diff --git a/policies/sc-servicecatalog-t1/policy.tf b/policies/sc-servicecatalog-t1/policy.tf
index 425ab7f..e2ac35f 100644
--- a/policies/sc-servicecatalog-t1/policy.tf
+++ b/policies/sc-servicecatalog-t1/policy.tf
@@ -10,4 +10,13 @@ data "aws_iam_policy_document" "inline" {
     ]
     resources = ["*"]
   }
+  statement {
+    sid    = "DenyProductUpdates"
+    effect = "Deny"
+    actions = [
+      "servicecatalog:UpdateProvisionedProduct",
+      "servicecatalog:UpdateProvisionedProductProperties",
+    ]
+    resources = ["*"]
+   }
 }
diff --git a/policies/sc-servicecatalog-t2/policy.tf b/policies/sc-servicecatalog-t2/policy.tf
index 77c67fb..0d024d6 100644
--- a/policies/sc-servicecatalog-t2/policy.tf
+++ b/policies/sc-servicecatalog-t2/policy.tf
@@ -31,5 +31,14 @@ data "aws_iam_policy_document" "inline" {
     ]
     resources = ["*"]
   }
+  statement {
+    sid    = "DenyProductUpdates"
+    effect = "Deny"
+    actions = [
+      "servicecatalog:UpdateProvisionedProduct",
+      "servicecatalog:UpdateProvisionedProductProperties",
+    ]
+    resources = ["*"]
+   }
 }