Keeping software up to date is a critical component of maintaining a secure, stable, and high-performing system environment. Software updates and patches are released to address security vulnerabilities, resolve defects, improve performance, and ensure compatibility with evolving technologies.
In a multi-tenant SaaS environment, updates also serve as an essential mechanism to maintain fair usage, platform stability, and consistent performance across all customers, in line with our operational and service governance principles.
Please refer to Feature development and change management policy for further details.
Our Release Model
To balance stability, predictability, and responsiveness, we apply a structured release approach:
| Release Type | Description | Frequency | Example |
|---|---|---|---|
| Monthly Release | Consolidated non-critical updates, improvements, and fixes | Monthly | 2026-01, 2026-02 |
| Critical Updates | Security patches and critical bug fixes | Immediate (as needed) | Not version-bound |
| Infrastructure Updates | Performance or backend improvements | As required | Included or standalone |
Key Principles
- Predictability: Non-critical changes are grouped into monthly releases with clear versioning (e.g., 2026-01).
- Responsiveness: Critical security patches and high-impact bug fixes are deployed immediately, without waiting for the monthly cycle.
- Stability: Controlled rollout minimizes disruption to users and business processes.
Updates in a SaaS Environment
In a shared platform, patching is also an operational control:
| Principle | Description |
|---|---|
| Fair Usage | Updates ensure no outdated components negatively impact other users |
| Monitoring | Continuous monitoring enables proactive identification of issues |
| Service Protection | Provider may apply updates or fixes to maintain system integrity |
| Scalability | Updates support efficient resource utilization and growth |
What Are Releases?
A patch is a targeted update designed to address a specific issue, including:
- Security vulnerabilities (highest priority)
- Bug fixes and defect resolution
- Performance optimizations
- Minor functional improvements
Feature Availability & Activation Disclaimer
Not all updates, features, or improvements introduced in releases are automatically visible or available to all users.
| Factor | Explanation |
|---|---|
| Tariff / Subscription Plan | Certain features are only available within specific pricing tiers or licensed modules |
| Configuration | Some features require system configuration or dependencies to function |
| Administrative Consent | Selected features may be enabled only upon explicit approval by the customer’s administrator |
| Gradual Rollout | Features may be released progressively to ensure stability and performance |
Important:
- The presence of a feature in release notes does not guarantee automatic activation in your environment.
- Customers retain control over enabling features that may impact workflows, compliance settings, or user experience.
On-Premise Deployment Disclaimer
For on-premise installations, update delivery differs due to infrastructure ownership and access constraints:
| Aspect | SaaS (Cloud) | On-Premise |
|---|---|---|
| Non-critical updates | Monthly releases | Typically quarterly or based on availability |
| Critical updates | Immediate deployment | Provided as soon as available (customer-assisted deployment may be required) |
| Deployment control | Managed by provider | Coordinated with customer |
| Testing environment | Provider-managed | Customer-dependent |
Important:
- On-premise customers are responsible for timely installation of provided updates unless otherwise agreed.
- Delays in applying updates may result in increased security or operational risk.
Our Approach to Updates & Patching
We follow a structured lifecycle to ensure updates are applied safely and effectively:
- Monitoring & Detection – Continuous tracking of vulnerabilities and system performance
- Assessment & Prioritization – Risk-based evaluation (critical vs non-critical)
- Release Planning – Inclusion in monthly release or immediate deployment
- Deployment – Controlled rollout with minimal disruption
- Verification – Ensuring stability and expected functionality
- Documentation – Maintaining change logs and audit trails
Change Management & Communication
| Element | Description |
|---|---|
| Advance Notification | Planned releases are communicated in advance where applicable, allowing customers to prepare and assess potential impact |
| Release Notes | Each release includes structured information on changes, fixes, and improvements |
| Maintenance Windows | Updates are typically deployed during controlled time windows to minimize disruption |
| Communication Channels | Notifications may be provided via email, help portal, or release notes articles in current Help portal. |
Testing & Environment Segregation
| Element | Description |
|---|---|
| Controlled Deployment | Updates are tested prior to release to ensure stability and reliability |
| Staged Rollout | Where applicable, updates may be rolled out progressively |
| Customer Validation (Optional) | Enterprise customers may request validation or coordination before major changes |
Stability, Rollback & Continuity
| Element | Description |
|---|---|
| Rollback Capability | Measures are in place to revert updates in case of critical issues |
| Backup Procedures | Backups are performed to safeguard data before significant changes |
| Incident Handling | Defined processes exist for addressing issues arising from updates |
Security & Compliance
| Element | Description |
|---|---|
| Priority for Critical Fixes | Security vulnerabilities and critical issues are addressed without delay |
| Patch Management | Updates follow a structured lifecycle aligned with industry best practices |
| Audit Trail | Update activities are logged to support audit and compliance requirements |
| Standards Alignment | Practices align with frameworks such as ISO 27001, NIST, and CIS Controls |
Customer Control & Governance
| Element | Description |
|---|---|
| Feature Toggles | Certain features can be enabled or disabled based on customer preferences |
| Administrative Approval | Some updates or features may require explicit customer administrator consent before activation |
| Configuration Flexibility | Customers retain control over key system configurations affecting their environment |
Transparency & Visibility
| Element | Description |
|---|---|
| Change Logs | Historical records of updates and changes are maintained in Deployment page and Change log page |
| System Monitoring | Systems are continuously monitored to ensure performance and stability |
| Status Communication | Relevant service updates or incidents are communicated where necessary |
Integration & Compatibility
| Element | Description |
|---|---|
| API Stability | Updates are designed to maintain backward compatibility where possible |
| Deprecation Notice | Advance notice is provided for significant changes affecting integrations |
| Dependency Management | Updates consider compatibility with supported environments and integrations |