The Common Web Platform (CWP) team regularly patches and upgrades software running your website, to guard against security vulnerabilities, and prevent software from becoming unsupported.

This includes the operating system and software running on servers, and shared systems such as search, firewalls, caches, service desk, the code repository (GitLab (external link) (external link)), and the deployment tools.

This does not include upgrades to your content management system (CMS). These are normally performed by your development team, who know how your website has been built and customised. If for some reason you require the CWP team to upgrade your CMS, raise a ticket on the service desk.

Infrastructure as a Service maintenance

Where Revera is required to apply a patch or upgrade, it will follow the CWP change management process, and information will be provided to agencies by the CWP team. Revera ‘s scheduled maintenance is as follows:

  1. Four annual Upgrade Windows - the first Sunday of February, May, August, and November between 1am and 3am. These fall within the CWP Narrow Maintenance Windows.
  2. Two disaster recovery tests during business hours. These are required under the IaaS contract in order to meet ITIL standards. They test that fail-over service delivery continues to operate under the stress of a typical daytime load. There is a low risk of service disruption during these tests.

Change management and maintenance windows

Some upgrades require outages, so are scheduled out-of-hours to reduce the impact on agencies, developers, and website visitors. Maintenance work is categorised into different forms, and these are given different windows of time when such work can be carried out:



Can be used for:


Notice Given

Wide Maintenance Window

Weekends and nights

(Between 5pm and 8am, Monday to Thursday, and between 5pm Friday and 8am Monday)

Small Updates

Updates that have a low risk of causing more than 2 minutes of outage and do not introduce any feature changes.

3 business days

Narrow Maintenance Window


(Between 10pm and 7am, every day)

Regular Updates

Updates that are not Emergency Updates, Stack Updates or Small Updates.

3 business days

Any time

At any point in time.

Emergency Updates

Updates necessary to restore a disruption to delivery of the Operational Services or prevent a high risk of disruption or the materialisation of a security vulnerability.

None required.

Notice given where possible.

Deployment times

Twice a day, at either 6am or 10pm.

Stack Updates

Are updates to the Stack Code including installation and removal of modules from the Stack. This is typically the PHP running an individual website.

Not applicable. Typically scheduled by the agency itself.


  • Scheduled outages due to the above are not considered in CWP Service Levels relating to website and CMS uptime
  • Agencies are given the right to object to the timing of the Small and Regular Updates. The work will be rescheduled if agencies object.
  • The Stack Managers (and Release Managers, where nominated) at an agency are sent Change Management emails in order for an agency to be advised by the 'Notice Given' period listed in the table above.

Last modified: