Upgrades VS. Security Patches

Upgrades VS Security Patches

As you now will be aware GDPR is the new standard for data protection, and with this new regulation, the relationship and responsibilities of each data handler has also changed. As we host your version of SugarCRM on our in-house systems, we are now defined by the new regulation as a Data Processor. This means that we have additional responsibilities to ensure that your data is safe. In order to ensure that everybody understands the language and terminology, I would like to take just a few moments of your time to explain the difference between Upgrades and Security Patches (sometimes referred to as Security Updates).


An upgrade is the act of replacing your product with a newer, more superior version, with enhanced features and functionality. This does occasionally mean that some of your system may not work as it used to and some of the functionally may have changed. If your system has been heavily customised, we will invite you to check and test an offline version of an upgraded system, before we carry out the upgrade on your live system.

Security Patches or Updates

Whilst all software is tested before it gets released, this is no substitute for the examination it receives when it is put live. From time to time both functionality and security need to be reviewed, and this is done by patches. Some of these are security led, and we are asked not to publicise these before a certain date in order to protect the software. When this happens we will patch your system in the background, and you will often not be aware we have done so as these rarely impact the usability of the application. Last year we patched the application and the underlying supporting systems five times, most of which went unnoticed. While these may seem to be a nuisance when the application is doing what we need it to do, these are in fact positive events as they demonstrate the commitment of the software house to keep the application both relevant and secure. We would ask your assistance in ensuring that these are completed swiftly. Thank you in advance for your co-operation, Hannah Martin Compliance Director