The present invention provides a common framework to determine if machines are patched and automatically applies patches as required. It provides an automated tool to assess patch levels and apply patches on several different UNIX machine types. Further, it provides a centralized, consistent method of providing patches to multiple roles within an organization while automatically managing large quantities of machines. It can manage multiple security standards, machine classifications, and patch security levels and be customized to interface with existing asset management tools. It evaluates the most suitable patch to satisfy the minimal patch requirements and is an early warning system that will tell a user when the user's machine will go out of compliance. The tool is composed of two parts: a server component and client component. The server collects data reported by client machines and stores it in a database; collects patch, machine and owner data from other databases, including internal databases and vendor web sites; downloads vendor patches to a depot area; and evaluates compliance and generates a list of patches that are missing, applied late, and patches that are satisfied. An overall compliance verdict is calculated for each machine. The server sends the client a list of patches to be installed as needed. The server receives installation status from the client, reports it onto the web, and sends the user email. The client gathers machine data and sends it to server; queries the server to see if patches are needed, and receives a patch list. The client downloads patches from APAR depot; and installs patches and reports status back to the server.