Yes, I agree. It is definitely a sequence.
1st make sure that the OS's are patched
2nd patch the SQL
3rd apply the modules
and always start with the primary engine, then any additional engines and finally the additional web servers.
and always upgrade the NPM first, then the SAM and then then rest.
Remember that upgrades often adjust the SQL schema and so it's important to keep the versions consistent.
In a multi-engine environment I would upgrade all of the NPMs first, then all the SAMs, then other modules one by one.
Then finally you might want to update the MIB file across all the engines.
As for disk layout; OS, application, and data should all be on different spindles, or different RAID controllers. A separate and dedicated SQL server helps a lot. The individual files for the SQL database and logs should be spread across different spindles &/or controllers. In practice this level of detail often does not happen, but keeping the databases & logs on RAID-10 is important and having plenty of space for OS, apps & data is crucial.
Regards,
Robert