SSRS 2012 security patching

Our environment contains SSRS installed on web facing servers with the database on separate SQL server. My question is: are there security patches centric to only the web facing servers where SSRS is installed, even though the database is on a different server? If so, how would I confirm/test for that?