custom ABAP/code security & SoD management • RFC access restriction & security configuration |
Below is the RACI matrix to be followed for applying the Security Notes on a monthly basis
Activity | SyWay Platform Team | Security | Functional Owner | SAP ECS |
Download/Review Security Notes | R, A | I | I | |
Perform Impact Assessment | R | R, A | C | C |
Note Prioritisation | A | R | C | I |
Raise Jira | R | I | I | |
Implement note — application layer | R | I | I | |
Testing | R | R | I | |
Approve & deploy via Active Control | R | C | I |
R = Responsible | A = Accountable | C = Consulted | I = Informed
Include Security Notes, SPS, Hotfixes, Kernel, Infrastructure OS/DB and component specific (ST-PI, ST-A/PI etc.)