While the technical deployment varies according to correction type, they all follow the staging level principle. This means, that any correction needs to be installed in the development system first and following a preliminary technical check, the correction can move into the test stage. For ABAP-based corrections and Support Packages, the SAP Transport Management system (STMS) is used. Thanks to CTS+ some JAVA corrections can be also deployed. Kernel and some component updates, need to be installed (manually) per staging level.
Once in the test environment, a test should be conducted. SAP states that customers don’t need to test whether the security patch has eliminated the vulnerability, however customers ought to test the business processes that are used in production. After passing the QA process, the deployment to the production stage can be executed. Depending on the content of the transport request, this can often be done during normal business hours. As there are several scenarios that can lead to unwanted behavior, such as process abortion, it’s recommended that the correction is imported after normal business hours.