The root of ServiceNow ITOM (IT Operations Management) is the CMDB (Configuration Management Database), the foundation of the ServiceNow platform. As the underlying database powering everything from Asset Discovery to Agent Intelligence, you can think about the CMDB as the foundation of ServiceNow’s power – or at least one of the foundational elements.
Despite the importance of a healthy CMDB, we see so many ServiceNow customers have a CMDB that is plagued by issues that prevent it from providing the desired organizational value. In fact, Forbes magazine asserts that an astonishing 85% of CMDB projects fail.
We’re here to help you even the odds.
Our ITOM eBook covers the “three C’s” of the CMDB, talks you through how to think about structure, and of course, the ever important governance. To jump right in download a full copy now, or read through a small excerpt below.
CMDB Foundation 3: Compliance
Our final “C” of CMDB success is compliance. This is a measure of how well your data aligns of your organization’s data standards, as well as the standards of external auditors for regulated industries. To assess your CMDB complaints, you want to ask yourself: “Does my CMDB meet our configuration standards, and does it match our what our IT environment actually looks like today?”
To evaluate how compliant your data is, you will essentially compare your CMDB data using audit rules, and then come up with a list (or % disparity) for how much of your information is in compliance vs. how much of it breaks your audit rules. This will also help you determine how you measure up against your company’s internal compliance standards or assess how well you are aligned with external regulatory standards like PCI and SOX.
Truth be told… configuration compliance has always been the “Nirvana” state of CMDBs, and one that is usually only obtained with high levels of data maturity. Historically, many organizations have struggled to achieve full CMDB compliance because, well, maintaining perfect CMDB is hard, and some of the pitfalls we discussed earlier have (to date) prevent them from reaching this state regardless of platform. For example, your data has to be both “complete” and “correct,” to ensure it won’t give false readings on data audits.
This Compliance Nirvana seemed out of reach of many organizations, that is, until ServiceNow’s release into CMDB Health in with the Helsinki release in Fall 2016. This new CMDB Health launch has rolled out significant advances such as Scripted Audits, meaning you can tailor the audits to be more flexible to your organization. All of that now means that organizations of all size – yes, even you – can increase compliance, conduct actual state alignment validations, and realize a CMDB “gold standards” to reduce fraud, waste, and abuse, and save money!
Defining compliance processes and tools that let you know you’re in compliance are critical. Having internal compliance standards also drives maturity as well as efficiencies with organizations for governance and processes. Most organizations face one or two regular external compliance audits, which affect everything from the organization’s services and infrastructure. Failing an external audit can be both expensive, and potentially catastrophic!
To govern your CMDB compliance, follow a few essential steps:
Step One. Start by defining what you need to comply with, which, in most cases will be the industry compliances your company has to adhere to (ex: Financial, Medical, Educational, etc.).
Step Two. Prioritizing those steps to ensure you focus on the most business-critical items.
Step Three. Work with the relevant teams in your business to validate your priorities and data processes against the compliance controls you have to focus on. Understanding organizational readiness and dependencies are critical to successful audits and remediation.
Step Four. Define internal compliances that will help drive cost saving, mature processes, and realize operational efficiencies. (Examples here might include “Gold State” infrastructure requirements, data accuracy (correctness) validation audits, or process audits.)
Step Five. Create a business plan and maturity roadmap on how to get from where you are today to where you need to be. This roadmap should take into account the people, process, and technology required, and include an assessment of your company’s readiness at each of those levels.
Step Six. Make sure you plan for both external and internal audits. (With a few modifications, you should be able to use the same plan to achieve both internal and external compliance, as success with external audit compliance should mean you’ve met most of the common practices you need to successfully navigate an internal one.)
Your maturity roadmap plan should include what platforms you need to achieve your goals. If your company already has ServiceNow as a platform to your transform business, it’s a good bet that applications like IT Governance, Risk, Compliance, and the CMDB will be a part of the solution!
To learn more about your CMDB solution, download your complete ITOM eBook now.