PT
Uploaded byPhil Tishberg
DOCX, PDF6,896 views

SACM Workshop Best Practice and Road Map Implementation Process Guide - PL Corp Dec 2015

This document summarizes the findings and recommendations from a Service, Asset & Configuration Management workshop between PL Corporation and ServiceNow. Key findings include that PL currently lacks a central asset repository, standardized asset lifecycle processes, a defined SACM organization, and integration between asset management and business services. Recommendations include establishing a ServiceNow data model, SACM roles and responsibilities, standardized asset lifecycle processes, a ServiceNow CMDB, and business service maps. An implementation plan is provided to address these areas in a phased approach.

Embed presentation

Downloaded 664 times
1 / 120
2 / 120
3 / 120
4 / 120
5 / 120
6 / 120
7 / 120
8 / 120
9 / 120
10 / 120
11 / 120
12 / 120
13 / 120
14 / 120
15 / 120
16 / 120
17 / 120
18 / 120
19 / 120
20 / 120
21 / 120
22 / 120
23 / 120
24 / 120
25 / 120
26 / 120
27 / 120
28 / 120
29 / 120
30 / 120
31 / 120
32 / 120
33 / 120
34 / 120
35 / 120
36 / 120
37 / 120
38 / 120
39 / 120
40 / 120
41 / 120
42 / 120
43 / 120
44 / 120
45 / 120
46 / 120
47 / 120
48 / 120
49 / 120
50 / 120
51 / 120
52 / 120
53 / 120
54 / 120
55 / 120
56 / 120
57 / 120
58 / 120
59 / 120
60 / 120
61 / 120
62 / 120
63 / 120
64 / 120
65 / 120
66 / 120
67 / 120
68 / 120
69 / 120
70 / 120
71 / 120
72 / 120
73 / 120
74 / 120
75 / 120
76 / 120
77 / 120
78 / 120
79 / 120
80 / 120
81 / 120
82 / 120
83 / 120
84 / 120
85 / 120
86 / 120
87 / 120
88 / 120
89 / 120
90 / 120
91 / 120
92 / 120
93 / 120
94 / 120
95 / 120
96 / 120
97 / 120
98 / 120
99 / 120
100 / 120
101 / 120
102 / 120
103 / 120
104 / 120
105 / 120
106 / 120
107 / 120
108 / 120
109 / 120
110 / 120
111 / 120
112 / 120
113 / 120
114 / 120
115 / 120
116 / 120
117 / 120
118 / 120
119 / 120
120 / 120
SERVICE, ASSET & CONFIGURATION WORKSHOPGUIDE FOR PL CORPORATION VERSION:1.3
IT Asset Management SACM Process Guide v1.3 Page 2 of 120 RevisionHistory Version Date of Issue Nature of Changes Author (s) 1.1 December28, 2015 Initial Doc–Internal – PT (Linium) &DS (SN) PhilipTishberg- Linium 1.2 January15, 2016 Final Notes/RecommendationsCompleted PhilipTishberg- Linium 1.3 January15, 2016 Final DeliverableContent DinoSammarco
IT Asset Management SACM Process Guide v1.3 Page 3 of 120 Table of Contents 1 EXECUTIVE SUMMARY...................................................................................................................6 1.1 Scope...........................................................................................................................................................................6 1.2 Process Description...............................................................................................................................................6 1.3 Critical Findings.....................................................................................................................................................6 1.4 Critical Recommendations.................................................................................................................................8 1.5 Next Steps.................................................................................................................................................................9 2 ASSET WORKSHOP OVERVIEW.....................................................................................................11 2.1 Scope........................................................................................................................................................................12 2.2 Process Description............................................................................................................................................12 2.3 Process Goal..........................................................................................................................................................13 2.4 Process Objectives...............................................................................................................................................13 2.5 Best Practice Relationship with other processes....................................................................................14 2.6 Best Practice Asset Management..................................................................................................................14 3 PROCESS ROLES...........................................................................................................................16 3.1 Best Practice RACI Matrix...............................................................................................................................18 3.2 PL Process Roles..................................................................................................................................................19 4 ASSET MANAGEMENT LIFECYCLE PROCESS OVERVIEW .................................................................20 4.1 Best Practices – Asset Management Lifecycle Process Overview.....................................................20 4.2 Best Practices – Asset Management Lifecycle Process Overview (phases 1-4)...........................20 4.3 Best Practices – Asset Management Lifecycle Process Overview (phases 5-7)...........................24 4.4 Best Practices – Asset Management Lifecycle Process Overview (phases 8-10)........................27 4.5 PL – Asset Management Lifecycle Processes / Business Use Cases..................................................29 5 ASSET MANAGEMENT PROCESS GUIDE ........................................................................................30 5.1 Governance............................................................................................................................................................31 5.1.1 Policy Management........................................................................................................................................31 5.1.2 Processes.............................................................................................................................................................32 5.2 Fulfillment.............................................................................................................................................................37 5.3 Auditing..................................................................................................................................................................41 5.4 Active Asset Management................................................................................................................................45 5.5 Disposition.............................................................................................................................................................49 5.6 IT Financial Management...............................................................................................................................52 6 SERVICENOW CONFIGURATION REQUIREMENTS..........................................................................58 6.1 ServiceNow Plugins............................................................................................................................................58 6.2 Model / Class (Product Catalog)...................................................................................................................58 6.3 Models.....................................................................................................................................................................59 6.4 Asset Class.............................................................................................................................................................60 6.5 Configuration Item Class (Model Category).............................................................................................60 6.6 Asset and Configuration Item Status...........................................................................................................61 6.7 Asset States (install_status)............................................................................................................................61 6.8 CI Statuses(install_status)..............................................................................................................................62 6.9 Asset & CI State/Status Synchronization...................................................................................................63 6.10 Naming Conventions & Data Normalization.........................................................................................63 6.11 Naming Conventions.......................................................................................................................................64 6.12 Data Normalization........................................................................................................................................64
IT Asset Management SACM Process Guide v1.3 Page 4 of 120 6.13 Integrations........................................................................................................................................................65 6.14 MID Server..........................................................................................................................................................65 6.15 Web Services......................................................................................................................................................65 7 SERVICENOW IMPLEMENTATION.................................................................................................67 7.1 Implementation Methodology.......................................................................................................................67 7.2 PL Current Capability Summary...................................................................................................................70 7.3 Tier 0 Governance Capability.........................................................................................................................70 7.4 Tier 1 Trustworthy Data..................................................................................................................................70 7.5 Tier 2 Practical Management........................................................................................................................71 7.6 Tier 3 OperationalIntegration......................................................................................................................71 7.7 Tier 4 Strategic Conformance........................................................................................................................72 7.8 Implementation Roadmap..............................................................................................................................73 7.9 Roadmap Overview............................................................................................................................................73 7.10 Process Roadmap.............................................................................................................................................73 7.11 Technology Roadmap.....................................................................................................................................74 APPENDIX A: DOCUMENT CONVENTIONS.........................................................................................84 APPENDIX B: GLOSSARY OF TERMS AND ACRONYMS........................................................................85 APPENDIX C: ISO/IEC 19770-2 SOFTWARE ASSET TAGGING ...............................................................91 APPENDIX D: ASSET MANAGEMENT PROCESS OVERVIEW .................................................................92 1 ASSET MANAGEMENT PROCESS ACTIVITY OVERVIEW (BEST PRACTICE LEVEL STACK).....................................92 2 ASSET MANAGEMENT PLANNING AND DESIGN (BEST PRACTICE LEVEL STACK).................................................93 3 PROCURE ASSET ACTIVITY (BEST PRACTICE LEVEL STACK).....................................................................................94 4 RECEIVE ASSET ACTIVITY (BEST PRACTICE LEVEL STACK)......................................................................................96 5 MANAGE ASSET ACTIVITY (BEST PRACTICE LEVEL STACK)......................................................................................97 6 DISPOSE ASSET ACTIVITY (BEST PRACTICE LEVEL STACK)......................................................................................98 APPENDIX E: ROLES ASSOCIATED WITH SERVICENOW IMPLEMENTATIONS........................................99 1 CUSTOMER RESOURCES.....................................................................................................................................................99 2 SERVICENOW RESOURCES.............................................................................................................................................100 APPENDIX F: CONFIGURATION MANAGEMENT PROCESS OVERVIEW...............................................101 1.1 OVERVIEW..................................................................................................................................................................101 1.2 PROCESS DESCRIPTION............................................................................................................................................101 1.3 PROCESS GOAL..........................................................................................................................................................101 1.4 PROCESS OBJECTIVES...............................................................................................................................................101 1.5 RELATIONSHIP WITH OTHER PROCESSES............................................................................................................102 1.6 PRINCIPLES AND BASIC CONCEPTS.......................................................................................................................103 1.7 PROCESS OVERVIEW ................................................................................................................................................107 1.8 PROCESS PLANNING AND DESIGN .........................................................................................................................109 Process Planning andDesign Activity Description.........................................................................................109 1.9 CONFIGURATION IDENTIFICATION ........................................................................................................................113 Configuration Identification ActivityDescription..........................................................................................113 1.10 CONFIGURATION CONTROL..................................................................................................................................115 Configuration Control ActivityDescription......................................................................................................115 1.11 STATUS ACCOUNTING AND REPORTING ............................................................................................................116 Status Accounting and Reporting Activity Description................................................................................116 1.12 VERIFICATION AND AUDIT ...................................................................................................................................117
IT Asset Management SACM Process Guide v1.3 Page 5 of 120 Verification and Audit ActivityDescription......................................................................................................117 1.13 KPIS..........................................................................................................................................................................119 1.14 REPORTS & HOMEPAGE GAUGES........................................................................................................................119 APPENDIX G: DATA CERTIFICATION AND VERIFICATION..................................................................120
IT Asset Management SACM Process Guide v1.3 Page 6 of 120 1 Executive Summary 1.1 Scope The following Service Asset & Configuration Management (SACM) Guide was created in support of an Asset & Configuration Management Workshop between PL Corporation and ServiceNow (SN). The results of the Asset & Configuration Management Workshop are provided within this report. The Asset & Configuration Management Workshop (Service, Asset & Configuration Workshop) was held at PL’s Corporate Headquarters in Birmingham, Alabama. Stakeholders from PL were present to provide details related to Service Asset & Configuration Management within PL. 1.2 Process Description This report identifies the facts discovered during onsite efforts with PL and any follow-up efforts that may have occurred or planned for at the time of this document. These facts serve as baseline information that is used to both assess the current ITAM environment and recommend roadmap activities. Any details provided by PL are both referenced and embedded within this document unless otherwise noted. ServiceNow recognizes the importance of IT Asset Management for mitigating risks, reducing costs, and optimizing services supported by technology. The ability to effectively perform IT Asset Management is based on several factors identified as the Asset Lifecycle. The ServiceNow IT Asset Management Methodology focuses on enabling efficient management of IT Assets based on industry standards and real-world experience. The following are summary elements that identify critical findings and recommended next steps. 1.3 Critical Findings PL is beginning a new effort related to IT Asset Management. This effort currently lacks the following elements for long-term success. 1. Protective currently does not have a single central repository of asset records across the company. Instead a variety of disconnected tracking tools are used to store segments of information:  SCCM is relied on for asset discovery data. SCCM reports only discoverable attributes of discoverable assets thereby missing cost and assignment information for all assets and missing the In Stock, In Maintenance, and Retired assets entirely  Protective has a “project allocation” method for their financial system that is used to track asset purchases, however these are not organized in a single easy to access data store, and are only tied to specific assets, especially those that are not capitalized  Spreadsheets are used to track pieces of information, however there are no whole asset records with inventory. The cost and contractual data is being tracked through the Finance/Procurement Group (Laura)
IT Asset Management SACM Process Guide v1.3 Page 7 of 120 2. There is currently no policy-driven, end-to-end Asset Lifecycle Management process in place across the organization and asset types to manage and track assets from the time they are acquired to the time they are disposed. The front (beginning) of the Asset Lifecycle is better understood, managed and tracked. The predicament question of “Where is the asset?” after it arrives is what is underlining this Critical Finding. Specifically:  Each IT Services team has their own set of procedures that they follow to complete their tasks  There are no documented process policies or procedures across Protective  There is no process automation to enable efficient reportable process compliance  There is no tracking of process updates to asset records, such as when and where it was returned to stock 3. The third key observation is that there is currently no formal IT Asset & Configuration Management organization with defined roles and responsibilities and users and groups assigned to the roles. The IT Services teams perform designated services related to the assets they manage, however their guardianship over the asset record is not defined or documented.  There is no formal program management office (PMO) for SACM  There is no governance for SACM  There are no documented roles and responsibilities for SACM  There is no continuous end-to-end ALM process governing the complete asset lifecycle - Procurement, Stockroom Management, Request Management, Move / Add / Change (MAC), Support, and Disposition  There are no targets or metrics to report their progress for asset management related tasks such as creating or updating asset records in a timely manner following an introduction or modification of an asset  There is no formal audit procedure in place to measure the accuracy of asset and configuration data 4. There is currently no real synergy between asset and configuration management and the business and IT services they support.  ServiceNow is not being used yet as the CMDB with raw discovery data being relied on referentially when evaluating incidents and planning upcoming changes  No formal integration or synchronization of processes or data between the key process areas of SACM – Financial, Contract, and Physical asset management  No formal synchronicity at either the process or data level with the IT Services that rely on trustworthy SACM data: Incident, Problem, Change, Release & Deployment, Disaster Readiness, Continuity and Availability management services  No comprehensive CMDB with consistent standard based configuration item records, attributes and relationships to support the IT services
IT Asset Management SACM Process Guide v1.3 Page 8 of 120 5. There is currently no business services map identifying the PL critical business services and the relationships of the IT assets and configuration items that support them.  No CI relationships among CIs  No ability to gauge impact of a proposed change based on CI relationships  No ability to report total cost of ownership of assets at the Asset Level, It is there for the business service level due to the Financial “Service Allocation Method” employed.  PL current ITAM Capability Assessment score is 1.8 out of a total 4.0. This assessment is based on the International Standards Organization (ISO) tiered Asset Implementation recommendation. A score of less than 3.0 shows a need to focus on Governance and Trustworthy Data (See Section 7.2) Tier / Activity Score Tier 0 – Governance 0.4 Tier 1 – Trustworthy Data 0.5 Tier 2 – Practical Management 0.5 Tier 3 – Operational Integration 0.5 Tier 4 – Strategic Conformance 0.5 Total Capability Score (out of 4.0) 1.8 1.4 Critical Recommendations Based on best practices from our customers and experts, the following critical recommendations have been made. PL has some pieces in place that will be needed for a successful SACM program. What is lacking is the stitching together of these pieces. The following key recommendations will form the basis of the PL Foundational SACM framework. R1. Establish a common data model for the use of asset and configuration item data elements in the ServiceNow platform  Foundational data including users, departments, entities, locations, and stockrooms  Model management data including vendors, models, and maintenance contracts  Asset identification data including model, asset tag, and serial number  Asset assignment data including assigned user, department, location, entity, stockroom, host computer, cluster, rack, rack unit, and operating environment R2. Establish a SACM organization of defined roles and responsibilities with data stewards assigned for each asset type
IT Asset Management SACM Process Guide v1.3 Page 9 of 120  SACM Process Owner  Hardware asset managers – Microsystems (Desktop, Unix, Virtual) & Other (e.g., Headsets) and IT Services  Software asset managers – Microsystems and IT Services (same as above, esp. figure out non-persistent DT tracking if the value is for license & is the only effected determinant for the data tracking)  Configuration manager  SACM data analyst  SACM tools administrator R3. Establish a common end-to-end policy driven and metric monitored Asset Lifecycle Management (ALM) processes for all asset types and management scopes covered by Protective IT Services  Request fulfillment - Deployment  Acquisition – Purchase tracking and Receive  Mass moves – Departments, Data centers, etc.  Reclaim/ restock of unused assets  Retirement and disposal of assets at end of life R4. Establish the ServiceNow CMDB  Define the data model – configuration items and attributes desired for the CMDB  Configure SCCM to capture desired data elements  Import the SCCM discovery data (Compare for cleaning against the BDNA data for a more accurate inventory prior to migrating into Production for use)  Update configuration items with non-discoverable attributes (Wyse Terminals?) R5. Establish a Business Services Maps using ServiceWatch that can be used for impact analysis when managing incidents, changes, and unplanned events  Identify core services where continuity, availability, and capacity are key  Identify the entry points to these services, such as a URL  Let ServiceWatch build and update the Business Service Map 1.5 Next Steps An implementation plan has been provided (See Section 7) that suggests a phased approach for SACM at PL using ServiceNow. This phased implementation will need to include the time to build the requirements (stories) needed to begin a technical implementation of Phase 1. It is recommended to focus on any Process recommendations while implementing the technical requirements.
IT Asset Management SACM Process Guide v1.3 Page 10 of 120 ServiceNow is available to assist in any enablement and implementation efforts in support of PL. The details of this report may be easily turned into an implementation Statement of Work upon your request.
IT Asset Management SACM Process Guide v1.3 Page 11 of 120 2 ASSET WORKSHOP OVERVIEW ServiceNow has assembled the following Service, Asset & Configuration Management (SACM) Workshop Guide that will assist PL in optimizing the implementation and operation of IT Asset and Configuration Management within ServiceNow. The guide includes a review of the existing processes, roles & responsibilities, best practice recommendations, and ongoing asset & configuration management guidance. In addition to the SACM Process review, the Asset Management Workshop Guide provides an Action Plan for the implementation of IT Asset Management within ServiceNow. This action plan identifies PL specific configuration requirements that can be used to build Stories for implementation. A roadmap is provided to assist PL in the planning of activities related to initial and ongoing implementation of IT Asset Management within ServiceNow. A Service, Asset & Configuration Workshop was held at PL in Birmingham, Alabama during the week of December 16-17, 2015. ServiceNow representatives included ROLE ATTENDEE Engagement Manager DinoSammarco (SN) Process/Business Lead PhilipTishberg(Linium) Technical Consultant RoderickGodfrey(SN) The following PL representatives participated in the workshop. ROLE / O R G A N I Z A T I O N ATTENDEE RiskAnalysis Ron W. Business Service Level Costing/Allocation KenW. NetworkAnalysis –WorkflowAutomation Jeff B. NetworkAnalysis –WorkflowAutomation AjayB. QualityandProcessManagement Gerry I. SACMOwner ChrisB. Enterprise Architecture JeremyP. ServiceNow JonS./Eric R. ServiceNow &BillingManager KimP. Finance Laura T. Service Operations Steve M./DerekS. Facilities,DataCenter Rich U./SamP. Enterprise Messaging Joe S. This document assumes that the Asset Management Workshop has been completed and that one or more of the Asset Management applications have been, or will be, activated. The applications are as follows: Asset Management, Software Asset Management, and Contract
IT Asset Management SACM Process Guide v1.3 Page 12 of 120 Management. PL also plans to test the Procurement module in parallel with use of their current procurement system for feasibility and use with the other components mentioned. 2.1 Scope The attendees shared at the beginning of the workshop some of the goals that they personally wanted to get out of the workshop and the future use for SACM in SN. In no particular order as above the following are the goals mentioned individually and collectively shown: • Implementation project roadmap and scope • Maturing current asset processes • Hardware life cycle refresh • Impact of changes on configuration items, cascading up to business services • Data Analytics/BSM/BI/ITSM –Workflow automation • Vendor Management, Contract Management, Risk Analysis, Coordination with Business Team • Desktop procurement • Inventory of server assets, physical, virtual, non-discoverable items • Single Source of record for IT assets • Leverage CMDB for monitoring • Life cycle management. Ability to coordinate Application owners for schedules & maintenance window notifications • Lifecycle of desktop hardware • Maintenance renewals on hardware/software/license purchases • Making asset tracking, software compliance, and allocations simpler • Impact of changes throughout the ecosystem. Mapping assets all the way through business process/service • Workflow automation. How do we leverage the tools we have to become more efficient? • Business service level costing and allocation: “how much does it cost us to run Application X?” • Risk Analysis, Coordination with Business Team 2.2 Process Description The enclosed process models are compliant with the concepts depicted in the ITIL framework. Additional elements related to industry best practices are offered in a manner to facilitate best-in-class performance related to IT Asset Management. ITAM is the process responsible for tracking accurate and complete financial, contractual, and operational information about hardware and software assets. Asset Management is not Configuration Management.
IT Asset Management SACM Process Guide v1.3 Page 13 of 120 Asset Management is one of the lifecycle processes in ITIL and is one of the foundations of IT Service Management. 2.3 Process Goal IT Asset Management (ITAM) is a core business discipline that integrates financial, contractual and inventory processes, controls and technologies, enabling strategic decision making for the IT environment. ITAM business practices have a common set of goals:  Uncover savings through process improvement and support for strategic decision making  Establish governance and control processes over hardware and software asset inventory  Reduce total cost of ownership (TCO) through transparency in all costs associated to assets and how it supports critical business services related to budgeting, allocation, accounting, and service valuation  Increase accountability to ensure compliance  Enhance performance of assets and life-cycle management  Reduce impacts to assets caused by changes 2.4 Process Objectives Configuration Management: Focuses on operational usage and logical relations
IT Asset Management SACM Process Guide v1.3 Page 14 of 120 ITAM Process objectives describe material outcomes that are produced or achieved by the process. The following is a list of objectives for this process:  Challenge the Status Quo  Identify data needs  Identify opportunities for automation  How to build a Roadmap for proceeding further is tabled but outlined until further discussion around requirements occurs. 2.5 Best Practice Relationship with other processes This is a graphic depicting not only ITIL best practice, but a clear functional map for Service Now workflows and the design that those tasks enable the tool to leverage for the processes. 2.6 Best Practice Asset Management Process RelationDescription Input Output Service Request/ The IT AssetRepositorycontainsdetailsof the infrastructure vital to efficientincidentclassification,initialsupport, X
IT Asset Management SACM Process Guide v1.3 Page 15 of 120 Process RelationDescription Input Output Incident Management investigationanddiagnosis. WhenAssetrecordsare identifiedasinaccurate,incident recordsare createdand assignedto Assetmanagementfor correction. X Change Management The CMDB provideschange managementwiththe necessary informationforthe assessmentof the riskandimpactof proposedchanges. X New,modifiedordisposedassets. Change management ensuresthatthe informationrelatedtoassetsisupdated properlyfollowing the implementationof achange. X
IT Asset Management SACM Process Guide v1.3 Page 16 of 120 3 PROCESS ROLES Each role is assigned to perform specific tasks within the process. Within a specific process, there can be more than one individual associated with a specific role. Additionally, a single individual can assume more than one role within the process although typically not at the same time. Depending on the structure and maturity of a process, all roles described may not exist in every organization. The following describes the typical roles defined for service asset management, and the identified personnel that will be undertaking that role: Role Description Designee Process Owner A SeniorManagerwiththe abilityandauthoritytoensure the processis rolledoutandusedby the entire ITorganization. Responsible andAccountable for:  Definingthe overallmissionof the process  Sponsorship,design,andcontinual improvementof the process and itsmetrics  Establishingandcommunicatingthe processmission,goals,and objectivestoall stakeholders  Ensuringconsistentexecutionof the processacrossthe organization  Reportingonthe effectivenessof the processtosenior management  Initiatinganyprocessimprovements  Resolvinganycross-functional(departmental)issues ChrisB. Asset Manager Responsible for:  Managing the dayto day activitiesof the process  Maintainingdatacontinuitywithinthe IT AssetRepository, includingAsset Models  Trackingand governingcompliance of the processwithintheir team  Gatheringandreportingonprocessmetrics  Escalatinganyissueswiththe processtothe ProcessOwner KimP/Laura T./Jeff B./JeremyP. Asset Analyst Responsible for:  Assetsdefinedwithinthe scope of theirarea  Recordingandmaintainingassetswithinthe Repository  Monitoringthe repositoryforaccuracy& consistency  Analyzingdataandcreatingreports  Assistingthe AssetManagerwithauditsandreportgeneration  Collectingandretainingassetdataforriskand cost assessment Gerry I/Rich E./AjayB.
IT Asset Management SACM Process Guide v1.3 Page 17 of 120 Asset Owner Responsible for:  Supporting,maintaining,controllingandupdatingof aspecific assetor assets  All activitiesthatdirectlyaffectthe actual assetorassets  CollaboratingwithProcessOwneronprocess changes/continualimprovement Laura T. / ChrisB. Stakeholder  All personswhohave aninterestinthe informationcontained inthe CMDB. Stakeholdersmayinclude employees,customers, partners,CIowners,andothers Can be anyone
IT Asset Management SACM Process Guide v1.3 Page 18 of 120 3.1 Best Practice RACI Matrix An example of aRACIisnotedbelow. The Rolesandresponsibilitiesare assigned tospecificprocessactivities. ID Activities ProcessOwner AssetManager AssetAnalyst AssetOwner ProcessPlanning and Request Produce assetmanagementplan A R I C Define what'sinscope (models...etc.) R C I A Determine selectionguidelines R C I A Performaudit I A R C Baseline CMDB I A/R R C Procurement Manage vendors I A/R R I Add/Remove newvendors I A/R R I Add/Remove newmodels I A/R R I Evaluate appropriate attributes I A/R R I Stockroom/Receiving Receive newasset A R I Proof of Entitlement A R I Inputassettag onto new hardware A R I Create assetsinthe CMDB A R I Validate assetattributes A R I Assignappropriate statusinCMDB A R I Validate financialsonassetrecord A R I Deploy/Financials Activate licenses,contracts and/orentitlements A R I Validate assetattributes(location,financials…etc.) A R I Validate assetstatus A R I Assignassetstousers A R I Update the CMDB A R I Manage/Move,Add, Change (MAC) Ensure approvedchange request A R I ModifyassetattributesinCMDB A R I Planand organize routine maintenance A R C Execute assetaudits A R C Determine correctiveaction A R C Initiate corrective action A R I Execute corrective action A R I Track asset history A R I Transferassetsto new locations/stockrooms A R I
IT Asset Management SACM Process Guide v1.3 Page 19 of 120 Retire/Dispose Retire ordispose asset A R C Update assetto disposed/retire inCMDB A R C Harvest/Reclaimsoftware entitlements A R I Generate disposal report A R I R: Responsible,A:Accountable,C:Consulted,I:Informed A spreadsheetisprovidedforyourongoinguse/modification: 3.2 PL Process Roles It isexpectedthat PLwill confirmthe personnelnamesforeach ProcessRole priortoimplementationphase.
IT Asset Management SACM Process Guide v1.3 Page 20 of 120 4 ASSET MANAGEMENT LIFECYCLE PROCESS OVERVIEW Section 4 contains Best Practices found within the industry. Section 4.5 includes practices related to PL gathered during the workshop. 4.1 Best Practices – Asset Management Lifecycle Process Overview ID Activity Phase Description 1 Request Where the requestforan assetis initiated 2 Buy/Build/Stock Where the Buy / Build/Stock decisionisperformed 3 Acquisition Where acquisitionactivitiesare performed 4 Receive Where the receive activitiesare performed 5 Deploy Where the deployactivitiesare performed 6 Move/Add/Change Where move /add / change activitiesare performed 7 Validation Where data validationactivitiesare performed 8 Harvest Where harvestactivitiesare performed 9 Decommission Where the decommissionactivitiesare performed 10 Disposition Where the dispositionactivitiesare performed Tools These identifythe variouscategoriesof toolsinvolvementinAsset Managementprocesses. Theyinclude:  Policies&ProcessDocumentation  StandardsLists  RequestSystem(s)  Purchase System(s)  Financial System(s)  AssetManagementSystem(s)  Software DeploymentSystem(s)  DiscoverySystem(s)  Contract ManagementSystem(s) Each of these activity phases are further detailed below: 4.2 Best Practices – Asset Management Lifecycle Process Overview (phases 1-4)
IT Asset Management SACM Process Guide v1.3 Page 21 of 120 1 - RequestPhase  Where the asset requeststarts and it includesapprovals Triggers include:  Userneedsa Software or Hardware asset  SupplyPoint inventoryreorder ID Activity Task Description 1.1 RequestNewAsset Thistask initiatesthe requestforthe asset 1.2 Approve AssetRequest Thistask iswhere the assetrequestis approvedordisapproved. - if requestisdisapproved,Requestorisnotified 1.3 Approve Architecture Thistask iswhere the approvedassetrequestisreviewedforArchitectural approval. - if requestisdisapproved,Requestorisnotified Tools/Data for activity include:  Policies& ProcessDocumentation – to support the activities  RequestSystems– to support Requestinputs, approvals and workflow  Standards List – to provide organizational standards information 2 - Buy / Build/ Stock Phase  Where the Buy / Build / Stock decisionisperformed Triggers include:  An approved AssetRequest
IT Asset Management SACM Process Guide v1.3 Page 22 of 120 ID Activity Task Description 2.1 DeterminingSourcing Thistask determinedhow tofulfill the AssetRequest–choicesinclude: Buy or BuildorStock 2.2 AssetinStock? Thistask iswhere the determinationif requestedassetisinstock. - if Yes,proceedto task2.3 - if No,thenproceedtotask 3.1 2.3 Secure fromstock / inventory Thistask iswhere the requestedassetiscollectedfromstock/inventory 2.4 Update AssetRepository Thistask iswhere the assetrepositoryisupdated - thistask connectstoPhase 5 Tools/Data for activity include:  Policies& ProcessDocumentation – to support the activities  RequestSystems– to support Requestinputs, approvals and workflow  Standards List – to provide organizational standards information  AssetManagement System(s) – to support inventoryinformation 3 - AcquisitionPhase  Where acquisitionactivitiesare performed Triggers include:  An AcquisitionRequest ID Activity Task Description 3.1 Create AcquisitionOrder Thistask determinedhow tofulfill the requestforthe asset – choices include:BuyorBuildor Stock 3.2 Approve Acquisition Order Thistask iswhere the determinationof whetherthe assetistobe ordered. - if assetisto be ordered,thenproceedtotask3.1 - if assetisto come fromstock/inventory,proceedtotask2.3 Tools/Data for activity include:  Policies& ProcessDocumentation – to support the activities  RequestSystems– to support Requestinputs, approvals and workflow  Standards List – to provide organizational standards information  AcquisitionSystem(s) – to support the acquisitionprocess(creation and approvals) 4 - Receive Phase  Where receive activitiesare performed Triggers include:  Assetarrives (hardware or software) ID Activity Task Description 4.1 Receive Asset Thistask iswhere the assetisreceivedintoAIG 4.2 Update AssetRepository Thistask iswhere the assetrepositoryisupdated 4.3 Approve Payment? Thistask iswhere the determinationif the receiptrequiresapayment approval to be completed - if Yes,the go to Task 4.4
IT Asset Management SACM Process Guide v1.3 Page 23 of 120 - if No,go to Phase 5 4.4 Approve Payment Thistask is where the paymentapproval activitiesisperformed - thistask connectstoPhase 5 Tools/Data for activity include:  Policies& ProcessDocumentation – to support the activities  RequestSystem(s) – to support Requestworkflow  AcquisitionSystem(s) – to support the acquisitionprocess(receiving)  Financial System(s) – to support FixedAsset,ifrequired
IT Asset Management SACM Process Guide v1.3 Page 24 of 120 4.3 Best Practices – Asset Management Lifecycle Process Overview (phases 5-7)
IT Asset Management SACM Process Guide v1.3 Page 25 of 120 5 - DeployPhase  Where the deployactivitiesare performed Triggers include:  Input from Phase 2 (assetin stock/inventory)  Input from Phase 4 (assetreceived) ID Activity Task Description 5.1 RequestDeploy Thistask iswhere the Requesttodeployanassetisreceived 5.2 PerformBuild/Configure AssetSteps Thistask iswhere the assetisbuilt/ configuredandreadiedfor deployment 5.3 PerformDeployAsset Steps Thistask iswhere the assetisactually deployed 5.4 Update AssetRepository Thistask iswhere the assetrepositoryisupdatedbasedonthe actions Tools/Data for activity include:  Policies& ProcessDocumentation – to support the activities  RequestSystems– to support Requestinputs, approvals and workflow  Standards List – to provide organizational standards informationAsset ManagementSystem(s) – to support inventoryinformation  Software DeploymentSystem(s) –to support the build/configure and deploymentactivities 6 – Move / Add / Change Phase  Where the Move/Add/Change activitiesare performed Triggers include:  MAC request(hardware or software) ID Activity Task Description 6.1 RequestMAC Thistask iswhere the MAC activityisrequested 6.2 Approval Required? Thistask iswhere the determinationif anyapprovalsare requiredforthe MAC activity - if Yes,thenproceedtotask 6.3 - if No,proceedto task6.4 6.3 Approve MACRequest Thistask iswhere the approval forMAC activityisapproved 6.4 PerformMAC Steps Thistask iswhere the actuallyMAC activitiesare performed 6.5 Update AssetRepository Thistask iswhere the assetrepositoryisupdatedbasedonthe actions Tools/Data for activity include:  Policies& ProcessDocumentation – to support the activities  RequestSystems– to support Requestinputs, approvals and workflow  Standards List – to provide organizational standards informationAsset ManagementSystem(s) – to support inventoryinformation  Software DeploymentSystem(s) –to support the build/configure and deploymentactivities
IT Asset Management SACM Process Guide v1.3 Page 26 of 120 7 – ValidationPhase  Where the validationactivitiesare performed Triggers include:  ValidationRequest  Audit Request– external  ReviewRequest– internal ID Activity Task Description 7.1 RequestValidation Thistask iswhere the Validationactivityisrequested 7.2 ApprovalsRequired? Thistask iswhere the determinationif anyapprovalsare requiredforthe Validationactivity - if Yes,thenproceedtotask 7.3 - if No,proceedto task7.4 7.3 Approve Validation Request Thistask iswhere the approval forValidationactivityisapproved 7.4 Review&Validate Asset Repository Thistask iswhere the AssetRepositorydataisreviewedandvalidated 7.5 PerformReconciliation Steps Thistask is where the reconciliation(entitlementstodeployments) activity isperformed 7.6 Document& Report Results Thistask iswhere the resultsof the reconciliationisdocumentedand reported Tools/Data for activity include:  Policies& ProcessDocumentation – to support the activities  RequestSystems– to support Requestinputs, approvals and workflow  Standards List – to provide organizational standards informationAsset ManagementSystem(s) – to support inventoryinformation  Discovery System(s) – to support the inventoryactivities
IT Asset Management SACM Process Guide v1.3 Page 27 of 120 4.4 Best Practices – Asset Management Lifecycle Process Overview (phases 8-10) 8 – Harvest Phase  Where the asset harvesting/reclaimingisperformed Triggers include:  Harvest (MAC) Request ID Activity Task Description 8.1 RequestHarvest Thistask iswhere the Harvest(MAC) activityisrequested 8.2 Determine Harvest Candidates Thistask iswhere the determinationif whichassetsare candidatesfor harvest 8.3 Perform Harvest/ReclaimSteps Thistask iswhere the harvesting/reclaimingactivitiesare performed 8.4 Update AssetRepository Thistask iswhere the assetrepositoryisupdatedbasedonthe actions Tools/Data for activity include:  Policies& ProcessDocumentation – to support the activities  RequestSystems– to support Requestinputs, approvals and workflow  Standards List – to provide organizational standards information  AssetManagement System(s) – to support inventoryinformation  Discovery System(s) – to support the inventoryactivities  Software DeploymentSystem(s) –to support software harvesting
IT Asset Management SACM Process Guide v1.3 Page 28 of 120 9 – DecommissionPhase  Where assetdecommissionactivitiesare performed Triggers include:  Decommission(MAC) request ID Activity Task Description 9.1 RequestDecommission Thistask iswhere the Decommission(MAC) activityisrequested 9.2 Determine Decommission Candidates Thistask iswhere the determinationwhichassetsare candidatesfor decommissioning 9.3 Approval Required? Thistask isto determine if approvalsare requiredforDecommission activities 9.4 Approval Decommission Thistask iswhere the decommissioningof assetsisperformed 9.5 PerformDecommission Steps Thistask iswhere the decommissioningactivitiesare performed 9.6 Update AssetRepository Thistask iswhere the assetrepositoryisupdatedbasedonthe actions Tools/Data for activity include:  Policies& ProcessDocumentation – to support the activities  RequestSystems– to support Requestinputs, approvals and workflow  Standards List – to provide organizational standards information  AssetManagement System(s) – to support inventoryinformation  Discovery System(s) – to support the inventoryactivities  Software DeploymentSystem(s) –to support software harvesting 10 – DispositionPhase  Where dispositionactivitiesare performed Triggers include:  Disposal (MAC) request ID Activity Task Description 10.1 RequestDisposal Thistask iswhere the Disposition(MAC) activityisrequested 10.2 Determine Disposition Candidates Thistask iswhere the determinationif whichassetsare candidatesfor disposition 10.3 FixedAsset? Thistask isto determinationif the assetis partof FixedAssets? - if Yes,proceedto task10.4 - if No,proceedto task 10.5 10.4 Approve FixedAsset Disposition Thistask iswhere the dispositionof aFixedAssetisapproved. 10.5 PerformDisposal Steps Thistask iswhere the disposition activitiesare performed 10.6 Update AssetRepository Thistask iswhere the assetrepositoryisupdatedbasedonthe action 10.7 File Disposition Documentation Thistask iswhere the DispositionDocumentationgetfiled –includingthe certificationof destruction Tools/Data for activity include:  Policies& ProcessDocumentation – to support the activities  RequestSystems– to support Requestinputs, approvals and workflow  Standards List – to provide organizational standards informationAsset ManagementSystem(s) – to support inventoryinformation  Discovery System(s) – to support the inventoryactivities  Software DeploymentSystem(s) –to support software harvesting  Financial System(s) – to support FixedAssets
IT Asset Management SACM Process Guide v1.3 Page 29 of 120 4.5 PL – Asset Management Lifecycle Processes / Business Use Cases Use Case #1: As the Financial Operations,ServerAdmin,andDesktopAdminteams,Iwanttohave and produce accurate data forannual software vendorcontracttrue-ups,sothe organizationremainsin compliance witheachvendor. Use Case #2: As a systemadministratorandFinancial Operations teammember, Iwantconfirmationthat systemchangesdon’tadverselyimpactexisting license compliance withanyvendor,sothe organization remainsincompliance witheachvendor. Use Case #3: As an Infrastructure orApplicationsteammember,Iwanttosee the relationshipsbetween configurationitems,sothe organizationcanassessthe riskandimpactof any eventorchange upstreamand downstreamthroughtechnologyplatforms. Use Case #4: As a Financial Operationsteammember,Iwanttobe able to allocate the cost of technology servicestobusinessorganizationssoIcan assess andreportthe true cost of ownershipof aservice/sub- service. Use Case #5: As a Businessmanager,Iwantto see the refreshscheduleforthe hardware assignedtoeachof my directreports,soI can planmy resourcesaroundthe change. Use Case #6: As an Infrastructure Adminmanager,Iwanttoreport onend-of-life datesforall relevant hardware componentsthatmyteammanages,so I can plan,disposition,warrant,andrefreshthe hardware on an appropriate schedule. Use Case #7: As an Infrastructure Admin teammember,Iwantto see the detailsof eachextendedwarranty contract so I can assessthe accuracy of the numberof devicesonthe extendedwarrantyinvoices. (Note:Duringthe implementation,we’ll initiallyfocusonreconcilingHPinvoices,but the processshouldbe the same for all vendors) Use Case #8: As an Infrastructure Adminmanager,Iwanttoproduce a monthlymetricsreportwithdata relevanttothe CIOreport,so I can easilyproduce mycomponentof thisreport. (Note:The initial implementationtoinclude onlythe metricsforthe CIOreport) Use Case #9: As a Serveradmin,Iwant to see the relationshipbetweenserversandthe monitoringsystem, so I can confirmwhichserversare beingmonitored. Use Case #10: Asa Financial Operations teammember,Iwanta drillable reportonthe contracts with upcomingcontract renewal dates, andbe notifiedonce percontract,soI can proactivelyact & renewthe contracts where needed. Use Case #11: Asan Infrastructure admin,Iwantto see the locationandownerfor eachasset,so I can manage any operational activitiesrequiredforthatasset. Use Case #12: Asan Infrastructure admin,Iwantto see an exceptionreportlistingall unknownand unidentifiedassets,soIcan investigate eachtodetermineitsdetailsanduse. Use Case #13: Asan Infrastructure admin,Iwantto define aprocessto investigate andreconcileeach unknownandunidentifiedasset,soIam clear onhow to disposition eachasset(i.e., coveranylicensing impactsfromthe assetchange). Use Case #14: Asa LoadingDock user,I want to receive anddispose assetsviabarcode scannersoI can quicklyinputthe dataintothe systemandcontrol these processesappropriately. Use Case #15: Asan Infrastructure orFinancial Operationsuser,Iwanttodefine aprocessformanaging assetsthroughtheirlifecycle,soassetscanbe accountedforat all times.
IT Asset Management SACM Process Guide v1.3 Page 30 of 120 5 ASSET MANAGEMENT PROCESS GUIDE ServiceNow has assembled the following review of IT Asset Management related processes as part of the ServiceNow Asset Management methodology and process integration overview. The Process Guide is based on the full lifecycle management of IT assets. This lifecycle is identified within 6 Asset Towers: Governance, Fulfillment, Auditing, Active Asset Management, Disposition, and IT Financial Management. Below is a diagram that depicts the asset management towers and their associated components. Various topics are contained within each Asset tower; these topics create the individual tower. For example, the Governance Tower contains topics related to Policy Management, Education & Training, Reporting, and Security. The procedures that shape an organization’s IT Asset Management capability are identified within each topic and are referred to as “Components.” The Process Guide will focus on these Topics and Components as they are organized by Asset Tower. Each Topic is defined with additional details related to onsite observations and related ServiceNow technology. Where available a readiness assessment is provided based on ServiceNow implementation (ISO Tiered Implementation) recommendations. The primary objectives of the Process Guide are to rationalize and reduce IT costs, reallocate underutilized IT resources, and streamline IT business processes. ServiceNow completed an onsite Asset Workshop to validate PL’s strategic goals, processes, workflows, and organizational capabilities. Using the workshop information an analysis is completed Governance Policy Management Processes Education & Training Reporting Security Fulfillment Purchasing Receiving Contract Management Lease/Warranties Maintenance Vendor Management Auditing Scanning / Discovery Inventory Management Data Delta Management Internal / External Auditing Compliance ActiveAsset Management IMAC (Install Move Add Change) Break Fix Model Management Usage Management Asset Optimization Disposition Harvest / Cascade End of Life / Disposal Regulatory Management Data Security Validation IT Financial Management Total Cost of Ownership Business Service Costing Budgeting / Forecasting Depreciation Cost Allocation / Chargeback
IT Asset Management SACM Process Guide v1.3 Page 31 of 120 to determine the Infrastructure design, technology configuration; data capture, and process requirements to help maintain the asset lifecycle. This information captured here in the ITAM Process Guide has the following goals:  Help technicians become more effective and efficient by giving them accurate, complete IT asset management information  Help manage procurement, and budgeting more effectively  Proactively manage compliance efforts  Maximize the use of IT resources by identifying and redeploying underutilized assets  Help to control IT costs and more accurately plan for future IT needs 5.1 Governance The Governance Tower within the ServiceNow Asset Lifecycle Management methodology accounts for the impact IT Asset Management has on the business. Organizations make decisions, allocate resources/returns, execute responsibilities and undertake risk management, whether financial or otherwise, with an objective of protecting and promoting the interest of the shareholders, management, board of directors and the employees. An effective IT Asset Lifecycle management program executes on these objectives with technology that supports the transparent and efficient use of information. The following Topics are critical to the success of an effective ITAM Governance effort and foundational to both short and long-term success. The ServiceNow Governance Tower is broken into 5 Topics: Policy Management, Processes, Education & Training, Reporting, and Security. Below are details of each topic area as discovered during onsite efforts with ServiceNow. 5.1.1 Policy Management Definition: Policy Management as it relates to IT Asset Lifecycle is the foundation and first step in efforts of performing IT Asset Management. A Use Policy should include language that clearly identifies responsibilities, personal use of company assets, unauthorized hardware/software, optimization, retirement, and internal control rights. Effective policy language includes identification of responsibilities, and approval requirements. Internal personnel should be able to reference the asset request fulfillment and life-cycle management policies and all other Asset Management developed policies at their convenience. After an acceptable policy is created it should function for several months before revisiting the process to determine whether or not the policy is working. Establish a process by which the review continues over time. The first review should be conducted four months after initial implementation. If the policy requires adjustment, do so, and then re-evaluate again in six months after the adjustment. If the policy or procedure does not require adjustment, permit it to operate for six to twelve months, and then conduct the second review. Revisit and update policies (if necessary) as necessary.
IT Asset Management SACM Process Guide v1.3 Page 32 of 120 The following steps provided by the International Association of IT Asset Managers (IAITAM) support the development of polices that are relevant, enforceable and understandable. Educate Establish that there is a general issue that affects everyone, though it can affect some employees more directly than others. Do some research and include information on how the issue impacts all the employees’ day-to-day job functions. Next, explain why the issue is important and how establishing a policy is a prudent step to decrease unnecessary exposure in the workplace. Relating this background information helps employees who are not directly involved understand the issue better. Develop The next step is to create a functional, practical and useful policy. Open dialog between opposing viewpoints should be encouraged. A committee should be formed to discuss any issues and develop the appropriate policy for the organization. Policies from industry leaders can be used as a template and altered to fit the organizations particular need. Implement Once a need is determined for a particular policy and it has been developed, the next step is implementation. Rollout of the policy requires transition time. There will be some adjustment for employees, which is why it is very important that employees understand the reasons/need for the particular policy. Evaluate Once implemented, policies should always be reviewed periodically to monitor their effectiveness and relevance. Having a policy in place without follow up is not sufficient. Policies will always need fine-tuning. Have in place a procedure for periodic review. Create a Policy Review Board/Team. ServiceNow Support: The ServiceNow platform can support policies by providing transparency into the effectiveness of said policies and reporting on discrepancies related to internal service level agreements. 5.1.1.1 Observations: A policy has been drafted internally at PL and is considered work in process. 5.1.1.2 Recommendations: Continue work on the policy, incorporating the recommendations above and the information referenced in the “Educate”, “Develop”, “Implement”, “Evaluate” framework defined above. 5.1.2 Processes Definition: IT Asset Management business practices are process-driven and matured through iterative and focused improvements. Most successful IT Asset Management programs are integrated throughout the organization, involving everyone at some level, such as end users (educating on compliance), budget managers (redeployment as a choice), IT service departments (providing information on warranties), and finance (invoice reconciliation, updates for fixed asset inventories). The Gartner Group identifies a successful IT Asset Management program as 80% Process and 20% Technology. The best technology will fail without successful process.
IT Asset Management SACM Process Guide v1.3 Page 33 of 120 An effective IT Asset Management process includes all stakeholders in their definition while the supporting technology utilizes automation where available to support the goals of the said process. Manual procedures lead to breakdown in the effectiveness of efforts and the trustworthiness of related data. IT Asset Management related processes should include all efforts of lifecycle management for all in- scope assets. Such lifecycle management efforts include the following:  Product Model Management  Request Management  Procurement  Contract Management  Inventory Management  Deployment Management  Compliance Management  Disposal Management  Financial Management Each process should identify related roles and have regular reviews (minimum review annually). These processes should have a centralized repository that supports global training and the knowledge of said processes. Additionally, the format of these processes should be consistent throughout the organization and follow as closely as possible the PMCI standard. ServiceNow Support: The ServiceNow platform provides for the management of any type of asset and includes modules for the support of all lifecycle efforts from Product Model Management through Disposal Management. 5.1.2.1 Observations: A maturity assessment has been completed and – came in at “repeatable”. Processes are not generally written down, but more driven by institutional knowledge. Target process maturity for all processes is agreed to be a 3: written down, trainable, repeatable. Protective wants to bring data sources into ServiceNow. 5.1.2.2 Recommendations: Create a steering/governance committee to drive standards for how ITAM is performed. Establish an IT Asset Center of Excellence (COE) Team with responsibilities for overseeing the management of the IT Asset Lifecycle Processes throughout PL as well as across the entire organization. Additional activities would include, but not limited to, those associated with Software Asset Management (SAM), Financial Management (ITFM), Infrastructure Management, and PC Management.
IT Asset Management SACM Process Guide v1.3 Page 34 of 120 a. The COE should oversee global training of said processes in a manner that provides consistency of process throughout the organization. b. Create KPI’s that support the use of said processes. c. Identify key metrics that identifies the continued value of said processes d. The COE should have the responsibility to validate localized/distributed efforts to ensure activities conform to established policies and processes. e. Utilize the best practice processes provided in this document (Section 4) as a framework for the creation of a full Asset Lifecycle Management process within PL. f. Utilize the Roles & Responsibilities with related Activities found in the RACI provided in this document (Section 3). g. Establish a central Asset Management Team that reports to the COE and tasked with performing the activities outlined by the COE as part of the RACI (Section 3). This team should consist of a minimum of 4 FTEs for an organization the size and maturity of PL. Empower the COE to establish a global process for IT hardware and software asset management. a. Enable the ability to localize the global IT hardware and software asset processes by creating and documenting local procedures based on the global processes. These processes and procedures should support the business unit needs but they should also be shared with all BU’s and the COE so all areas can benefit standardized processes. b. The COE should have the responsibility to validate localized efforts to ensure activities conform to established policies and processes. Identify a centralized location or focal point where these ITAM processes and localizations are maintained and accessible to the organization. Communicate/publish this location to the organization. a. A Best Practice is to have an internal ITAM website where their processes are identified and links to them are available to individuals within the organization. Center of Excellence ITAM Team Infrastructure Management PC/Laptop Management Software Asset Management Finance Security Support Vendors
IT Asset Management SACM Process Guide v1.3 Page 35 of 120 Review the established processes and update/revise them to take the integration of ServiceNow into account. Empower the various business units to modify these processes to take into account specific requirements they may have, but make sure they are documented and controlled. Communicating and making these Software Asset Management processes readily available is a must have in order to have all within PL be aware they need to be followed. 5.1.3 Education & Training Definition: An effective asset management environment includes an understanding of the risk and value associated with the management of IT assets. This understanding must be communicated openly and effectively to all levels of the organization. Such effort begins with executive support and permeates the entire staff. A best practice occurs when staff at all levels is informed, understood and proactive in the optimization of IT assets. ServiceNow Support: The ServiceNow organization provides training resources for topics including System Administration, Asset Management, Configuration Management, and more. Publicly available Wiki and Community websites provide documentation and peer support. Regional in-person gatherings of user groups called SNUGs (ServiceNow User Groups) occur on a regular basis with the goal of knowledge transfer. Additionally, the ServiceNow Knowledge annual meeting of ServiceNow users and engineers provides resources for training and knowledge transfer. Within the ServiceNow platform there are multiple capabilities to manage and associate knowledge to activities and assets. 5.1.3.1 Observations: This was the lowest score on the maturity assessment. Need to formalize training activities as part of the implementation of the Asset Management module, including training all levels of the IT organization (down to Techs) as to the work they’ll do in the system. 5.1.3.2 Recommendations: Formalize and document the processes before starting to build training plans. 5.1.4 Reporting Definition: Effective Asset Management technology consists of value based reporting through filtered lists and dashboards. Asset reporting requirements drive the data discovery and retention requirements of IT Asset Management. Understanding the needs of stakeholders helps in developing the critical data elements of an IT Asset Repository.
IT Asset Management SACM Process Guide v1.3 Page 36 of 120 Often the data found in an IT Asset Repository is based on “what can be done” rather than “what should be done”. Reporting requirements from stakeholders identify “what should be done” within an effective IT Asset Management repository. That said reporting requirements become a critical aspect of IT Asset technology implementation and ongoing evaluation. As stated in the Process definition above, “Most successful IT Asset Management programs are integrated throughout the organization, involving everyone at some level integration with stakeholders.” It is imperative that reporting needs of all stakeholders are identified and understood both in the creation and sustainability of the IT Asset Lifecycle ServiceNow Support: The ServiceNow platform has the ability to present, filter, configure and export any list of assets and/or configuration items within the default display. In ServiceNow, a report can be a list, chart, or calendar-based view of data in a particular table. Use reports on homepages to display key information to different users. You can also publish reports to a URL that can be sent out through email. ServiceNow also offers a range of predefined reports that pertain to applications and features like incident management and service catalog requests. If none of these meet your needs, you can create your own reports at any time. Additional details can be found on the ServiceNow wiki at ServiceNow Creating Reports. 5.1.4.1 Observations: A considerable amount of manual reporting currently exists. 5.1.4.2 Recommendations: With the implementation of Asset Management in ServiceNow, the goal is to help automate these well-defined, but manual, reporting processes. 5.1.5 Security Definition: Security is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. IT Asset Management has the ability to support Security efforts due to effective processes and the mass amount of discovery data available. Access to ITAM data for subject matter experts (SME’s) is critical. Yet control of said access is just as critical. It is important to consider the controls to Asset and Configuration Item data in a manner that helps keep data fresh, accurate, and useful. Utilize automation to populate data where available thus eliminating manual data intervention. Additionally, ensure said data is editable by appropriate SME’s. It is not best practice to let Network Infrastructure SME’s create/edit Database CI’s. Thus an effective management of security through roles within the various data elements is critical to long-term data accuracy.
IT Asset Management SACM Process Guide v1.3 Page 37 of 120 ServiceNow Support: The ServiceNow platform fully supports ACLs in the managed of individual tables and table attributes. These ACL’s provide for the secure management of data. 5.1.5.1 Observations: Without specific action to prevent it, all of IT is going to see all information for all Assets. 5.1.5.2 Recommendations: Specific work will be required during the implementation project to define requirements by asset type and who has access to that data. One note: IT cannot see Networking assets, only Networking Team and Laura/Kim 5.2 Fulfillment The Fulfillment Tower within the ServiceNow Asset Lifecycle Management methodology accounts for the processes from request through delivery of IT Assets including Vendor Management. With a focus on the asset supply chain and the management of said supply chain an effective IT Asset Fulfillment program identifies the right asset for the right purpose within the organization while maintaining standards throughout vendor management. Ineffective supply-chain efforts lead to rogue asset activity that can increase organizations financial risks. 5.2.1 Procurement Definition: IT procurement is the series of activities and procedures necessary to acquire information technology (IT) products and services. IT procurement involves both strategic and administrative responsibilities. Day-to-day tasks may include conducting market research, negotiating pricing, establishing terms and conditions for services, resolving invoice discrepancies and communicating the status of purchases with internal customers. An IT procurement process, formal or informal, exists in every organization that acquires information technology. As users of information systems increasingly find themselves in roles as customers of multiple technology vendors, this IT procurement process assumes greater management significance. In addition to hardware, operating system software, and telecommunications equipment and services - information resources traditionally acquired in the marketplace - organizations now turn to outside providers for many components of their application systems, application development and integration, and a broad variety of systemmanagement services. ServiceNow Support: ServiceNow has specific capability to manage the asset procurement process including the following:  Request Management  Procurement  Financial Management
IT Asset Management SACM Process Guide v1.3 Page 38 of 120 5.2.1.1 Observations: Current state process is “we buy when the closet goes down” - what is bought is not tied into user provisioning today. 5.2.1.2 Recommendations: Develop a notice/trigger for incremental purchases based on when the inventory levels hit a set minimum. Create an organizational mandate prohibiting off-the-shelf purchasing. This provides for a process that is controlled and standard. 5.2.2 Receiving Definition: The legal responsibility of an asset often begins upon the receipt of said assets. In today’s business assets can be physical and/or digital making the receiving and documenting activities more complex. An efficient environment is able to receive new assets against a specific purchase and relate said asset to both the original purchase and the new asset record within the organizational repository. The old world of receiving assets at “the dock” is not lost but electronic and real-time requirements have complicated receiving activities. Planning for receiving – what will arrive and when it will arrive – is as critical as recording details. The recorded details must be accurate and without manual errors. ServiceNow Support: Within the ServiceNow Platform, Assets can be received and added to the system when they are delivered to a stockroom. Stockrooms are places where physical assets are received and assigned. When stock is low on a particular asset, stock rules can either notify an asset/procurement manager or automatically transfer inventory from one stockroom to another. Stockrooms are separate, standalone entities in the Asset Management application. ServiceNow can integrate with barcode scanners for efficient input of receiving efforts (data) eliminating the risk of manual errors. 5.2.2.1 Observations: Today, John counts all inbound product, which requires considerable manual back-and-forth conversations. 5.2.2.2 Recommendations: As part of the ServiceNow Asset Management implementation, many of the currently manual steps can be automated. It is also recommended that Protective develop and implement exception processes as part of the Asset Management implementation. Finally, the closer aligned that the
IT Asset Management SACM Process Guide v1.3 Page 39 of 120 receiving processes are between organizations/asset classes, the easier it will be to implement. Consider some business process redesign to that effect. 5.2.3 Contract Management Definition: A contract is a written or oral legally binding agreement between the parties identified in the agreement to fulfill the terms and conditions outlined in the agreement. A prerequisite requirement for the enforcement of a contract, amongst other things, is the condition that the parties to the contract accept the terms of the claimed contract. Historically, this was most commonly achieved through signature or performance, but in many jurisdictions - especially with the advance of electronic commerce - the forms of acceptance have expanded to include various forms of electronic signature. IT Contracts can be of many types, e.g. service contracts, software licenses, maintenance, warranties, lease, insurance, and more. Identifying and relating contracts to assets and configuration items allows for the simplification of efforts such as warranty management, lease management, and software license management. ServiceNow Support: Within the ServiceNow platform is the ability to manage Contracts. A contract is a binding agreement between two parties. Contracts contain detailed information such as contract number, start date, active status, terms and conditions, renewal information, and financial terms. Contract Management in ServiceNow is active by default. Contract Management integrates with Cost Management module within ServiceNow to associate contracts with costs and determine the total cost of ownership. 5.2.3.1 Observations: PL will focus contract management in ServiceNow on maintenance agreements, not for MSAs, etc. 5.2.3.2 Recommendations: Aim for simplicity – providing only the contract information needed within the IT organization. In this case, that means bringing in the information Financial Operations needs for maintenance agreements and the operational details IT users require. 5.2.4 Lease/Warranties Maintenance Definition: Lease and Warranty maintenance is based on contracts between two parties with defined term and conditions. In particular to lease management an organization can obtain access to technology assets with little upfront cost. Asset managers need to be able to track leased items and relate them to specific contracts with specific terms and conditions concerning the lease.
IT Asset Management SACM Process Guide v1.3 Page 40 of 120 Additionally, any dates needed related to the lease or warranty need to be tracked with associated contacts both internally and externally to the organization. Notifications are needed with regards to the associated dates. ServiceNow Support: The ServiceNow platform can manage the full lease/warranty contract lifecycle including dates and related asset/CIs. 5.2.4.1 Observations: John currently goes to the HP site to confirm whether a device is under warranty, and end-of-life status. 5.2.4.2 Recommendations: A device’s warranty and end-of-life status should be captured in ServiceNow, which is available out of the box. For several different classes/types of hardware, there is a nice to have request to screen scrape the vendor’s website to gather warranty end dates (SmartNet for Cisco, HP, etc). This can be considered as a custom integration as part of the implementation project, or as a phase 2 type request. 5.2.5 Vendor Management Definition: Vendor Management relates to the active and ongoing evaluation of the business relationship between a customer and all publishers, resellers, vendors and distributors detailed in a contract management repository. Vendor Selection, Vendor Performance Evaluation & Tracking, and Vendor Development are the widely recognized pillars of a successful Vendor Management Policy Effective Vendor Management enables organizations to optimally develop, manage and control vendor contracts, relationships and performance for the efficient delivery of contracted products and services. This can help clients meet business objectives, minimize potential business disruption, avoid deal and delivery failure, and ensure more-sustainable multi-sourcing, while driving the most value from their vendors. ServiceNow Support: The ServiceNow platform provides tools for defining and monitoring these vendor contracts. Additionally, if the vendor management team has negotiated underpinning contracts attached to service level agreements, these can be defined and automated using the Service Level Agreements (SLA) Plugin. Underpinning contracts define and monitors the guarantees. Within ServiceNow, these are fully integrated into the Service Level Management system. 5.2.5.1 Observations: As with the Contracts tower, the contractual relationships captured within ServiceNow will be focused only on maintenance agreements.
IT Asset Management SACM Process Guide v1.3 Page 41 of 120 5.2.5.2 Recommendations: IT Vendors should be maintained in ServiceNow so that relationships with assets and other objects in ServiceNow can contain the vendor information. 5.3 Auditing An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a software audit, internal audit, or other form of attestation engagement. IT Asset Management (ITAM) auditing allows for organizations to understand the “what” and “where” of IT Assets. A proactive effort with supported processes reduces the cost of 3rd party audits by as much as 700%. 5.3.1 Scanning and Discovery Definition: An inventory control system is a set of hardware and software based tools that automate the process of tracking inventory. The kinds of inventory tracked with an inventory control system can include almost any type of quantifiable technology good, including software, database instances, computers, networking equipment, and any other item that organizations may purchase and utilize. Modern inventory control systems are almost exclusively based on barcode technology for scanning and agent/agentless software for network-enabled discovery. Though barcodes were initially developed to automate the process of grocery store checkout, their ability to encode a wide variety of alphabetic and numeric symbols makes them ideal for encoding technology assets. Inventory control systems work in real-time using wired and/or wireless technology to transmit information to a central computer systemthat serves as a discovered repository. Though agent-based solutions are often considered “Discovery” tools, the fact is these solutions can only inventory known machines for which the agent is installed. By definition, discovery occurs from outside a known environment. The fact that an agent-based solution does not “discover” a new asset outside of its installation eliminates it as discovery tool. The value of agent-based solutions is in the recording of data such as usage information unavailable to agent-less solutions. Additionally, the use of the ISO/IEC 19770-21 Software Identification (SWID) Tag can be utilized in the discovery process, and some major vendors are already using them within their software applications. These SWID Tags are XML files that contain details related to the specific software application that is installed. Other areas where these SWID tags are beneficial include:  Platform Stability - Determining the variety of software installed within the environment, including the number of versions of particular software, is particularly important if your 1 See Appendix C for more regardingISO/IEC 19770-2 software assettagging
IT Asset Management SACM Process Guide v1.3 Page 42 of 120 organization is required to test new critical applications against all known applications within the environment. Interoperability and sociability testing answers questions such as: Do multiple VPN clients cause any issues? Do multiple versions of Internet Explorer cause issues? Are there rogue installs of an application happening?  Security Decision-Making Based On Risk Assessment - Accurate software inventory enables you to determine if there is software with known security risks installed within your environment. It answers questions such as: Do all Windows XP installations have all the critical patches installed? Are there unauthorized (or unwanted) software applications such as peer-to- peer file sharing or hacking tools installed anywhere on the network? Armed with accurate information, you can make better decisions, and ensure that your security policies are enforced.  Disaster Recovery/Business Continuity Planning and Operations - An accurate software inventory allows you to determine the locations of business-critical software installations. In turn you can ensure their data is being fully backed up, and ensure that both the software and the data are available in a disaster situation or crisis. ServiceNow Support: The ServiceNow Discovery application finds computers and other devices connected to an enterprise's network. When Discovery finds a computer or device, it explores the device's configuration, provisioning, and current status and updates the CMDB accordingly. On computer systems, Discovery also identifies the software that is running and any TCP connections between computer systems. Discovery creates all the relationships between computer systems (such as an application on one server that uses a database on another server). ServiceNow can integrate with barcode scanners for efficient input of receiving efforts (data) eliminating the risk of manual errors. ServiceNow supports the ISO/EIC 19770 Software Asset Management standards including the discovery and retention of the ISO xml file details. 5.3.1.1 Observations: No process for defining unknown and unidentified assets currently exists. Switches/routers will likely be manually discovered even after the implementation project; Rich’s spreadsheet will be used to upload these devices. 5.3.1.2 Recommendations: Consider implementing integration to SCCM and vCenter for more streamlined discovery processes. 5.3.2 Inventory Management Definition: Inventory Management is a systemfor tracking IT inventory levels, orders, and deliveries. Companies often use inventory management software to reduce their carrying costs. The software is used to track products and parts as they are transported from a vendor to a warehouse, between
IT Asset Management SACM Process Guide v1.3 Page 43 of 120 warehouses, and finally to a retail location or directly to a customer. Inventory management software is used for a variety of purposes, including:  Maintaining a balance between too much and too little inventory.  Tracking inventory as it is transported between locations.  Receiving items into a warehouse or other location.  Picking, packing and shipping items from a warehouse.  Keeping track of product sales and inventory levels. ServiceNow Support: Within the ServiceNow Platform, Assets can be received and added to the system when they are delivered to a stockroom. Stockrooms are places where physical assets are received and assigned. When stock is low on a particular asset, stock rules can either notify an asset/procurement manager or automatically transfer inventory from one stockroom to another. Stockrooms are separate, standalone entities in the Asset Management application. 5.3.2.1 Observations: Life cycle management for physical assets is not a clean process and different across different asset classes. 5.3.2.2 Recommendations: Standardize life cycle management processes prior to the ServiceNow implementation (or, agree to a standardized model during ServiceNow Requirements/Discovery Workshops) so that a single process can be implemented with the Asset Management Go-Live. 5.3.3 Data Delta Management Definition: Data Delta Management, or Data Validation, is an Asset Management activity out of necessity vs. choice. Many organizations spend up to 75% of IT Asset FTE effort on validating the accuracy of IT Asset data. Organizations need a process and supporting technology that can increase data accuracy while reducing the manual effort of data validation. Said validation should focus on critical non- discoverable elements of an asset record such as Owner/User, Location, Status, and etc. ServiceNow Support: The Data Certification plugin within ServiceNow manages scheduled or on- demand validations of CMDB data. Information is added to the CMDB by Discovery, by importing from third-party tools, or manually. For regulatory or procedural reasons, information in the CMDB needs to be checked for accuracy and certified. The person or team responsible for certification can define what information should be verified and the verification schedule. The schedule then generates a checklist for verifying the data. Individuals assigned to certification tasks answer a series of questions to verify the data.
IT Asset Management SACM Process Guide v1.3 Page 44 of 120 Data certification can be performed against specific fields on specific tables. Based on the certification schedule, certification tasks are automatically created and assigned. For example, a certification can be set up to validate key information fields (such as Operating System and CPU count) on all Windows servers located in Chicago and automatically be assigned to the appropriate team member. 5.3.3.1 Observations: BDNA data validation is being considered as an option to normalize asset data. 5.3.3.2 Recommendations: Define rules for each asset state to assess whether assets in that state need to be discovered. Define a process to disposition unknown and unidentified assets. 5.3.4 Internal / External Auditing Definition: An IT Asset audit is a comprehensive review of an organization’s adherence to regulatory or contractual guidelines. What, precisely, is examined in an IT Asset audit will vary depending upon whether an organization is a public or private company, what kind of data it handles and if it transmits or stores sensitive financial data. For instance, SOX requirements mean that assets must be cataloged. Healthcare providers that store or transmit e-health records, like personal health information, are subject to HIPPA requirements. Companies that transmit credit card data are subject to PCI requirements. In each case, the organization must be able to demonstrate compliance by producing an audit trail. GRC (governance, risk management, and compliance) enables CIOs to quickly show auditors that the organization is in compliance and will not be subject to costly fines or sanctions. ServiceNow Support: The ServiceNow Platform can provide the needed audit details from supporting manual or automated sources. 5.3.4.1 Observations: An SOP appears to be in place now, but based on manual processes. 5.3.4.2 Recommendations: Once ServiceNow Asset Management has gone live, use ServiceNow as the base data source to begin to automate the existing processes. 5.3.5 Compliance Definition: Software Asset Management (SAM) is the business practice of using people, processes, and technology to systematically track, evaluate, and manage software licenses and software usage. A strong SAM program can help an organization:  Reduce costs: reduce the amount of money your organization spends on software.  Improve compliance: be audit ready with your most used vendors.  Control inventory: identify what you own and maintain an accurate database.  Remove unused software: delete old and unused versions of software.
IT Asset Management SACM Process Guide v1.3 Page 45 of 120  Simplify software requests: develop a process for employees to request software.  Reduce vendor list: logically reduce and consolidate the number of software vendors used.  Identify needs: create an accurate list of the software your organization requires. ServiceNow Support: Software Asset Management is a full-featured application for tracking and controlling software licenses. Features include:  Overview page showing key compliance information in graphs.  A variety of license types for software models.  Ability to manage software suites.  Ability to manage upgrade and downgrade software licenses.  Ability to manage unallocated/unused software licenses.  Software counters for reconciliation.  Software discovery models for normalization.  Software License Entitlement2 feature to assign a license to a person or machine. 5.3.5.1 Observations: Inbound software asset names are not clean and include redundancies. Reporting is not streamlined and very difficult to create. 5.3.5.2 Recommendations: Consider a data normalization service (BDNA was mentioned previously for this purpose). Consider including capabilities in compliance reporting that takes into account two versions of the same software installed on the same machine 5.4 Active Asset Management Active Asset Management represents those activities traditionally performed within IT Service Management. When Asset Management has visibility into the ITSM activities then optimization of the asset lifecycle may occur. The cost associated with the service management activities of an asset can be up to 70% of the total cost of said assets. Thus the value in Active Asset Management can be the visibility into the total cost of ownership and subsequent optimization activities to mitigate costs. 5.4.1 IMAC (Install, Move, Add, Change) Definition: IMAC covers all day-to-day activities associated with the scheduling and installation of hardware and software, changes to configuration, de-installation and relocation of equipment, including connectivity testing, data transfer and user orientation. 2 Not to be confused with PL PO Software Entitlement. Refer to Glossary Appendix B
IT Asset Management SACM Process Guide v1.3 Page 46 of 120 The objectives of this process are to install equipment with a minimum disturbance of the day-to-day operation and to provide the end-users on-the-spot familiarization with the equipment. Activities concerning hardware relocation or de-installation, and changes to configurations should be performed as scheduled and to the agreed standards, with minimum loss of end-users’ productivity time. ServiceNow Support: The ServiceNow platform supports the performance of IMACs through the standard IT Service Management capabilities. All efforts can be tracked to a configuration item (CI) that is then related to an Asset. All efforts, when related to a CI are reportable in mass based on the CI, Asset, Product Model, and any related attribute (data element). 5.4.1.1 Observations: Server: Want to provide better impact analysis and reporting of the change, but no process change required. Desktop: Gerry gets a spreadsheet from Facilities with a person’s old and new locations and executes IT components of the move from that. Desktop moves are not part of IT CAB; instead they are managed via a weekly facilities meeting. Weekly move sessions planned and executed on a scheduled basis. Consumables: Handsets and headsets are tracked with equipment IDs, but once they are deployed, hard to manage location (when an employee moves or offboards) 5.4.1.2 Recommendations: Document the existing IMAC processes prior to Asset Management implementation. 5.4.2 Break Fix Definition: An ITSM process whereby technical support for computers, servers, networks, software, etc. are performed. There may or may not be a written contract for the charges, however all parties have agreed to the terms. This can be the most expensive form of technical support. Asset Managers can track the associated costs related to the inventory of parts, frequency of break- fix activity per product model, and cost of resources. As activities related to break-fix are performed, they are associated to Incident and/or Problem tasks. The aggregation of related details helps identify the 70% post purchase costs traditionally associated with Assets. ServiceNow Support: The ServiceNow platform supports the creation and management of Incident and Problem records through the standard IT Service Management capabilities. All efforts can be
IT Asset Management SACM Process Guide v1.3 Page 47 of 120 tracked to a configuration item (CI) that is then related to an Asset. All efforts, when related to a CI are reportable in mass based on the CI, Asset, Product Model, and any related attribute (data element). 5.4.2.1 Observations: Protective has an open issue around relating a CI to an incident for break-fix purposes 5.4.2.2 Recommendations: Report break/fix performance against asset and supplier, as an input to vendor performance reporting. 5.4.3 Model Management Definition: Models are specific versions or various configurations of an asset (hardware and software), for example, a MacBook Pro 17" or Adobe Acrobat Pro 9. The management of models refers to the activity of identifying and certifying standards associated to the products supported within an organization. The following are Model Management activities that IT Asset Management may perform or participate in:  Certification – Testing hardware and/or software within the environment to determine its feasibility, usefulness, and/or capability  Product Standards – List of those hardware and/or software models that are supported within the organization. An asset not on the supported list may or may not incur extra effort/fees related to support  Consolidation – The support of many product models has a direct cost to an organization. Visibility of the product models and subsequent management can reduce related costs. ServiceNow Support: The ServiceNow platform contains a dedicated environment for the management of models as “Products” within the Product Catalog. The product catalog is a set of information about individual models. Models are specific versions or various configurations of an asset. Models published to the product catalog are automatically published to the service catalog. The service catalog includes information about goods (models) and services. A model may be listed more than once if the model is available from multiple vendors. Asset managers use the product catalog as a centralized repository for model information. A detailed and well-maintained product catalog can coordinate with service catalog, asset, procurement, request, contract, and vendor information. Model categories within ServiceNow are defined groups of assets, consumables, product bundles, and configuration items. Using the categories, you can control what each category creates when a model associated with the category is selected.
IT Asset Management SACM Process Guide v1.3 Page 48 of 120 5.4.3.1 Observations: Currently no way to onboard and offboard an entire model category at once. 5.4.3.2 Recommendations: Build a link between CI Category and Model Category to enable Discovery to capture asset information. Define a process to determine standard models to purchase; similarly, define a process to end of life a standard model. 5.4.4 Usage Management Definition: Usage management and monitoring relates to the status of a network's hardware and software assets. Desired Status includes last use, historical use, and current use. An IT Asset Manager utilizes Usage Management to determine waste. Said waste can relate to hardware and software while identifying opportunities for optimization. Understanding how an asset is utilized and to what extent can help qualify need and alternative resources. Additional value from Usage Management is in support of harvesting and/or cascading of IT Assets; identifying when an asset is underutilized and helps to reassign the asset to a more appropriate need. ServiceNow Support: The ServiceNow Platform can integrate with discovery technology to load and report on asset use. After relating use to existing asset and business service records reports can be run to identify opportunities for optimization. 5.4.4.1 Observations: Employee offboarding process does not current facilitate harvesting of that employee’s licensed software. 5.4.4.2 Recommendations: Define a process to harvest software during employee offboarding. 5.4.5 Asset Optimization Definition: Asset optimization is the strategy of obtaining the most optimal use of the organization’s hardware and software assets. However, asset optimization strategies must also take into account other organizational requirements such as security, access control, etc. where those concerns may out weight the benefits of asset optimization options. Examples of asset optimization strategies include: • The practice of consolidating database instances on a certain server to reduce the number of required licenses
IT Asset Management SACM Process Guide v1.3 Page 49 of 120 • Determining the breakeven point of licensing an application by Client Access License (CAL) verses by processor, and when the advantage of the chosen license type changes, adjust the deployment of licenses to provide greater advantage to the organization • Determining where and when shared resources provide the organization the better option – VM’s, Clustering, etc. • Co-locating software on certain servers to reduce the licensing of access points to outside the organization • Licensing software at the parent organization level so sub-organizations can take advantage of pooled licenses ServiceNow Support: The ServiceNow Platform has plug-ins for license compliance and within the SAM plug-in, license counts and over- & under-licensing counts can be reported on by software model and by vendor across the models that are licensed for within the firm’s contracts. After relating use to existing asset and business service records reports can be run to identify opportunities for optimization. 5.4.5.1 Observations: The topic of asset optimization in Protective’s environment, with high use of application virtualized and non-persistent desktops, will require more conversation during the implementation project. 5.4.5.2 Recommendations: Consider automatically uninstalling software that is not used within a configurable time threshold. 5.5 Disposition Disposition is the process of maximizing the value of unused or end of life assets through effective reuse or divestment. Both large and small organizations practice asset disposition at some level with the end goal of obtaining the greatest possible return from the asset. Asset Disposition is also used to describe the process of liquidating excess inventory of healthy companies, refurbished items and equipment returned at the end of a lease. Asset Disposition can also refer to the task of recovery of assets that have been wrongfully taken stolen, fraudulently misappropriated or otherwise disposed of to remove them from their rightful owner. 5.5.1 Harvest / Cascade Definition: Harvesting and Cascading refer to the reuse of IT Assets. Harvesting refers to the recovering of a software license from a computer where the software is completely removed and the software license is returned to a pool of available licenses. Cascading refers to the recovery of hardware and reassignment of said hardware to a new user/function.
IT Asset Management SACM Process Guide v1.3 Page 50 of 120 ServiceNow Support: The ServiceNow platform supports the identification of underutilized assets through the integration of discovery mechanisms. Reports can be performed that can identify last use and other valuable details needed to identify assets for Harvesting and Cascading. Additional ServiceNow capabilities include Orchestration where triggers can initiate a workflow to install/uninstall software. 5.5.1.1 Observations: Harvesting appears to be a manual opportunistic process today. Does not appear to be strong processes in place to confirm that all available licenses that are not being used, are centrally known and available for another user. 5.5.1.2 Recommendations: Define a process to harvest an employee’s software upon offboarding Consider automatically uninstalling software that is not used within a configurable time threshold. 5.5.2 End of Life / Disposal Definition: End of Life / Disposal occurs when assets eventually the end of their useful lives. Assets then need to be retired and disposed of in a secure, economic and environmentally responsible manner. There are many types of disposal including donation, internal employee sale, recycle, external sale, and etc. Regardless of the disposal type there are many disposal companies that can assist with end of life activities. The key to best practice disposal includes the following  Work with certified disposal agencies  Receive disposal documentation that confirms disposal activities  Wipe/erase hard-drives prior to disposal  Validate disposal activities (don’t just trust agencies – see for yourself) ServiceNow Support: The ServiceNow platform identifies Disposal details on each asset record. Base elements of disposal include Disposal Reason, Scheduled Retirement, Retired Date, Beneficiary, and Resale Price. Additional elements may be added as needed. 5.5.2.1 Observations: Protective uses US Micro as the disposal company. There is one process for both server and desktop disposal.
IT Asset Management SACM Process Guide v1.3 Page 51 of 120 5.5.2.2 Recommendations: Consider integration to US Micro’s systems so Protective can reconcile what you think is disposed, is actually disposed. Regardless of the decision around whether or not to integrate with US Micro, the process of disposal should be documented. 5.5.3 Regulatory Management Definition: Regulatory management refers to the understanding and implementation of regulatory requirements, either internal and external, associated to organization’s hardware and software assets within the disposition phase. Integration between IT, Legal, security, human resources and other teams within the organization is essential to identifying the associated regulatory requirements. It is critical for the organization to be able to provide documented evidence for fulfilling required regulatory actions. ServiceNow Support: The ServiceNow platform has a legal hold process and can be integrated into the SAM process for industry specific regulatory requirements. Additional elements may be added as needed. 5.5.3.1 Observations: A legal hold process exists today, both for current employees, and for off-boarded employees. 5.5.3.2 Recommendations: Consider custom ServiceNow integration to more tightly integrate the legal hold process in ServiceNow into Asset Management to enable seamless legal hold functionality. 5.5.4 Data Security Definition: Data security refers to the practice of ensuring the data on organization’s hardware assets within the disposition phase is properly protected. This includes protection of the data through: encryption and/or access control methodologies; certified removal of the data from asset storage devices and/or components (especially hard drives and memory); and even removal of the asset storage devices and/or components (mainly hard drives and memory). Examples of data security best practices include: • Ensuring all laptops have their hard drives encrypted • Ensuring all assets identified for disposal have they internal hard drives and/or other storage media properly erased or removed prior to disposal – this includes computers, printers, multi- functional and mobile devices • Ensuring mobile devices with access to organization information (including email and data) are capable of remote erasing if lost, stolen or otherwise no longer required access to the information.
IT Asset Management SACM Process Guide v1.3 Page 52 of 120 ServiceNow Support: The ServiceNow platform identifies Disposal details on each asset record. Base elements of disposal include Disposal Reason, Scheduled Retirement, Retired Date, Beneficiary, and Resale Price. Additional elements may be added as needed. 5.5.4.1 Observations: Security processes are robust today. Drives are encrypted as per normal organizational process. 5.5.4.2 Recommendations: Document the current data security processes. Consider building or enhancing remote erase capabilities if they don’t exist today, as this piece of the topic was not discussed in the workshop. 5.5.5 Validation Definition: Validation is the final step within the disposition phase. This is a critical element – you cannot just trust – you need to validate what was intended to happen actually happened. This includes: ensuring the accuracy of data (status, location and other details) related to the assets within the disposition phase was accordingly updated; ensuring any data on these assets was properly secured (data has been properly removed from hard drives and/or storage devices or those devices destroyed; have been wiped or destroyed. Any activity from a 3rd party related to Disposition should include a Certificate of Disposition (COD) for each and every disposed asset. Vendors should be certified with US Government & ISO Standards of Disposition. Validation also includes the random visit/checks of disposal vendors to ensure the activities promised are the activities performed. ServiceNow Support: The ServiceNow platform identifies Disposal details on each asset record. Base elements of disposal include Disposal Reason, Scheduled Retirement, Retired Date, Beneficiary, and Resale Price. Additional elements may be added as needed. 5.5.5.1 Observations: Destruction is done on site. 5.5.5.2 Recommendations: Document the current policy/process. One open discussion should be held before progressing into the implementation project: Will Protective need to store certificates in ServiceNow? 5.6 IT Financial Management Financial Management is the process of planning, analyzing, directing, and controlling costs. The goal is to have an accurate account of what an organization is spending in order to maximize resources and control spending.
IT Asset Management SACM Process Guide v1.3 Page 53 of 120 Financial Management for IT is one of five components in the ITIL Service Delivery area. It determines the costs of services and provides financial accounting support to ensure expenditures fall within approved plans and those funds are well spent. The role of Financial Management varies depending upon the view of IT within the company. Some companies view IT as an expense center, some as a profit center, and some as a cost-recovery center. However, in all cases, Financial Management supports the "business" of IT. Financial Management activities include:  Providing oversight of all IT expenditures  Ensuring funds are available for planned events  Providing detailed financial information for proposed initiatives  Influencing the use of IT assets to maximize the return on IT investments through chargeback systems  Tracking current expenditures against the budget 5.6.1 Total Cost of Ownership Definition: Total Cost of Ownership, or TCO, is the purchase price of an asset plus the costs of operation. When choosing among alternatives in a purchasing decision, buyers should look not just at an item's short-term price, which is its purchase price, but also at its long-term price, which is its total cost of ownership. The item with the lower total cost of ownership will be the better value in the long run. The post purchase cost of assets can reach 70% of the Total Cost of an Asset. Understanding these costs is critical to business decision-making. ServiceNow Support: The ServiceNow Platform contains the Cost Management capability. Cost management tracks configuration item costs. The costs can be allocated to business units and used in reports. Specifically, cost management enables these features:  Using rate cards.  Defining configuration item (CI) costs.  Tracking one-time costs for CIs.  Processing recurring CI costs to generate expense lines.  Distributing bulk costs to multiple expense line sources.  Tracking costs related to tasks and projects.  Aggregating configuration item costs and charging the total cost to a business service or application  Allocating expense lines to business units with flexible allocation rules.  Tracking planned and actual budget costs by cost center. 5.6.1.1 Observations: TCO management is handled elsewhere and is out of scope of ServiceNow. The only component required is allocating asset costs fromwithin ServiceNow, to the organizations that use them.
IT Asset Management SACM Process Guide v1.3 Page 54 of 120 5.6.1.2 Recommendations: None noted – asset cost allocation is a clear organizational imperative around this project, and will be a major driver of value for Protective. 5.6.2 Business Service Costing Definition: The goal of Financial Management is the understanding of costs as they relate to the Business Services provided by the organization. When tasked with the decision to maintain and/or migrate services, it is critical to understand the true cost of said services. Business Service Costing pulls all of the TCO related to individual assets and relates them to the services the organization provides. Such activities help organizations plan and optimize for the future. ServiceNow Support: The ServiceNow platform contains the Service Portfolio Management capability. Service Portfolio Management addresses three core business needs:  The plugin can be used to document the various business services offered using a standardized, structured format. This list of offerings can be offered to the user base in a consumer-friendly catalog.  Once services are defined, the system will start automatically tracking performance against defined availability commitments. If outages are reported, the platform handles availability tracking.  Once service offerings are documented and performance is being tracked, the information can be relayed in real-time performance gauges available to end-users. When implemented with the Cost Management capability ServiceNow can track Business Service costs with their related configuration items. ServiceNow supports a related hierarchy to identify the complete view of a business service and its related components such as applications, application instances, databases, servers, virtual servers, and etc. A typical hierarchy may appear as follows:
IT Asset Management SACM Process Guide v1.3 Page 55 of 120 5.6.2.1 Observations: Currently, the linkage of business services to major software pieces that have cost is not defined for Protective. 5.6.2.2 Recommendations: The definition of Business Services can be tricky/non-obvious for some organizations. We recommend a rationalization effort to confirm if any business services overlap or are no longer required, given Protective has so many (~500 in Production) due to corporate acquisitions. Fully implement CMDB and CI relationships, to the business service level, to provide full end-to-end visibility into the components that support each business service. 5.6.3 Budgeting / Forecasting Definition: Budgeting enables an organization to plan future IT expenditure, thus reducing the risk of over-spending and ensuring the revenues are available to cover the predicted spend. Additionally it allows an organization to compare actual costs with previously predicted costs in order to improve the reliability of budgeting predictions. ServiceNow Support: The ServiceNow Platform contains the Cost Management capability. Cost management tracks configuration item costs. The costs can be allocated to business units and used in reports. Specifically, cost management enables these features:  Using rate cards.  Defining configuration item (CI) costs.  Tracking one-time costs for CIs.  Processing recurring CI costs to generate expense lines.  Distributing bulk costs to multiple expense line sources.  Tracking costs related to tasks and projects.  Aggregating configuration item costs and charging the total cost to a business service or application  Allocating expense lines to business units with flexible allocation rules.
IT Asset Management SACM Process Guide v1.3 Page 56 of 120  Tracking planned and actual budget costs by cost center. 5.6.3.1 Observations: ServiceNow will simply enable the budgeting process, but this will largely take place in another system. 5.6.3.2 Recommendations: During the implementation project, focus on building reporting that is clean and minimizes the amount of work required to prepare, so the overall Budgeting process can be as clean as possible as well. 5.6.4 Depreciation Definition: For accounting purposes, depreciation indicates how much of an asset's value has been used up. For tax purposes, businesses can deduct the cost of the tangible assets they purchase as business expenses; however, businesses must depreciate these assets in accordance with IRS rules about how and when the deduction may be taken based on what the asset is and how long it will last. ServiceNow Support: The ServiceNow Platform can identify and manage depreciation in support of IT Finance. The base instance includes the Financial Management application menu with several modules including Depreciation, Fixed Assets, Expense Lines, and Cost Centers. ServiceNow can calculate depreciation for a fixed asset using a choice of depreciation schedules. This can help IT coordinate with the corporate fixed asset system to report correct valuation and book value 5.6.4.1 Observations: Not in scope of the implementation, as this function will continue to occur in another system even after Asset Management is implemented 5.6.4.2 Recommendations: None noted – out of scope. 5.6.5 Cost Allocation / Chargeback Definition: Understanding how and why IT customers use services is critical to service planning as well as effectively managing costs and optimizing resources for business needs. IT managers are responsible for costly and complex assets of the company; they need to know how IT resources are
IT Asset Management SACM Process Guide v1.3 Page 57 of 120 utilized. They increasingly need to be able to provide reports to non-technical managers, to continually align IT resources with business activity. It is essential to have an understanding of IT resource usage when allocating scarce IT resources and talking too managers and internal users. Using IT chargeback is the best way to change end user behavior. In addition to being perceived as fair and accurate, a chargeback system also helps optimize IT investment utilization. An analogy is the electricity company that charges more during peak usage in order to spread the load more evenly during the day, thus utilizing the electrical grid systembetter. ServiceNow Support: The ServiceNow Platform contains the Cost Management capability. Cost management tracks configuration item costs. The costs can be allocated to business units and used in reports. Specifically, cost management enables these features:  Using rate cards.  Defining configuration item (CI) costs.  Tracking one-time costs for CIs.  Processing recurring CI costs to generate expense lines.  Distributing bulk costs to multiple expense line sources.  Tracking costs related to tasks and projects.  Aggregating configuration item costs and charging the total cost to a business service or application  Allocating expense lines to business units with flexible allocation rules.  Tracking planned and actual budget costs by cost center. Expenses can be allocated to a business entity that is responsible for the expense. This is not considered charge-back or billing but could be used as a source for billing. The primary purpose of expense allocation is to represent the consumer of the process that has incurred some expense. This can be accomplished by defining expense allocation rules. 5.6.5.1 Observations: Desktop and phone allocated by user Others are allocated via used by business service 5.6.5.2 Recommendations: Continue to drive cost allocation as the organizational imperative it appears to be. No other recommendations noted.
IT Asset Management SACM Process Guide v1.3 Page 58 of 120 6 ServiceNow Configuration Requirements The following identifies foundational configuration elements for the implementation of IT Asset Management within ServiceNow. 6.1 ServiceNow Plugins Plugins provide additional optional functionality that administrators can activate within a ServiceNow instance. Refer to this URL for additional plugins available and more in-depth information about each plugin https://wiki.servicenow.com/index.php?title=List_of_Plugins The following Plugins are recommended for consideration within the PL instance of ServiceNow in support of IT Asset Management: Name Description ExtendedCMDB Addsadditional 144 tables(includingPersonal Computer) for use withinthe CMDB. FieldNormalization Addscapabilitytonormalize fieldvalues. My Assets My Assetspluginprovidesuserswithself-service accessto theirownassets, contracts,and requests. Procurement Procurementmanagerscanuse the Procurementapplication to create purchase ordersand to obtainitemsforfulfilling service catalogrequests.Procurementoffersthe abilityto: • Track service catalogrequests • Create and manage purchase orders • Create and manage transferorders • Receive assets Software AssetManagement Providesthe capabilitytodosoftware assetmanagement, includesreconciliationof entitlementstolicenseincluding those fornamedusers,workstation, andenterprise software agreements. NOTE: this pluginshould be reinstalledaftera change to or additionof a discoverytool. 6.2 Model / Class (Product Catalog) The ServiceNow Product Catalog is critical to the implementation of Asset Management and related lifecycle elements within the ServiceNow platform. The product catalog is a set of information about individual Models. Models are specific versions or various configurations of an asset. Models published to the product catalog are automatically published to the service catalog. The service catalog includes information about goods (models) and services. A model may be listed more than once if the model is available from multiple vendors. Keep the following in mind when working with product catalog:  A product catalog item can be linked to multiple vendor catalog items or a single model.  A model can only have one product catalog item.  A vendor catalog item can only have a single product catalog item.
IT Asset Management SACM Process Guide v1.3 Page 59 of 120 Asset managers use the product catalog as a centralized repository for model information. A detailed and well-maintained product catalog can coordinate with service catalog, asset, procurement, request, contract, and vendor information. The following depicts the basic ServiceNow model-class-asset relationships: 6.3 Models Models are specific versions or various configurations of an asset. Models are used for managing and tracking assets through various ServiceNow asset applications, including Product Catalog, Asset Management, Software Asset Management, CMDB, and Procurement. Model definitions can be based on vendor-provided criteria (for example, the manufacturer name Apple MacBook Pro) or a custom abstraction (for example, Graphic Designer Workstation). A model can be in one or more model categories. For example, a laptop can be a computer and a server. Model definitions specify whether the model creates an asset, a configuration item, or both. On a hardware model record, compatible hardware models can be added.
IT Asset Management SACM Process Guide v1.3 Page 60 of 120 For details on creating a new Model please visit the ServiceNow Wiki at Creating New ServiceNow Models. The Display Name of a model is a combination of data attributes; Manufacturer and Model Name. Thus for the creation of a Model these two data elements should be required for consistency in the naming convention. Consumables are assets that are not tracked individually, but as a group of the same model with one or more of the following traits:  Same location  Same state  Consumed by the same asset (typically as accessories or parts)  Common consumable assets are computer mice and computer keyboards. Consumables follow a slightly different life cycle than other assets. 6.4 Asset Class The default asset classes are Hardware, Software License, and Consumable. These general classes can be used to manage a variety of assets. If the general classes are not appropriate for a specific group of assets, consider creating a new asset class. For example, a fleet of cars could be tracked in a custom asset class named Vehicle. Before creating new asset classes, analyze business needs to see if the general classes can be used. A large number of asset classes can be difficult to maintain. Built-in functionality allows you to use asset classes:  for financial tracking  in a model bundle  as a pre-allocated asset It is recommended that PL utilize the default asset classes within ServiceNow. 6.5 Configuration Item Class (Model Category) Model categories are defined groups of assets, consumables, product bundles, and configuration items. For example, create separate model categories for printers, servers, software, and computers. Using the categories, you can control what each category creates when a model associated with the category is selected. The categories also define the relationship between a CI class and an asset class. A model category can be related to many models and a model can be related to many model categories. For example, a specific model of a computer can be a computer and a server. PL will need to compare existing Categories with recommendations noted below SN Product Category Asset CI SN Notes Accessory alm_hardware cmdb_ci_acc PleaseReview
IT Asset Management SACM Process Guide v1.3 Page 61 of 120 Business Service cmdb_ci_service Circuit cmdb_ci_circuit Communication Device alm_hardware cmdb_ci_comm Communications Device - currently being used for Telecom Network Devices Communication Device alm_hardware cmdb_ci_comm Computer Peripheral alm_hardware cmdb_ci_peripheral review sub categories and rationalize ESX Server alm_hardware cmdb_ci_esx_server Generator alm_hardware u_generator Group with Datacenter, Consider table name that aligns with standard (u_cmdb_ci_) IP Router alm_hardware cmdb_ci_ip_router IP Switch alm_hardware cmdb_ci_ip_switch Linux Server alm_hardware cmdb_ci_linux_server Panel alm_hardware u_panel Consider tablename that aligns with standard (u_cmdb_ci_) PDU alm_hardware cmdb_ci_pdu Personal Computer alm_hardware cmdb_ci_pc_hardware change to Personal Computer Printer alm_hardware cmdb_ci_printer Rack alm_hardware cmdb_ci_rack Server Chassis alm_hardware cmdb_ci_chassis_server UPS alm_hardware cmdb_ci_ups 6.6 Asset and Configuration Item Status ServiceNow tracks the Lifecycle State and Configuration Status of Assets. An Asset record will display an Asset State where a Configuration Item (CI) will display a Status. Asset states and corresponding substates can be used to accurately track assets at a detailed level. Good asset information helps with reporting, controlling assets, and lowering costs. For example, accurately recording missing items using the Missing state and the Lost and Stolen substates enable you to run reports and analyze the information in order to lower costs. The Status fields on the two forms, asset and configuration item, are synchronized so that status changes made on one form trigger the same status update on the corresponding form, ensuring consistent reporting. (As a best practice, ServiceNow, Inc. recommends updating status on the asset form.) All state fields are synchronized as well. State fields are mapped to their most logical counterpart on the other table. For example, for a hardware asset set to state In Stock - Pending disposal, the corresponding CI is set to In Disposition with no substate. 6.7 Asset States (install_status)
IT Asset Management SACM Process Guide v1.3 Page 62 of 120 The following states and substates are default for ServiceNow. It is recommended that PL utilizes these default states and substates and merges their existing states and substates to align with the defaults as best as possible. State Available Substates Notes On order None Asset has been ordered but not received. In stock Available, Reserved, Defective, Pending repair, Pending install, Pending disposal, Pending transfer, Pre-allocated Asset is stored in a stockroom. Substate indicates if it is possible or recommended to put the asset into use. In transit Available, Reserved, Defective, Pending install, Pending disposal, Pre-allocated In use None Available only for non-consumables. Consumed None Available only for consumables. In maintenance None Asset is being repaired or undergoing maintenance. Retired Disposed, Sold, Donated, Vendor credit Setting an asset to a Retired state is recommended for asset end of life. Only delete asset records that were created erroneously. Missing Lost, Stolen 6.8 CI Statuses (install_status) The following status and substatus are default for ServiceNow. It is recommended that PL utilizes these default statuses and substatuses and merges their existing status and substatuses to align with the defaults as best as possible. CI-Install status Available CI SubStatus In Stock Available In Stock Reserved Pending Repair blank Pending install blank In Stock blank Pending Repair Repairable Pending install Reserved In Stock Disposable In Stock Pre-allocated Installed In use In maintenance blank Retired blank Retired Scrapped Retired Sold Retired Donated
IT Asset Management SACM Process Guide v1.3 Page 63 of 120 Retired Credit Absent blank Absent Lost Stolen blank 6.9 Asset & CI State/Status Synchronization The Status fields on the two forms (Asset and CI) are synchronized so that status changes made on one form trigger the same status update on the corresponding form, ensuring consistent reporting. (As a best practice, ServiceNow, Inc. recommends updating status on the asset form.) All state fields are synchronized as well. State fields are mapped to their most logical counterpart on the other table. For example, for a hardware asset set to state In Stock - Pending disposal, the corresponding CI is set to In Stock with no substate. Below are the synchronization mappings from Asset to CI State/Status: Asset State Asset substate CI-Install status On order None In Stock Available In Stock In Stock Reserved In Stock In Stock Defective Pending Repair In Stock Pending repair Pending Repair In Stock Pending install Pending install In Stock Pending disposal In Stock In Stock Pending transfer In Stock In Stock Pre-allocated In Stock In transit None In Stock In transit Available In Stock In transit Reserved In Stock In transit Defective Pending Repair In transit Pending install Pending install In transit Pending disposal In Stock In transit Pre-allocated In Stock In use None Installed In maintenance None In maintenance Retired None Retired Retired Disposed Retired Retired Sold Retired Retired Donated Retired Retired Vendor Credit Retired Missing None Absent Missing Lost Absent Missing Stolen Stolen 6.10 Naming Conventions & Data Normalization Naming conventions are important for the normalization of data within the ServiceNow platform. Often naming conventions are not enough and additional assistance is needed to help normalize data. The following are best practices and recommendations for the normalization of data and naming conventions.
IT Asset Management SACM Process Guide v1.3 Page 64 of 120 6.11 Naming Conventions The following are best practices as they relate to naming conventions related to IT Asset Management in ServiceNow. PL will need to compare existing naming conventions with best practices noted below Hardware Models: Hardware Model Display Name is a combination of the Manufacturer Name and the Model Name. For example if a Model has a manufacturer of Dell and a Model Name of Optiplex 760 then the Display Name for the Hardware Model record will be Dell Optiplex 760. ServiceNow, by default, will utilize the Hardware Model Display Name when referencing Assets, CI’s, Catalog Items, and Contracts. Thus retention of the ServiceNow naming convention for Hardware Models is important. Software Models: Software Model Display Name is a combination of the Manufacturer Name, Model Name, and Version. For example if a Model has a manufacturer of Adobe, a Model Name of Acrobat Pro, and a Version of 9 then the Display Name for the Software Model record will be “Adobe Acrobat Pro 9”. ServiceNow, by default, will utilize the Software Model Display Name when referencing Software Licenses, Software Counters, Catalog Items, and Contracts. Thus retention of the ServiceNow naming convention for Software Models is important. Asset Record: Asset records Display Name is a combination of the Asset Tag and the Model ID (Display Name). For example if an Asset record had an Asset Tag of C67893 and a Model ID (Display Name) of Dell Inc. XPS 14z then the Asset record Display Name would be “C67893 - Dell Inc. XPS 14z”. 6.12 Data Normalization Field Normalization includes two features: normalization and transformation. Normalization forces the ServiceNow platform to convert different forms of the same field value to a single, accepted value automatically. By forcing a field to use a simple, recognizable description for multiple variations of the same thing, normalization can eliminate duplicate records and make searches easier. In addition to reconciling different forms of the same value in fields, normalization can be configured to adjust queries automatically to return normalized results. Transformation enables an administrator to transform raw field input into standardized values that are more meaningful to an organization. An example of a standardized value might be to round RAM size in configuration items to a whole number, such as 4000 MB instead of 4112 MB.
IT Asset Management SACM Process Guide v1.3 Page 65 of 120 Transformations are controlled by parameters and conditions and can be configured to return transformed values in queries. 6.13 Integrations ServiceNow integrates with many third party applications and data sources. Two types of integrations are listed:  Base systemintegrations use ServiceNow plugins and include CMDB, Change Management, Incident Management, Problem Management, Single Sign-on, and User Administration.  Custom integrations are implemented through your ServiceNow Professional Services Consultant The ServiceNow platform is based on service-oriented architecture (SOA), in which all data objects can use web services to access bi-directional data-level integration. The interface is also direct and dynamic because all modifications to existing objects and all new objects are automatically published as a Direct Web Service. A more indirect web service creation and usage can be achieved through Mapped Web Service where a transform map is used to gather incoming web service data into the final tables. Finally, an advanced Scripted Web Service technique is available for defining process- based web services, where data is irrelevant, but serves more as a trigger for a process or a composite of actions that execute at the server. Additionally the platform offers a rich interface for loading external data using import sets. Using this feature, you can load from various data sources such as HTTPS, FTPS, and SCP using file formats such as XML, CSV, and Microsoft Excel XLS files. Information can also be pulled from a data source using a direct JDBC connection, provided the network connectivity allows. Information can be pulled from the platform to an external platform using an ODBC Driver. Forms, lists, and reports on the platform can be accessed directly using a URL, which facilitates integration on the UI level between two or more web applications. 6.14 MID Server PL may require a MID Server for Asset data integrations. The Management, Instrumentation, and Discovery (MID) Server is a Java server that runs as a Windows service or UNIX daemon. The MID Server facilitates communication and movement of data between the ServiceNow platform and external applications, data sources, and services. 6.15 Web Services HTTP-based Web Services allow diverse applications to talk to each other. ServiceNow supports both inbound (provider) and outbound web service consumer services. PL will utilize Web Services to communicate with some integration points. Web Service Data Format Types - The following standard data format types are supported by ServiceNow via the HTTP protocol:
IT Asset Management SACM Process Guide v1.3 Page 66 of 120  SOAP - http://en.wikipedia.org/wiki/SOAP  JSON - http://json.org/  CSV - http://en.wikipedia.org/wiki/Comma-separated_values  EXCEL - http://en.wikipedia.org/wiki/Microsoft_Excel_file_format#File_formats  XML - http://en.wikipedia.org/wiki/XML  PDF - http://en.wikipedia.org/wiki/Portable_Document_Format
IT Asset Management SACM Process Guide v1.3 Page 67 of 120 7 SERVICENOW IMPLEMENTATION ServiceNow recognizes the complex nature of IT Asset Management and the need for a successful implementation of technology in support of ITAM processes. Based on industry standards, best practices, and real-world experience the Implementation of ServiceNow follows a methodology that combines organizational goals with practical reality. 7.1 Implementation Methodology ServiceNow follows the International Standards Organization (ISO) recommendations for tiered implementation of best-in-class IT Asset and Software Asset Management environments. Tier 1 Good data isa prerequisite forgoodITAM& SAM. A commonmanagementobservation that applieshere isthat“youcannot manage whatyou donot know”.Thistieralso providesthe basisfordemonstratinginventorymanagementandlicense compliance, whichis typicallyahighprioritymanagementobjective. Tier 2 In practice,practical managementbeginsafterthe organizationhasrecognizedthe issues resultingfromnothavingtrustworthydata.The organizationrecognizesthe extentof the risksit facesas well asopportunitiesforimprovementandsavings.Thistierincludes targetinganddelivering“quickwins”made obviousbytier1. Tier 3 Buildingonthe foundationof the previoustwotiers,thistierdrivesthe integrationof ITAM& SAMintooperational ITSMprocesses.The resultisimprovedefficiencyand effectiveness. Tier 4 Thistieraddressesthe more advancedanddemandingaspectsof full ITAM& SAM, includingitsfull integrationintostrategicplanningforthe organizationincludingbutnot limitedtoBusinessService ManagementandFinancial Management.
IT Asset Management SACM Process Guide v1.3 Page 68 of 120 Implementation Tier with The ServiceNow Asset Management Methodology The ISO Implementation tiers relate to the Towers within the ServiceNow Asset Management Best Practices Methodology. Based on the Asset Management activities being performed and/or implemented within an organization a current capability and an implementation roadmap may be identified. Tier 0 Governance: Before implementation of Asset Management activities, organizations should address best practices related to Governance as outlined in the ServiceNow Asset Management Methodology. The critical foundational elements include Policy with Roles & Responsibilities, Processes, and Education/Training. Tier 1 Trustworthy Data: Good data is a prerequisite for good ITAM & SAM. A common management observation that applies here is that “you cannot manage what you do not know”. This tier also provides the basis for demonstrating inventory management, reporting, and license compliance. Technology requirements include an Asset Repository with effective and usable data (Models, Assets, Configuration items) that can be readily transformed into knowledge. Tier 2 Practical Management: The focus of Tier 2 efforts within the ServiceNow Asset Methodology is specific to Fulfillment and Auditing. An organization should have Discovery, Contract Management, and Software Compliance. Technology requirements include hardware/software discovery, software purchase record repository, contract terms & conditions repository, and warranty/maintenance attributes.
IT Asset Management SACM Process Guide v1.3 Page 69 of 120 Tier 3 Operational Integration: The integration of the ITAM Lifecycle throughout the organization including ITSM is critical for efficiency and effectiveness. Identifying and managing the “use” of assets in the field helps to locate opportunities for optimization. Technology requirements include Service Catalog, Procurement, and Vendor Management. This tier also provides the bases for demonstrating Financial Management within Tier 4. Tier 4 Strategic Conformance: Tier 4 addresses the more advanced and demanding aspects of full ITAM. Elements of Tier 4 include full integration into strategic planning for the organization including but not limited to Business Service Management and Financial Management. Technology requirements include Financial Management, Costing (rate cards), Contract Financials, and CMDB Relationships. Planning for Implementation: The Tiered approach is best implemented using the following phased activities: Note: While each Phase builds on one another, the prior Phase does not have to be completed before the next Phase begins.
IT Asset Management SACM Process Guide v1.3 Page 70 of 120 7.2 PL Current Capability Summary The following is a summary of finding related to an appraisal of current capability in the performance of IT Asset Management. This assessment is based on 2 days of onsite effort and a review of best practices with the PL team. Specific observations can be found in Section 5 of this document. Capability Score: The total capability scoring for PL is a 1.8 out of 4 (24/50). This score is a bit under 50% due to some key Activity items in Tier 0 and Tier 1 that must be accomplished and therefore more weighted. Overall, impressive for the organization as a whole and on the right path for future successes. The following are Capability recommendations for PL: I made an attempt to be fair in the scoring. While it is true that you have control over the processes that underlay the data for analysis, by not having documented procedures and an automated way for various ITIL staff to be able to gather that data in a coherent and expedited manner, the scores were skewed in a way that great efforts should be made to review ALL of the activities for not only improvements but integrations where the work has already been done in definition but needs publishing and adherence to compliance for the organization. 7.3 Tier 0 Governance Capability Unperformed (4/10) - The PL organization has performed 4 of 10 activities within Tier 0 Governance. It is recommended that PL establish and assign Roles & Responsibilities for ITAMactivities. The assignment of roles and responsibility will enable PL to move forward with recommended best practices. Tier 0 Activity Performed Centralized Asset Use Policies Yes Shared Asset Processes Yes Shared Asset Procedures No Processes Reviewed for Intended Outcome Yes Standard Process/Procedure Format No Industry Training in ITAM No Local User Group Participation Yes End User Training on Asset Policies & Procedures No Established KPI's for IT Asset Lifecycle Management No Roles & Responsibilities identified for ITAM Activities No 7.4 Tier 1 Trustworthy Data
IT Asset Management SACM Process Guide v1.3 Page 71 of 120 Unperformed (5/10) - The PL organization has performed 5 of 10 activities within Tier 1 Trustworthy Data. It is recommended that PL establish an enterprise wide capability for discovering and validating IT Assets in a manner that ensures visibility throughout the Enterprise. Tier 1 Activity Performed Centralized Repository for Assets (including financial/contractual data) No Standardized Hardware & Software Models Yes Centralized Inventory Management Yes Centralized ITAM Reporting No Internal Enterprise-wide Discovery Yes Visibility of all Asset Across the Organization No Acquisition Details of All Assets Yes Status/State of All Assets No Established KPI's for Data Accuracy No Automation of Data Population Yes 7.5 Tier 2 Practical Management Unperformed (5/10) - The PL organization has performed 5 of 10 activities within Tier 2 Practical Management. It is recommended that PL focus on Software Asset Management capabilities through automation and compliance views. Tier 2 Activity Performed Validated Discovery of PC Software Throughout the Enterprise No Validated Discovery of Datacenter Software Throughout the Enterprise Yes Software Catalog No Contract Repository Yes Contract Terms & Conditions Repository Yes Contract Lease/Warranty/Services Dates Recorded Yes Contracts Related to Assets and/or Configuration Items No Centralized Software Purchase Record Repository (Entitlements) Yes Centralized Software Compliance View No Established KPI's for Software Compliance No 7.6 Tier 3 Operational Integration Unperformed (5/10) - The PL organization has performed 5 of 10 activities within Tier 3 Operational Integration. It is recommended that PL establish integration between the Asset Repository and Lifecycle Management Elements – Catalog, Purchasing, and CMDB. Tier 3 Activity Performed CMDB No
IT Asset Management SACM Process Guide v1.3 Page 72 of 120 CI to CI Relationships No Incident/Problem Reporting for Vendor Management Yes Centralized Service Catalog Yes Centralized Purchasing Yes Integrated Service Catalog to Purchasing No Integrated Service Catalog to Asset Repository No Integrated Purchasing and Asset Repository Yes Integrated Asset Repository and CMDB No Established KPI's for Asset Purchasing Yes 7.7 Tier 4 Strategic Conformance Unperformed (5/10) - The PL organization has performed 5 of 10 activities within Tier 4 Strategic Conformance. It is recommended that PL establish Tiers 0-2 before full implementation efforts related to Tier 4. Tier 4 Activity Performed Business Service Mapping in CMDB No Financial Costing for Configurations Yes Rate Cards for Services Yes Rate Cards for Contracts Yes Rate Cards for Activities Yes Integrated Total Cost of Ownership Reporting No Integrated Budgeting/Forecasting Reporting Yes Depreciation Management No Chargeback/Showback No Established KPI's for Financial Management of Assets No
IT Asset Management SACM Process Guide v1.3 Page 73 of 120 7.8 Implementation Roadmap The following implementation roadmap has been assembled for the successful implementation of Asset Management Processes and Technology. This roadmap is provided based on the current capability of PL (Section 7.2) as well as the goals of the organization. This roadmap is a practical implementation recommendation based on best practices and experiences. 7.9 Roadmap Overview The primary goal of the Asset Workshop was to identify opportunities to establish and utilize best practices for Asset Management. ServiceNow utilizes the workshop to identify the current capability of PL in support of recommendations for implementation. The effort of implementing Asset Management with any organization carries a delicate balance between process and technology. The industry identifies that a successful Asset Management capability is based on 80% Process and 20% Technology. 7.10 Process Roadmap The Process Roadmap is assembled based on the Best Practices of Asset Management (Section 4) and the Capability Summary (Section 7.2). Process Technology Capacity Management Demand Management Software Asset Management Hardware Asset Management Policies Shared Processes & Procedures Education & Training Roles & Responsibilities
IT Asset Management SACM Process Guide v1.3 Page 74 of 120 Process Elements - The following elements are needed for the performance of IT Asset Lifecycle Management as they are related to the ISO Implementation Tiers. o Governance o Active Asset Management o Fulfillment o Auditing o Disposition o Financial Management Capability - The Capability results (Section 6.2) for PL are as follows: Tier / Activity Score Tier 0 – Governance 0.4 Tier 1 – Trustworthy Data 0.5 Tier 2 – Practical Management 0.5 Tier 3 – Operational Integration 0.5 Tier 4 – Strategic Conformance 0.5 Total Capability Score (out of 4.0) 1.8 Process Roadmap Implementation Recommendation – 4 Phases It is recommended that PL focus on the following elements as a roadmap to Asset Management Best Practices: o Phase 1 – Tier 0 & Tier 1 in support of Asset Management Implementations o Phase 2 – Tier 2 after Phase 1 and in support of Software Asset Management Implementations o Phase 3 – Tier 3 after Phase 1 and in support of Service Catalog and Optimized Configuration Management o Phase 4 – Tier 4 after efforts of Phases 1-3 7.11 Technology Roadmap
IT Asset Management SACM Process Guide v1.3 Page 75 of 120 The Technology Roadmap is assembled based on the Best Practices of Asset Management (Section 4). Practical experience has identified the need for a prescriptive and phased approach for Asset Management. This roadmap is intended as a guide for PL. Technology Elements & Restrictions: The following elements are needed for the performance of IT Asset Lifecycle within ServiceNow: o Service Catalog o Asset Management o Software Asset Management o Extended CMDB o Financial Management (with Cost Management) ID Element Restrictions 1 Service Catalog Service Catalog will require the use/management of Models for standard assets (hardware/software). Additionally, Service Catalog will require workflow fromthe Request& Acquisitionprocess. 2 AssetManagement Use/managementof Modelsforstandardassetsisneeded.Asset detailsare requiredinordertouniquelytrackandrelate provisioned assets. 3 Software Asset Management Discoveryis requiredforSoftware Asset Managementperformance. 4 ExtendedCMDB Capacity & Financial Managementis dependent upon a fully built out CMDB. The current CMDB does not have a complete picture of the environment. Additionally, best practice follows the lifecycle creation of records where an Asset exists BEFORE the creation of a Configuration Item. The CMDB needs all relationships completed fromCI to CI to Services. • Requisition • Provisioning • Automated Workflow • Model Management 1. SN Service Catalog • Model Management • Asset Repository • Costing • Contract Ts&Cs 2. SN Asset Repository • Software Entitlements • Enterprise Discovery • Software Counters (Compliance) 3. SN SoftwareAsset Management • Configurations • CI to CI Relationships • Application/Service Chunking 4. SN CMDB • Total Cost of Ownership • Business Service Costing • Expense Allocations • Budgets • Chargeback/Showback 5. SN Financial Management
IT Asset Management SACM Process Guide v1.3 Page 76 of 120 5 Financial Management Performance of Financial Management requires the fully built Service Catalog, Asset Management, Software Asset Management, and ExtendedCMDBenvironment. Technology Roadmap Risks The implementation of Asset Management within PL carries risks. Some of those risks are listed below:  The large number of non-persistent desktops and high level of application virtualization will need to be reviewed closely during the implementation timeframe  The split of financial capabilities between ServiceNow and other tools is conceptually easy to understand, but will need to be mapped to ServiceNow functionality to confirm the proper way to build this split into the system, to enable cost allocation through ServiceNow but not other financial functionality Technology Roadmap Implementation Recommendation – 4 Phases The Asset Management Roadmap enables the performance of IT Asset Management in a phased approach. The implementation phases allow for rapid returns on effort without the monumental effort and expense. It is recommended that the 5 technology elements of Asset Management be implemented in the following phases: o Phase 1 – Trustworthy Data: Asset Repository and CMDB optimization o Phase 2 – Practical Management: Full IT Asset Management with Software Asset Management o Phase 3 – Operational integration: Integrated Service Catalog with models for lifecycle management o Phase 4 – Financial Management
7.11.1 ServiceNow Asset Management Technology Implementation Phases The following details are provided in support of the recommended Technology Roadmap. The Implementation details are created to help scope and document the stories needed for implementation activities. Note: These sections will be discussed for future planning as the SACM components are further planned for all of the following sections in this topic. 7.11.1.1 Phase 1 ServiceNow Asset Management Launch – Trustworthy Data Phase 1 of the ServiceNow IT Asset Management Launch within PL will focus on baseline configurations with data accuracy. A baseline configuration utilizes OOTB data elements and capabilities of ServiceNow, which allows for a rapid start to implementation efforts. 7.11.1.1.1Scope The recommended Scope of Phase 1 includes a primary focus on Trustworthy Data with the following activities:  Asset Repository build  Core CMDB build (including integration to 3rd party discovery tools) 7.11.1.1.2ServiceNow Plugin Activation (For Stories) Pending detailed requirements discussions, the following plugins are recommended in support of Phase 1:  Extended CMDB  Field Normalization 7.11.1.1.3ServiceNow Configurations (For Stories) In support of a rapid implementation, ServiceNow recommends the use of default configurations for IT Asset Management including OOTB data attributes. After the launch of Phase 1 and the resulting trust in the provided asset data then activities may begin to optimize the ServiceNow environment as desired. The following configurations are recommended within Phase 1:  Manufacturer Data Normalization  Hardware/Software Model Name Data Normalization  Data Certification on critical Asset data element such as “Assigned To”  Class & Model Category Mapping  Status 7.11.1.1.4Data Mapping Detailed data mappings within ServiceNow from PL will be discuss at a future date. These mappings will be created with the input and guidance of PL during the onsite implementation workshop and subsequent discussions.
Process Guide Page 78 of 120 7.11.1.1.5PL Activity The following areas have been identified as key requirements for PL and require a critical focus on trustworthy data in Phase 1. It will be imperative to assemble appropriate asset details prior to and during launch activity. The use of discovery technology as a primary source of truth for Asset data will expedite data onboarding and improve data accuracy. The following are recommended Data Activities:  Rationalize discovery data – review asset discovery sources and consolidate where possible. Data overlap can create data integrity issues when multiple sources of truth are creating/updating Asset records.  Gather/Validate Critical Data Elements – Implementation of IT Asset Management will need information related to Locations, Users, Departments, Cost Centers, Company, Manufacturers, and Vendors. If these details are part of data integration efforts then a data sampling will be needed to validate prior to integration completion. For Software Asset Management data will be required related to base/starter Software License purchase record details.  MID Server Implementation – A MID Server is required for many integrations.  Class Mapping - Final mapping of Class structure for Model Categories.  Model Data Onboarding – With so many IT Asset Management elements reliant on Model Data it will be crucial to have this data organized at kickoff so implementation can occur shortly after.  Field Normalization – may be performed with Model Data Onboarding as normalization often begins with Manufacturer and Model normalization.  Integration Activity – After Model Data Onboarding is complete then integration to discovery (sources of truth) may be performed. Rationalization should be completed prior to implementation activities. Integration may create asset records that are not already seen within the ServiceNow environment. Allowing discovery/integration technology to create records facilitates a quicker phase launch as well as utilizing a source of truth.  Hardware Data Onboarding – After integration Activity is complete then additional, non discoverable, data elements can be loaded for each Asset/CI  Data Certification – After hardware data is fully loaded then Data Certification configuration can occur.  Process Testing & Validation – After hardware data is fully loaded then process testing may begin. 7.11.1.1.6Integrations Activity (For Stories) PL will integrate ServiceNow Asset Management with multiple points. Two types of integrations are listed:
Process Guide Page 79 of 120  Base systemintegrations use ServiceNow plugins and include CMDB, Change Management, Incident Management, Problem Management, Single Sign-on, and User Administration.  Custom integrations are implemented through your ServiceNow Professional Services Consultant 7.11.1.1.7Required Foundation Data Elements (For Stories) The following Foundation Data Elements are required in the management of Asset Data within ServiceNow including Status, Cost Center, Company, and Location: Model Categories – ServiceNow recommends utilizing the detailed Product Category mappings provided by ServiceNow and embedded in section 6.5. Update the table below as needed during the planning stages for implementation SN Product Category Asset CI SN Notes Accessory alm_hardware cmdb_ci_acc Business Service cmdb_ci_service Circuit cmdb_ci_circuit Communication Device alm_hardware cmdb_ci_comm Communications Device - currently being used for Telecom Network Devices Communication Device alm_hardware cmdb_ci_comm Computer Peripheral alm_hardware cmdb_ci_peripheral review sub categories and rationalize ESX Server alm_hardware cmdb_ci_esx_server Generator alm_hardware u_generator Group with DataCenter, Consider table name that aligns with standard (u_cmdb_ci_) IP Router alm_hardware cmdb_ci_ip_router IP Switch alm_hardware cmdb_ci_ip_switch Linux Server alm_hardware cmdb_ci_linux_server Panel alm_hardware u_panel Consider tablename that aligns with standard (u_cmdb_ci_) PDU alm_hardware cmdb_ci_pdu Personal Computer alm_hardware cmdb_ci_pc_hardware change to Personal Computer Printer alm_hardware cmdb_ci_printer Rack alm_hardware cmdb_ci_rack Server Chassis alm_hardware cmdb_ci_chassis_server UPS alm_hardware cmdb_ci_ups Asset State & Sub-State – ServiceNow recommends utilizing the Asset Lifecycle States provided by ServiceNow and documented below.
Process Guide Page 80 of 120 State Available Substates Notes On order None Asset has been ordered but not received. In stock Available,Reserved, Defective, Pending repair,Pending install,Pendingdisposal, Pending transfer,Pre-allocated Asset is stored in a stockroom. Substate indicates if it is possibleor recommended to put the assetinto use. In transit Available,Reserved, Defective, Pending install,Pendingdisposal, Pre-allocated In use None Availableonly for non-consumables. Consumed None Availableonly for consumables. In maintenance None Asset is being repaired or undergoing maintenance. Retired Disposed,Sold,Donated, Vendor credit Setting an assetto a Retired state is recommended for assetend of life.Only delete assetrecords that were created erroneously. Missing Lost, Stolen CI Status – ServiceNow recommends utilizing the CI Lifecycle Status OOTB as documented below. CI-Install status Available CI SubStatus In Stock Available In Stock Reserved Pending Repair blank Pending install blank In Stock blank Pending Repair Repairable Pending install Reserved In Stock Disposable In Stock Pre-allocated Installed In use In maintenance blank Retired blank Retired Scrapped Retired Sold Retired Donated Retired Credit Absent blank Absent Lost Stolen blank Cost Center – Cost Center will be utilized as the primary Cost Center attribute. Final validated data is needed from PL for the population of the Cost Center table within ServiceNow. The following is recommended for implementation: SN Attribute SN Notes Name Populate names of Cost Centers (currently just codes) Code Cost Center Code PL to provide Cost Center Data during implementation project
Process Guide Page 81 of 120 Company & Department – Identifying the organizational structure through the use of the Company & Department attributes is critical for IT Asset Management. ServiceNow recommends a hierarchy to identify the institutional structure with the associated BU’s. PL to provide Company Hierarchy Data during implementation project Location – Location data is critical for accurately identifying the physical location of assets. This data is needed to for both ITAM and ITSM. Unlike HR related data that identifies location for People, Asset needs to identify locations of IT Assets including those found in Data Centers, IT Closets, Stockrooms, and etc. The following is recommended for implementation: Validate all the non-user related locations (current locations based on facilities records) PL to provide Location Hierarchy Data during implementation project 7.11.1.1.8Roles and Activities PL will need to identify who will be responsible for IT Asset Management and related activities. As stated in Section 5.1.2, it is recommended that an Asset Center of Excellence teambe created for the management and oversight of Enterprise Asset Activities with localization of enterprise processes. The following Activities should be validated and mapped to Asset Management Roles within PL. Activities ProcessPlanning and Request Produce AssetManagementPlan Define what'sinscope (Models. etc.) Determine selectionguidelines PerformAudit Baseline AssetandCMDB Procurement Manage Vendors Add/Remove newvendors Add/Remove newModels Evaluate appropriate attributes Stockroom / Receiving Receive newasset InputassetTag onto newhardware Create assetsinthe AssetRepository Validate AssetAttributes Assignappropriate statusin the AssetRepository
Process Guide Page 82 of 120 Validate financialsonassetrecord Deploy/ Financials Activate Licenses,Contractsand/orEntitlement3 s Validate assetattributes(Location,financials...etc.) Validate assetStatus Assignassetstousers Update the AssetRepository Manage / Move, Add,Change (MAC) Ensure approvedChange Request Modifyassetattributesin the AssetRepository Planand organize routine Maintenance Execute assetaudits Determine correctiveaction Initiate corrective action execute corrective action Track asset history Transferassetsto newlocations/storerooms Retire / Dispose Retire ordispose asset Update assetto Disposed/Retire in the AssetRepository Generate Disposal report 7.11.1.1.9Reporting (for Stories) The following reports were identified as desired for PL:  Reporting to support annual software vendor contract true-up  True cost of ownership of a service/ sub-service  Hardware refresh schedule for each direct report of any given manager  End-of-life dates for all hardware components that my team manages  Monthly metrics report with data relevant to the CIO report  List of contracts with upcoming contract renewal dates  Exception report listing all unknown and unidentified assets 7.11.1.2 Phase 2 ServiceNow Practical Management – SAM and Expanded Hardware Asset Management Phase 2 of the ServiceNow IT Asset Management Launch within PL will focus on Practical Management of the activities performed during Phase 1. Activities identified in Phase 1 but unable to be implemented will be brought into Phase 2.
Process Guide Page 83 of 120 Note: ServiceNow does not assume an immediate rolling release from Phase 1 to Phase 2. PL may delay Phase 2 efforts while managing the organizational changes related to Phase 1. Alternatively, PL may combine Phase 1 and Phase 2 efforts or elements thereof. 7.11.1.2.1Scope The recommended Scope of Phase 2 includes a primary focus on Practical Management with the following activities:  Holdover – Any efforts discovered from Phase 1  Full IT Asset Management  Software Asset Management 7.11.1.3 Phase 3 ServiceNow Operational Integration – Service Catalog Phase 3 of the ServiceNow IT Asset Management Launch within PL will focus on Operational Integration. Operational Integration is the focus on efficiency with the IT Asset Management services. 7.11.1.3.1Scope The recommended Scope of Phase 3 includes a primary focus on Practical Management with the following activities:  Integrated Service Catalog  Model lifecycle management 7.11.1.4 Phase 4 ServiceNow Strategic Conformance Phase 4 of the ServiceNow IT Asset Management Launch within PL will focus on Strategic Conformance. Strategic Conformance is the focus on Financial Optimization. 7.11.1.4.1Scope The recommended Scope of Phase 4 includes a primary focus on Practical Management with the following activities:  Total Cost of Ownership  Business Services level cost allocation
Process Guide Page 84 of 120 Appendix A: Document Conventions Symbol Description Processstart / endpoint: Representsthe startingandendingpointof the process. ProcessActivity/Task: Presentsanactivityortask that needstobe accomplishedto produce aspecificoutcome. Predefinedexternal processororganization: Indicatedacontributionfrom an external processororganization. Decision:Indicatesthata questionneedstobe answeredinorderto determine the inordertoidentifythe followingActivity/taskinthe process. The answersare indicatedonthe differentconnectorsattachedtothe decisionbox.EveryanswerislinkedtoanassociatedActivity/task. SystemAction or Function: Indicatesthatan action isbeingperformedinthe systemasan outputof the previousactivityandaninputto the next. Off-page reference:Indicatesareference toanotherdiagramwithinthe same process.The numberof the referenceddiagramisindicatedinthe shape. On-page reference:Indicatesalinktoanotheractivitywithinthe same diagram. Association:Representedbyadotedor dashedline,it indicatesan associationora relationbetweenthe connected,processes,tasksoractivities. Sequence flow:Isrepresentedwithasolidlineandarrowhead,andshowsin whichorderthe activitiesare performed.
Process Guide Page 85 of 120 Appendix B: Glossary of Terms and Acronyms Term Acronym Definition Alert A notificationthatathresholdhasbeenreached,somethinghas changed,or a failure hasoccurred.Alertsare oftencreatedand managedbysystemmanagementtoolsandare managedbythe eventmanagementprocess. Assessment Inspectionandanalysistocheckwhetherastandardor setof guidelinesisbeingfollowed,thatrecordsare accurate,or that efficiencyandeffectiveness requirements are beingmet. Asset Anyresource or capability.The assetsof aservice providerinclude anythingthatcouldcontribute tothe deliveryof aservice.Assetscan be one of the followingtypes:management,organization,process, knowledge,people,information,applications,infrastructure or financial capital. Attribute A piece of informationaboutaconfigurationitem.Examplesare name,location,versionnumber,andcost.Attributesof CIsare recordedinthe configurationmanagementdatabase (CMDB). Back-out An activitythatrestoresaservice or otherconfigurationitem toa previousbaseline.Back-outisusedasa formof remediationwhena change or release isnotsuccessful. Baseline (ITILContinualService Improvement) (ITILServiceTransition) A snapshotthatis usedas a reference point.Manysnapshotsmaybe takenand recordedovertime butonlysome will be usedas baselines.Forexample: ▪ An ITSMbaseline canbe usedasa startingpointtomeasure the effectof a service improvementplan ▪ A performance baselinecanbe usedto measure changesin performance overthe lifetimeof anIT service ▪ A configurationbaselinecanbe usedas part of a back-out planto enable the ITinfrastructure tobe restoredto a knownconfigurationif achange or release fails. Business Services An IT Service thatdirectlysupportsaBusinessProcess,asopposedto an Infrastructure Service,which isusedinternallybythe ITService Providerandisnot usuallyvisibletothe Business.The termBusiness Service isalsousedtomeana Service that isdeliveredtoBusiness CustomersbyBusinessUnits. Category A namedgroupof thingsthathave somethingincommon. Categoriesare usedtogroup similarthingstogether. Change The addition,modification,orremoval of anythingthatcouldhave an effectonIT services.
Process Guide Page 86 of 120 Term Acronym Definition Change Advisory Board CAB A groupof people whosupportthe assessment,prioritization, authorization,andschedulingof changes.A change advisoryboardis usuallymade upof representativesfromall areaswithinthe IT service provider,the business,andthirdpartiessuchassuppliers. Change Management CHG The processresponsibleforcontrollingthe life cycle of all changes, enablingbeneficial changestobe made withminimumdisruptionto IT services. Change Record A record containingthe detailsof achange.Each change record documentsthe life cycle of asingle change.A change recordis createdfor everyrequestforchange. Change Request See RequestforChange. Configuration Record CI Record A recordcontainingthe detailsof aconfigurationitem.Each configurationrecorddocumentsthe lifecycle of asingle configurationitem.Configurationrecordsare storedina configurationmanagementdatabase andmaintainedaspartof a configurationmanagementsystem. Configuration Type CI Type A categorythat isusedto classifyconfigurationitems.The CItype identifiesthe requiredattributesandrelationshipsfora configurationrecord.CommonCItypesincludehardware, document,anduser. Classification The act of assigninga categoryto something.Classificationisusedto ensure consistentmanagementandreporting.CIs,incidents, problems,andchangesare usuallyclassified. Closed The final statusin the life cycle of anincident,problem, orchange. Whenthe status isclosed,nofurtheractionistaken. Closure The act of changingthe statusof an incident,problem,orchange to closed. Configuration Item CI Anycomponentorotherservice assetthatneedstobe managedin orderto deliveranIT service. Informationabouteachconfiguration itemisrecordedina configurationrecordwithinthe configuration managementsystemandismaintainedthroughoutitslife cycle by service assetandconfigurationmanagement. Configuration Management Database CMDB A database usedtostore configurationrecordsthroughouttheirlife cycle.The configurationmanagementsystemmaintainsone ormore CMDBs. Each CMDB storesattributesof CIsand relationshipswith otherCIs. Configuration Management System CMS A setof tools,data,and informationthatisusedtosupportservice assetand configurationmanagement.The CMSis part of an overall service knowledgemanagementandincludestoolsforcollecting,
Process Guide Page 87 of 120 Term Acronym Definition storing,managing,updating,analyzing,andpresentingdataaboutall configurationitemsandtheirrelationships.The CMSalsoincludes informationaboutincidents,problems,knownerrors,changes,and releases.Itmaycontaindata aboutemployees,suppliers,locations, businessunits,customers,andusers.The CMSis maintainedby service assetandconfigurationmanagementandisusedbyall IT service managementprocesses. Configuration Record A recordcontainingthe detailsof aconfigurationitem.Each configurationrecorddocumentsthe life cycle of asingle configurationitem. Continual Service Improvement CSI Ensuresthat servicesare alignedwithchangingbusinessneedsby identifyingandimplementingimprovementstoITservicesthat supportbusinessprocesses.The performance of the ITservice provideriscontinuallymeasuredandimprovementsare made to processes,ITservices,andITinfrastructure inordertoincrease efficiency,effectiveness,andcosteffectiveness. Customer Someone whobuysgoodsorservices.The customerof an IT service provideristhe personorgroup whodefinesandagreestothe service level.The termisalsosometimesusedinformallytomean user,forexample,‘Thisisacustomer-focusedorganization.’ Diagnosis A stage inthe incidentandproblemlife cycles.The purpose of diagnosisistoidentifyaworkaroundforanincidentorthe root cause of a problem. Effectiveness A measure of whetherthe objectivesof aprocess,service,oractivity have beenachieved.Aneffectiveprocessoractivityisone that achievesitsagreedobjectives. Seealso KeyPerformance Indicator. Efficiency A measure of whetherthe rightamount of resource hasbeenused to deliveraprocess,service,oractivity. Emergency Change A change that mustbe introducedassoonas possible,forexample to resolve amajorincidentorimplementasecuritypatch.The change managementprocessnormallyhas aspecificprocedure for handlingemergencychanges. Employee Self Service ESS A module inServiceNow thatallowsuserstomake requests,view articles,logincidents,andsearchthe knowledgebase througha user-friendlywebsite calledthe EmployeeSelf-Service Portal (ESS Portal). Entitlement(s) Numberof rightsto be grantedby a software license Event A change of state that hassignificance forthe managementof anIT service orotherconfigurationitem.The termisalsousedtomeanan alertor notificationcreatedbyanyITservice,configurationitem, or
Process Guide Page 88 of 120 Term Acronym Definition monitoringtool. Impact A measure of the effectof anincident,problem,orchange on businessprocesses.Impactisoftenbasedonhow service levelswill be affected.Impactandurgencyare usedto assignpriority. Incident An unplannedinterruptiontoanIT service orreductioninthe quality of an IT service.Failureof aconfigurationitemthathasnot yet affectedservice isalsoanincident. IT Asset Repository The IT AssetRepositoryprovidesasingle,centralizeddatabase that storesand tracks organizational assetsphysicallyandfinancially Key Performance Indicator KPI A metricthat isusedto helpmanage anIT service,process,plan, project,or otheractivity.Manymetricsmaybe measured,butonly the most importantof these are definedaskeyperformance indicatorsandusedto activelymanage andreportonthe process,IT service,oractivity.Theyshouldbe selectedtoensure thatefficiency, effectiveness,andcosteffectiveness isall managed. Known Error KE A problemthathasa documentedrootcause anda workaround. Knownerrorsare createdandmanagedthroughouttheirlife cycle by problemmanagement.Developmentgroupsorsuppliersmayalso identifyknownerrors. Major Incident The highestcategoryof impactfor an incident.A majorincident resultsin significantdisruptiontothe business. Metric Somethingthatismeasuredandreportedtohelpmanage aprocess, IT service,oractivity. Policy Formallydocumentedmanagementexpectationsandintentions. Policiesare usedtodirectdecisionsandto ensure consistent developmentandimplementationof processes,standards,roles, activities,ITinfrastructure,andsoon. Post- implementation Review PIR A reviewthattakesplace aftera change or a projecthas been implemented.Itdeterminesif the change orprojectwassuccessful and identifiesopportunitiesforimprovement. Priority A categoryusedto identifythe relative importance of anincident, problem,orchange.Priorityisbasedonimpactand urgency,andis usedto identifyrequiredtimesforactionstobe taken.Forexample, the SLA may state that priority2 incidentsmustbe resolvedwithin 12 hours. Problem A cause of one or more incidents.The cause isnotusuallyknownat the time a problemrecordiscreated.The problemmanagement processisresponsibleforfurtherinvestigation. RACI RACI A model usedtohelpdefinerolesandresponsibilities.RACIstands
Process Guide Page 89 of 120 Term Acronym Definition for responsible,accountable,consulted,andinformed. Release One or more changesto in IT service thatare built, tested,and deployedtogether.A singlerelease mayinclude changesto hardware,software,documentation,process,andother components. Requestfor Change RFC A formal detailedproposal forachange to be made.The termis oftenmisusedtomeanchange recordor the change itself. Restore Takingactionto return an IT service tothe usersafterrepairand recoveryfroman incident.Thisisthe primaryobjective of incident management. Risk A possible eventthatcouldcause harmor lossor affectthe abilityto achieve objectives.A riskismeasuredbythe probabilityof athreat, the vulnerabilityof the assettothatthreat,and the impact itwould have if it occurred. Role A setof responsibilities,activities,andauthoritiesassignedtoa person or team.A role isdefinedinaprocessor function.One personor teammay have multiple roles.Forexample,asingle personmaycarry outthe role of configurationmanagerandchange manager. Root Cause The underlyingororiginal cause of anincident orproblem. Root Cause Analysis RCA An activitythatidentifiesthe rootcause of an incidentorproblem. Root cause analysistypicallyconcentratesonITinfrastructure failures. Service A meansof deliveringvalue tocustomersbyfacilitatingthe outcomescustomerswanttoachieve withoutthe ownershipof specificcostsandrisks. Service Desk The single pointof contact betweenthe service providerandthe users.A typical service deskmanagesincidentsandservice requests, and alsohandlescommunicationwiththe users. Service Level Measuredand reportedachievementagainstone ormore service level requirements. Service Level Agreement SLA An agreementbetweenanITservice providerandacustomer.A service levelagreementdescribesthe ITservice; documentsservice level requirements,andspecify the responsibilitiesof the ITservice providerandthe customer. Service Management A service-orientedapproachtomanage applications,infrastructure, and processes. Service Manages the lifecycleof one ormore IT services, providesleadership
Process Guide Page 90 of 120 Term Acronym Definition Manager by developingBusinessCases,product linestrategiesandschedules, performsservice cost managementactivities,andmanagesvarious and perhapsconflictingobjectives. Service Request A formal requestfromauser forsomethingtobe provided,for example,arequestforinformationoradvice;toreseta password;or to install aworkstationfora new user. Software License Entitlements Definingthe people ormachinestowhichaspecificpurchased software licenseisassigned.Assetmanagersallocate alicense to entitle auseror machine touse the license Stakeholder A personwhohasan interestinanorganization,project,orIT service.Stakeholdersmaybe interestedinthe activities, resources, or deliverables.Stakeholdersmayincludecustomers,partners, employees,shareholders,owners,orothers. User A personwhousesthe IT service ona day-to-daybasis.Usersare distinctfromcustomers,assome customersdonot use the IT service directly. Workaround Reducingoreliminatingthe impactof an incidentorproblemfor whicha full resolutionisnotyetavailable,forexample,by restarting a failedconfigurationitem.Workaroundsforproblemsare documentedinknownerrorrecords.Workaroundsforincidentsthat do nothave associatedproblemrecordsare documentedinthe incidentrecord.
Process Guide Page 91 of 120 Appendix C: ISO/IEC 19770-2 Software Asset Tagging Adobe wasthe firstmajorsoftware publisherthathasimplementedasoftware identificationtag. Adobe implementeditssoftware tagpriortothe finalizationof the ISO/IEC19770-2 standard,and therefore does not conformto it.However,Adobe'staggingdoesprovide the abilityfororganizationstoaccurately identifyinstalledAdobe software.Adobe introduceditssoftware taggingwiththe CS4productline. Advocates for software tagging Adobe,CA,Microsoft,ModusLink, Symantec,EMC,IBM Software Publishers and Software Microsoft- Basic tags(Product,Version,Tag Creator,Publisher,Licensor,UniqueID,EntitlementRequired)  Win8, WinServer2012  Office 2013, SQL Server2012, Visual Studio2012  Lookingat addingpatchesforoldersupported/active software Symantec- Certified tags(everything thing in basic tag but is normalized,consistent,digitally signed,and used acrossany toolsand any organization and any reporting systems. Also includessecurity requirements - manifestforinstall files and runtimefiles)  Enterprise tools - Control Compliancesuite,EndpointProtection,Netbackup,OpsCenter,etc. Adobe - Non-normalized tags(Adobeimplemented itssoftwaretag priorto the finalization of theISO/IEC 19770-2 standard and thereforedoesnotconformto it)  Creative suite productsfromCS4 AnypublishersusingInstallShield2012 install scripts - varies Physical Platforms supported Windows,Macintosh,Linux,andUnix Who is using the ISO/IEC 19770-2 standard? TagVault.org- http://tagvault.org/ - TagVault.orgisthe registrationauthorityforinternationalstandard ISO/IEC19770-2 software identificationtags(SWIDtags). WG21/TG 21 - http://www.19770.org/ - WorkingGroup(WG) 21 is the ISOworkinggroupresponsiblefor SAMstandardsdevelopment. Technical Group(TG) 21 isa mirrorof WG 21 and is part of the US standardsreviewandcreationorganization DMTF - http://dmtf.org/ - DesktopManagementTaskForce (DMTF) enableseffective managementof IT environments.The organizationiscomprisedof industry-leadingmembercompaniesthatcollaborate on the development,validationandpromotionof infrastructure managementstandards.
Process Guide Page 92 of 120 Appendix D: Asset Management Process Overview The following Process Overviews are provided as best practice baselines for general IT Asset Management processes in line with ITIL’s view of IT Asset Service Management. 1 Asset Management Process Activity Overview (Best Practice Level Stack)
Process Guide Page 93 of 120 2 Asset Management Planning and Design (Best Practice Level Stack)
Process Guide Page 94 of 120 3 Procure Asset Activity (Best Practice Level Stack)
Process Guide Page 95 of 120
Process Guide Page 96 of 120 4 Receive Asset Activity (Best Practice Level Stack)
Process Guide Page 97 of 120 5 Manage Asset Activity (Best Practice Level Stack)
Process Guide Page 98 of 120 6 Dispose Asset Activity (Best Practice Level Stack)
Process Guide Page 99 of 120 Appendix E: Roles Associated with ServiceNow Implementations The following is a guide to the various roles and responsibilities commonly used during the implementation of ServiceNow. These are only meant as a guide and not as an absolute. 1 Customer Resources The following are details related to customer resources: Customer Resources Responsibilities PROJECTSPONSOR Senior Manager who has overall responsibility for the project success.The Project Sponsor sets the vision. SENIOR STAKEHOLDERS Executive Management who take partin Steering Committee meetings and provide adviceto the project team. PROJECTMANAGER Individual responsiblefor all projectmanagement activities including communicatingprogress and mitigatingissues and risks.This person is also thekey point of contactfor Customer project team, and coordinates with the ServiceNow Engagement Manager. On average, the Project Manager dedicates between 40% and 75% of their time to the project. PROCESS OWNERS Individualswho have decision-makingauthority for process definition and tool requirements definition and approval for each of the processes implemented within the ServiceNow product. On average the time commitment of the Process Owners varies between 10% and 25% of their time for the duration of the project. TECHNICAL RESOURCES Customer will supply required technical resource(s) with ITIL, web services xml and JavaScriptexpertiseto accommodate the scope of the Project and to supportthe configuration of any in-scopeintegrations,includingbutnot limited to the following:  Role: Active directory administrator,Activities:Assistancewith LDAP integration  Role: Email administrator,Activities:Assistancewith in-bound / outbound email configuration  Role: Network engineer, Activities:Assistancewith firewall and network configuration"  Role: Server hostingadministrator,Activities:Assistancewith Mid Server configuration  Role DB/System Administrator/Owner,Activities:SME Assistancewith each of the required data sources outlined in Section 2 - Integration Scope  Role: Integration architects,Activities Resource(s) with ITIL and JavaScript expertise to accommodate the scope of servicepurchased and to provide supportfor the agreed integration with Web Services and XML experience.
Process Guide Page 100 of 120 The Technical resources areresponsiblefor the completion of integrations (Consume/Publish) from the 3rd party tools with guidanceprovided by ServiceNow’s Architect and/or Integration Consultant(s). On average the time commitment of the Technical Resources varies between 25% and 40% of their time for the duration of the project. SYSTEM ADMINISTRATOR Customer will supply certified ServiceNow system administrators to accommodate the scope of the Projectand to take an active rolein supportingServiceNow in the configuration of the ServiceNow tool with guidance provided by ServiceNow’s Architect and/or Sr. Consultant(s). On average the time commitment of the System Administrators varies between 75% and 100% of their time for the duration of the project. 2 ServiceNow Resources The following are details related to ServiceNow resources: ServiceNow Resources Responsibilities PRACTICE MANAGER The ServiceNow Executive Sponsor (PracticeManager) will providesupportfor the Engagement Manager, assistwith major issues/escalations,remove obstacles, participatein planningthe scope, assess any scopechanges, review major deliverables,and participatein the project gate reviews and steering committee events. The ServiceNow Executive sponsor will work with the Customer Executive Sponsor and Project team to govern overall projectrisk,recommend opportunities to optimize cost/benefits and focus on the realization of benefits for the overall project. ENGAGEMENT MANAGER ServiceNow Engagement Manager will facilitateprojectplanning,provide implementation expertise, confirmthe Statement Of Work is being adhered to, allocateappropriateresources fromServiceNow, manage escalations,and actas a singlepointof contact for the duration of the Project. The ServiceNow engagement manager will facilitateatminimum a weekly status or update call to ensure the Project is progressingappropriately. TECHNICAL CONSULTANTS ServiceNow will providetechnical consultant(s) to help with application configuration and assistwith knowledge transfer to Customer resource(s). INTEGRATION EXPERT ServiceNow will providean integration expert to assistwith integrations defined above. BUSINESS PROCESS CONSULTANT The business process consultantwill driveprocess definition,re-engineering, improvement and gap analysisof current and future processes together with Customer process owners, key Customer sponsors and stakeholders.
Process Guide Page 101 of 120 Appendix F: Configuration Management Process Overview The concepts described in this guide are aligned with ITIL 2011 and may reference capabilities that are dependentuponotherServiceNow applications.These referenceswill be notedby blueitalicized font. This document assumes that the ServiceNow Discovery product is available and that the Enterprise CMDB plugin has beenactivated. 1.1 Overview A process is defined as a set of linked activities that transform specified inputs into specified outputs, aimed at accomplishing an agreed-upon objective in a measurable manner. The configuration management process definition laid out in this document further breaks down these activities into actions and the role(s) responsible fortheirexecution. This document also describes how ServiceNow supports the configuration management process to identify, record, audit and verify assets and configuration items including their versions, baselines, components,attributesandrelationships. There are strong inter-process relationships between configuration management and the other IT service management processes. Configuration management and the CMDB are the foundation to integrated ITSM processes, and should be considered at the very beginning of any IT service management transformationeffort. 1.2 Process Description A configuration item (CI) is any component or other service asset that needs to be managed in order to provide an IT service. Information about each CI is stored in a configuration record within the configuration management database (CMDB). The configuration management process is responsible for managingthe life cycle of all configurationitemsandtheirrelationshipswithone another. 1.3 Process Goal The primary goal of the configuration management process is to support efficient and effective service management processes by providing accurate information about configuration items. This enables users of that information to make better decisions, and more effectively support the objectives and requirementsof the business. 1.4 Process Objectives The objectivesof the configurationmanagementprocessare to:  Ensure that IT managedassetsare identified,controlledandproperlycaredthroughouttheir lifecycle.  Identify,control,record,report,auditandverifyservicesandotherCIs,includingversions, baselines,constituentcomponents,theirattributesandrelationships.
Process Guide Page 102 of 120  Accountfor, manage andprotect the integrityof CIs,throughthe service lifecycle byworkingwith change managementtoensure thatonlyauthorizedcomponentsare usedandonlyauthorized changesare made.  Ensure the integrityof CIsand configurationsrequiredtocontrol the servicesbyestablishingand maintaininganaccurate and complete CMDB.  Maintainaccurate configurationinformationonthe historical,plannedandcurrentstate of servicesandCIs.  Supportefficientandeffectiveservicemanagementprocessesbyprovidingaccurate configuration informationfordecision-makingpurposes. 1.5 Relationship with Other Processes Process Relation Description Input Output Incident Management The CMDB containsdetailsof the infrastructure vital to efficientincidentclassification,initial support,investigation and diagnosis. X WhenCI recordsare identifiedasinaccurate,incidentrecords are createdandassignedtoconfiguration managementfor correction. X Problem Management CI detailsandrelationshipinformationaidsinrootcause analysis,impactevaluation,andsolutiondevelopment. X Problemrecordsare linkedtorelevantCIrecord(s). X Change Management The CMDB provides change management with the necessary information for the assessment of the risk and impact of proposedchanges. X New,changedordisposedconfigurationitems. Change managementensuresthatthe informationrelatedto impactedCIsisupdatedproperlyfollowingthe implementationof achange. X
Process Guide Page 103 of 120 1.6 Principles and Basic Concepts Policies Configuration management policies are needed to establish the objectives, scope and principles that govern the process and should be considered with the change management and release and deployment managementpoliciesbecause theyare socloselyrelated. Configuration Management policies will be very dependent upon the organization’s business drivers, contractual requirements, and on compliance to applicable laws, regulations and standards. Areas that are typicallyaddressedbypoliciesare:  The need to comply with governance requirements, such as Sarbanes-Oxley, ISO/IEC 20000, or COBIT  The need to deliver the capability, resources and warranties as defined by service level agreements and contracts.  The level of control andrequirementsneededfortraceabilityandauditability.  The requirement to maintain adequate configuration information for internal and external stakeholders.  Level of automationtoreduce errorsand costs. Security Considerations Data securityisa crucial aspectof configurationmanagementandthe CMDB. In additiontobeing effective,securitycontrolsshouldbe easilymaintainedandscalable. The ServiceNow platformprovidesa numberof methodsforsecuringdataincludinguser accesscontrol listrules,datapolicies,contextual security,anddomainseparation. See SecurityBestPractices inthe ServiceNow Wikiforadetailed descriptionof the variousdatasecurityfeaturesavailable tosupportthe configurationmanagement process. Process Roles Each role is assigned to perform specific tasks within the process. Within a specific process, there can be more than one individual associated with a specific role. Additionally, a single individual can assume more than one role within the process although typically not at the same time. Depending on the structure and maturityof a process,all rolesdescribedmaynotexistineveryorganization. The followingdescribesthe typical rolesdefinedforserviceassetandconfigurationmanagement. Role Description Process Owner A Senior Manager with the ability and authority to ensure the process is rolled outand used by the entire IT organization. Responsible and Accountable for:
Process Guide Page 104 of 120  Definingthe overall mission of the process.  Establishingand communicatingthe process mission,goals and objectives to all stakeholders.  Resolvingany cross-functional (departmental) issues.  Ensuringconsistentexecution of the process across theorganization.  Reporting on the effectiveness of the process to senior management.  Initiatingany process improvement initiatives. Configuration Manager Responsible for:  Managingthe day-to-day activities of the process.  Gathering and reporting on process metrics.  Trackingcomplianceto the process.  Agreeing and definingthe serviceassets thatwill be treated as configuration items.  Definingthe structure of the configuration management system, includingCI types, namingconventions, attributes and relationships.  Ensuringthe integrity of the configuration management system, includingthe CI data model and relationships.  Definingand coordinatingConfiguration Analystactivities and responsibilities.  Planningand managingsupportfor Configuration Management tools and processes. Configuration Analyst This rolesupports (and takes direction from) the Configuration Manager as the primary ‘representative’ for a specific CI category. Responsible for:  Contributes to definingthe structure of the configuration management system, includingCI types,naming conventions,required and optional attributes and relationships.  Records and maintains CIs (within scope) in the CMDB.  Trainingstaff in configuration management principles,processes and procedures.  Performing configuration audits. CI Owner The CI Owner is responsiblefor the supporting,maintaining,controllingand updatingof a specific CI or CIs.The CI owner is accountablefor all activities thatdirectly affectthe actual CI. This roleis also responsiblefor all ITSMprocess activities associated with the maintenance and support of the CI. Stakeholder All persons who have an interest in the information contained in the CMDB. Stakeholders may includeemployees, customers, partners, CI owners, and others. Change Management  Ensure that a change request is used for any change to an existingCI attribute or when a CI is added to the CMDB.  Ensure that information in Requests for Change (RFC) are accurate.  MatchingRFCs againstaffected CIs.  Validatingall scheduled changes occur.
Process Guide Page 105 of 120  Notifying configuration management that changes are complete. RACI Matrix Rolesandresponsibilitiesare assignedtospecificprocessactivities. ID Activities ChangeManagement CIOwner Stakeholders ConfigurationAnalyst ConfigurationManager ProcessOwner CFG Process Planning and Design CFG P.1 Produce Configuration Management Plan C C R A/R CFG P.2 Define CMDB Structure C C R A/R CFG P.4 Determine CI Selection Guidelines C C R A/R CFG P.3 Populate CMDB C A/R CFG P.4 Perform Initial Audit C R A/R C CFG P.5 BaselineCMDB I I A/R I CFG 1.0 Configuration Identification CFG 1.1 Evaluate New CI Type to be Created C R A/R CFG 1.2 Assign Unique Identifier R A/R CFG 1.3 Specify Relevant Attributes C R A/R CFG 1.4 Specify AppropriateRelationship(s) C R A/R CFG 1.5 Publish New CI Type I R A/R I CFG 2.0 Configuration Control CFG 2.1 ValidateUpdate Request C A/R CFG 2.2 ValidateCI Attributes I A/R CFG 2.3 Review Invalid Attributes A/R C CFG 2.4 Update CMDB I A/R CFG 3.0 Status Accounting and Reporting CFG 3.1 Authorize or Reject Report Request I R A/R CFG 3.2 Create or Update Configuration Management Report R A/R CFG 3.3 Generate Configuration Management Report R A/R CFG 3.4 DistributeConfiguration Management Report I R A/R CFG 4.0 Verification and Audit CFG 4.1 Approve Verification & Audit Request A/R CFG 4.2 Execute Audit A/R C CFG 4.3 Reconcilewith CMDB A/R CFG 4.4 Determine Corrective Action A/R I CFG 4.5 InitiateCorrectiveCMDB Action A/R CFG 4.6 Execute Corrective Action I A/R R: Responsible, A: Accountable C: Consulted, I: Informed
Process Guide Page 106 of 120
Process Guide Configuration Management Activity Description 1.7 Process Overview Figure 1: Process Overview
Process Guide Process Overview Activity Description ID Activity Description CFG P Process Planning and Design The configuration management team and key stakeholders decide what level of configuration management is required to support the services delivered by the organization and how this level will be achieved and document this in a configuration management plan. While this activity is usually performed once (when the process is first being implemented), it is good practice to periodically review the configuration management plan to ensure that the process remains relevant to the support needs of the organization. CFG 1.0 Configuration Identification This activity determines the scope and criteria of CIs to be included in the CMDB. This includes the modeling of the infrastructure to determine what CIs will look like and how they are related to each other. It also includes establishing naming conventions, enterprise taxonomy and CI selection criteria. CFG 2.0 Configuration Control Configuration control is the activity responsible for ensuring that only authorized and identifiable CIs are in the infrastructure and that there is a corresponding accurate and complete CI record representing the CI in the CMDB. Updates to the CMDB are governed by Configuration Control activities. Unauthorized changes are forwarded to change management for instructions on how to proceed. Discrepancies and errors in the CI configuration are forwarded to the CI Owner for resolution. CFG 3.0 Status Accounting and Reporting This is the production of reports on the current, past and future status of the infrastructureand the CIs under the control of configuration management. CFG 4.0 Verification & Audit This activity involves the review and verification of the physical existence of CIs to check that they are correctly recorded in the CMDB. When discrepancies are found, configuration management consults change management for instructions on what corrective action to execute. There are two possible actions, update the CMDB to reflect what is actually in theinfrastructureor change the CI to match the CMDB. CFG C Continuous Service Improvement Ongoing activities to regularly measureand monitor the efficiency and effectiveness of the process and identify, plan and implement improvements.
Process Guide 1.8 Process Planning and Design Figure 2: Process Planning and Design In order for configuration Management to reflect enterprise goals and objectives, it is important that a set of stakeholders be identified from a representative cross section of the organization. This stakeholder group should include members with both a good appreciation for the business needs, as well as some knowledge of the technical aspects of managing the configurations of the IT infrastructure. Process Planning and Design Activity Description ID Tasks Description CFG P.1 Produce Configuration Management Plan A configuration management plan will be unique to each organization and is based on the level of detail needed to support the services it provides. Following is an example of content that can be included in a configuration management plan: Scope  Applicableservices  Environments and infrastructure  Geographical locations Requirements  Link to policy,strategy  Link to business,servicemanagement and contractual requirements  Summarize requirements for accountability,traceability,auditability Policies
Process Guide  Industry standards,e.g. ISO/IEC 20000  Internal standards,e.g. hardwarestandards,desktop standards Organization  Roles and responsibilities  Change advisory board  Authorization for establishingbaseline,changes and releases Processes and Procedures  Configuration identification  Version management  Establishmentand maintenance of configuration baselines  Procurement and retirement of CIs  Reference implementation plan (data migration and loading, training and knowledge transfer, etc.)  Relationships and interfaces with other processes and groups (fixed asset management, projects, suppliers and sub-contractors,etc.)  Baselineand auditcriteria and procedures CIs  Naming Conventions  Categorization  Attributes  Relationships CFG P.2 Define CMDB Structure  Defining the CMDB structure is a key activity that contributes in making the CMDB a powerful decision support tool. It is important that the appropriate level of CI information be properly defined and agreed upon by the various stakeholders in each organization. See Appendix C for a representation of the defined CMDB structure.  The CMDB structure will contain the various CI classes and their relationship to one another in the delivery of a service. These relationships are used within ServiceNow to create Business Service Management (BSM) maps that can be used to analyze the impact of a change or an incident, evaluate the risk associated to a proposed change, and to build a logical model of the infrastructure. See Figure 3 below for an example of a BSM map. Also see Defining CI Relationships in the ServiceNow Wiki for a recommended approach to definingCI relationships. CFG P.3 Determine CI Selection Guidelines The selection of CIs and level to which they are defined and controlled are very important decisions to be made in the design of the CMDB. CIs can be selected by applying a top- down approach, considering whether it is sensible to break down a CI into component CIs or not. Configuration information that is collected at too granular a level, or in too much detail, may cost more to collect and maintain that the value it provides. CI information is valuable only if it facilitates the management of change, the control of incidents and problems, or the control of assets that can be independently moved, copied or changed. CFG P.4 Populate CMDB  This activity involves the creation of CI records in the CMDB for each CI that has previously been identified as part of the initial CMDB build. Consult the following ServiceNow Wiki articles to evaluatethe different ways for importingdata in the CMDB:  Getting Started with Agentless Discovery in the ServiceNow Wiki describes how the Discovery plugin can collect information on network-connected hardware, the different applications and software that runs on that hardware and the relationshipsbetween all of the items found.  Importing Data Using Import Sets in the ServiceNow Wiki provides information on how to integrate data with existingexternal CMDBs or by simply usinga CSV file.
Process Guide CFG P.5 Perform Initial Audit To ensure the accuracy of the imported data in the CMDB, perform an initial auditbased on samplingcriteriaas outlined in theconfiguration management plan. Examples of samplingcriteria could be:  A predefined percentage of each CI category and their attributes to be captured  Only certain CI types or classes  Integrity of the relationshipsbetween CIs related to predefined service(s) The results of the auditshould be compiled and a report on the accuracy of the initial CMDB data should be submitted to all identified stakeholders for review. CFG P.6 Baseline CMDB To facilitatethe trackingof the different changes that will bemade in the CMDB, itis recommended that a baselineof the audited CIs be made before moving the initial data into the ‘production’instance. Consultthe BaselineCMDB articlein the ServiceNow Wiki for more details and instructions.
Process Guide Figure 3: Business Service Management Map example
Process Guide 1.9 Configuration Identification Figure 4: Configuration Identification Configuration Identification Activity Description ID Tasks Procedure Primary Role Input Output CFG 1.1 Create New CI Evaluate the request and determine the new CI type to be created based on the CI selection guidelines documented in the configuration management plan. Configuration Manager/ Coordinator Change request Configuration management plan New CI type identified CFG 1.2 Assign Unique Identifier  Assign a unique identifier to the new CI type identified. Configuration Manager/ Coordinator New CI type identified New CI type with assigned unique identifier
Process Guide ID Tasks Procedure Primary Role Input Output CFG 1.3  Specify Relevant Attributes Identify the necessary attributes for the new CI type. Consultthe Reference Fields articlein the ServiceNow Wiki for more information on creatingreference fields on a table record. Configuration Manager/ Coordinator New CI type with assigned unique identifier Defined attributes for new CI type CFG 1.4 Specify Appropriate Relationships Specify the appropriate relationshipsrequired for the new CI type. Configuration Manager/ Coordinator Defined attributes for new CI type New CI type associated with appropriate relationships CFG 1.5 Publish New CI Type Publish thenew CI type in the production CMDB. Configuration Manager/ Coordinator New CI type associated with appropriate relationships New CI type published
Process Guide 1.10 Configuration Control Figure 5: Configuration Control Configuration Control Activity Description ID Tasks Procedure Primary Role Input Output CFG 2.1 Validate Update Request The configuration manager receives a request to enter a new CI record or update an existingCI record. Authorized requests are prioritized and forwarded to a configuration management analystfor further processing. Rejected requests are returned to the requestor with an explanation of the rejection. In the caseof new CIs identified by Discovery,verify that an authorized request exists to justify the presence of the discovered CIs. Configuration Manager Assigned task from a request for change (RFC) New CI identified by Discovery Valid request ready to be processed Or Rejected request CFG Validate CI For new CI requests, validate Configuration Valid request ready New CI
Process Guide ID Tasks Procedure Primary Role Input Output 2.2 Attributes that the proposed CI attributes meet the requirements of configuration management as defined in the configuration management plan. If all the proposed CI attributes meet the criteria,the request is approved for updatingthe CMDB. For CI attributes that fail to meet the configuration management plan criteria,rejectthe request and inform the CI owner with proper instructions. Analyst to be processed ready to be created in the CMDB Or CI with invalid attributes identified CFG 2.3 Review Invalid Attributes  Review the submitted instructions for definingproper CI attributes and submit a new request. CI Owner CI with invalid attributes identified Revised attributes CFG 2.4 Update CMDB  Publish thevalid and authorized CI data into the CMDB. New CI ready to be created in the CMDB New CI published in the CMDB 1.11 Status Accounting and Reporting Figure 6: Status Accounting and Reporting Status Accounting and Reporting Activity Description ID Tasks Procedure Primary Role Input Output CFG 3.1 Authorize or Reject Report Request Review the submitted report request and validateif the request is for an existingreport or gauge. Requester New configuration management report request Valid or invalid report request CFG 3.2 Create or Update Configuration Management Report For valid requests,create new configuration report or gauge as requested. Configuration Manager/ Coordinator Valid report request New configuration management
Process Guide ID Tasks Procedure Primary Role Input Output See the CreatingReport ServiceNow Wiki article for more information and detailed procedures. report or gauge CFG 3.3 Publish Configuration Management Report  Publish thecreated report or gauge and send the provided link to the requester. Configuration Manager/ Coordinator New configuration management report or gauge Published report or gauge accessibleby requester 1.12 Verification and Audit Figure 7: Verification and Audit Verification and Audit Activity Description ID Tasks Procedure Primary Role Input Output CFG 4.1 Authorize or Reject Verification Request A request for verification & audit is reviewed and approved or rejected by the Configuration Manager. Rejected requests are returned to the requester with an explanation. Configuration Manager Request for verification & audit Authorized verification & audit request Or Rejection
Process Guide ID Tasks Procedure Primary Role Input Output information sent to requester CFG 4.2 Execute Audit Depending on the scope of the verification or auditrequest, the Configuration Analystperforms an auditvia physical inspection or Discovery. ServiceNow also employs several mechanisms by which data in the CMDB may be certified. See Appendix D for a discussion of these techniques. Configuration Analyst Authorized verification & auditrequest Documented results from verification & audit CFG 4.3 Reconcile with CMDB  Review the compiled results from the auditand compare with CI record information found in the production CMDB. Configuration Analyst Documented results from verification & audit Reconciliation with production CMDB results CFG 4.4  Determine Corrective Action  If discrepancies existbetween the information contained in the CMDB and the actual CI(s),there are two possibleactions to take:  Update the CMDB to reflect what was verified in the infrastructure  Change the CI to match the information in the CMDB The task of correction is passed to the CI Owner. Configuration Analyst Reconciliation with production CMDB results CMDB information to be corrected Or CI to be modified to reflect information in CMDB CFG 4.5  Initiate Corrective CMDB Action  Update the CMDB so that the CI record matches the ‘as is’CI configuration in the infrastructure. Configuration Analyst CMDB information to be corrected Corrected CMDB discrepancies CFG 4.6  Execute Corrective Action  Change the configuration of the actual CI so that it matches the CMDB CI record. CI Owner CI to be modified to reflect information in CMDB CI matching information in CMDB CI record Process Control Process controls are the policies and principles that provide direction over the operation of processes and define constraintsorboundarieswithinwhichthe processmustoperate. Name Description Audits The frequency of configuration audits
Process Guide Name Description Policies Policies and criteria for the inclusion of a component and its attributes in the CMS. Security Policies Security policiesgoverningaccess to the CMS. Data Exchange Policies Policy and criteria for the exchange of data between the CMDB and other configuration management repositories. Scope The scope of the configuration management process.Includes identification of what is included in and what is excluded from the Configuration Management process. Change Management Policies Change Management Policies and procedures. Management Reports The frequency and distribution for regularly produced management reports. DatabaseBackups Frequency of CMS, CMDB and DSL housekeeping activities (i.e.,backup,archive) Systems Management Architecture The architectureprovidingdirection on how Systems Management tools and processes areto be selected, designed and integrated 1.13 KPIs KPIsare bestrepresentedastrendlinesandtrackedovertime. Theyprovide informationonthe effectiveness of the processandthe impactof continuousimprovementefforts. KPI/Metric Purpose Quality and accuracy of configuration information Measure of how well an accurateand complete configuration management system is established and maintained. Increasein re-use and redistribution of under- utilized resources and assets Accounting for, managingand protecting the integrity of CIs throughout the servicelifecycle Reduced number of exceptions reported during configuration audits Accounting for, managingand protecting the integrity of CIs throughout the servicelifecycle Number of RFCs without correspondingCI updated in CMDB Measure of how well an accurateand complete configuration management system is established and maintained. 1.14 Reports & Homepage Gauges There are numerous default reports available in ServiceNow that can be used to generate charts, publish to a URL, or schedule to be run and distributed at regular intervals. Users can also create custom reports. See CreatingReports inthe Wiki formore detail onthiscapability. In addition to reports, each user can create a personal homepage and add gauges containing up-to-the-minute information about the current status of records that exist in ServiceNow tables. See Customizing Homepages inthe Wiki fordetails.
Process Guide Appendix G: Data Certification and Verification There are multipleapproachesthatcanbe takentohelpensure thatdata inthe CMDB is accurate. These methodscanbe appliedtodatamanagedby Discovery,if internalcontrolsrequire it,butare usuallyappliedto undiscoverable datasuchas special relationships,CIownership,oranyotherpeople-relatedinformation.  Data Certification - Datacertificationmanagesscheduledandon-demandvalidationsof CIdatathat has beenaddedtothe CMDB by the ServiceNow Discoverytool,byimportingfromthird-partytools,or manually.Forregulatoryorprocedural reasons,informationinthe CMDBneedstobe checkedforaccuracy and certified.The personorteamresponsibleforcertificationcandefinewhatinformationshouldbe verifiedaswell asthe verificationschedule.The schedulethengeneratesachecklistof tasksforverifying the data. Individualsassignedtocertificationtasksansweraseriesof questionstoverifythe data. For example,acertificationcanbe setup to validate keyinformationfields,suchas OperatingSystem andCPU Count,on all WindowsserverslocatedinChicagoandassignthe taskstothe appropriate teammember automatically. Data Certificationmanagesthe tasksassignedtospecificindividualswhoare responsible forphysically verifyingthe datainquestion. Datacertificationcanalsobe performedagainstspecificfieldsonnon-CMDB CI tables.  Compliance - Complianceisasetof toolsthat enable administratorstocertifyServiceNow dataforvalidity and correct anydiscrepanciesfound.Compliance offers theseoptionstosuitan organization’ssizeand requirements: o DesiredState – Thisapplicationconductsscheduledoron-demandauditsof CMDBdata to determine whichconfigurationitems(CI) matchadesiredstate.The certificationprocesscan meancheckingserverstoensure thattheirphysical resources,suchasCPUspeedor memory, complywithcertainstandards,orensuringthatall critical businessserviceshave amanager, supportgroup,and approval group. The administratorresponsibleforcompliance creates template definitionsof desiredstatesandthenschedulesanaudittocheck CIsagainstthe definition.The auditresultsidentifyCIsthatpasscertificationanditemize the discrepanciesof those that fail.ServiceNow thenautomaticallygeneratesfollow-ontaskstotrack the process of adjustingthe CIstothe desiredstate. o Architecture Compliance –Thisapplicationmanagesscheduledoron-demandreviewsof CMDB data to determinewhichCIsmatchexpectedattributes.The compliance auditscheck serverstoensure thattheirphysical resources,suchasCPU speedormemory,complywith certainstandards. The administratorresponsibleforcompliance createstemplatedefinitionsof expected attributesandthenschedulesanaudittocheckCIs for compliance.The auditresultsidentify CIs thatpass certificationanditemize the discrepanciesof those thatfail.ServiceNow automaticallygeneratesandassignsfollow-ontaskstotrackthe processof gettingthe CIs back intocompliance.

More Related Content

PDF
HGConcept-CMDB-Blueprint Design
byHGConcept Inc.
 
PPTX
Configuration Management Maturity
byMichaël Danys
 
PPTX
ITService Management roadmap
byRuslan Osorio Guerra
 
PDF
Why CMDB - 7 Fundamental Use Cases
byDavid Messineo
 
PPTX
service-mapping-readiness.pptx
byssuser34987b
 
PDF
QBrainX - Webinar on ServiceNow CMDB Discovery
byQbrainx - Digital Transformation & Technology Solu
 
PDF
Structured Approach to Implementing and Operating Outsourcing and Managed Ser...
byAlan McSweeney
 
PDF
SLA to XLA Workshop, Edinburgh 2019
bynexthink
 
HGConcept-CMDB-Blueprint Design
byHGConcept Inc.
 
Configuration Management Maturity
byMichaël Danys
 
ITService Management roadmap
byRuslan Osorio Guerra
 
Why CMDB - 7 Fundamental Use Cases
byDavid Messineo
 
service-mapping-readiness.pptx
byssuser34987b
 
QBrainX - Webinar on ServiceNow CMDB Discovery
byQbrainx - Digital Transformation & Technology Solu
 
Structured Approach to Implementing and Operating Outsourcing and Managed Ser...
byAlan McSweeney
 
SLA to XLA Workshop, Edinburgh 2019
bynexthink
 

What's hot

PDF
Digital Operating Model & IT4IT
byDavid Favelle
 
PDF
ITIL4 and ServiceNow
byITSM Academy, Inc.
 
PDF
Itil v4-mindmap
byIsmail aboulezz
 
PDF
Knowledge Management in ServiceNow
byEnamul Haque
 
PPTX
Introducing ITIL
byRobert Thomas
 
PPTX
CMDB - Use Cases
byPuru Amradkar
 
PDF
ITIL v4 Foundation course
byQRPInternational
 
PPTX
CMDB - Strategic Role in IT Services - Configuration Management Moves Front a...
byEvergreen Systems
 
PDF
Service Request Management System
byIOPTechnologiesLLP
 
PPTX
ITIL Basic concepts
bySpyros Ktenas
 
PDF
IT4IT real life examples & myths and rumors dispelled
byTony Price
 
PPTX
ITIL Introduction
byRavi Kiran
 
PPTX
Servicenow ppt
byServiceNow – The Enterprise Cloud Company
 
PPTX
ITIL Service Design
byMarvin Sirait
 
PPTX
11 Actions that will make your SIAM Programme successful
bySteve Morgan
 
PPTX
ITIL Change Management - Plan and deploy changes with confidence
byFreshservice
 
PPTX
Effectively Planning for an Enterprise-Scale CMDB Implementation
byAntonio Rolle
 
PPT
It Service Management Implementation Overview
byAlan McSweeney
 
PPT
Service level management
byYasir Karam
 
PDF
ITIL® and SIAM: An Example ITIL-based Model for Effective Service Integration...
byAXELOS Global Best Practice
 
Digital Operating Model & IT4IT
byDavid Favelle
 
ITIL4 and ServiceNow
byITSM Academy, Inc.
 
Itil v4-mindmap
byIsmail aboulezz
 
Knowledge Management in ServiceNow
byEnamul Haque
 
Introducing ITIL
byRobert Thomas
 
CMDB - Use Cases
byPuru Amradkar
 
ITIL v4 Foundation course
byQRPInternational
 
CMDB - Strategic Role in IT Services - Configuration Management Moves Front a...
byEvergreen Systems
 
Service Request Management System
byIOPTechnologiesLLP
 
ITIL Basic concepts
bySpyros Ktenas
 
IT4IT real life examples & myths and rumors dispelled
byTony Price
 
ITIL Introduction
byRavi Kiran
 
Servicenow ppt
byServiceNow – The Enterprise Cloud Company
 
ITIL Service Design
byMarvin Sirait
 
11 Actions that will make your SIAM Programme successful
bySteve Morgan
 
ITIL Change Management - Plan and deploy changes with confidence
byFreshservice
 
Effectively Planning for an Enterprise-Scale CMDB Implementation
byAntonio Rolle
 
It Service Management Implementation Overview
byAlan McSweeney
 
Service level management
byYasir Karam
 
ITIL® and SIAM: An Example ITIL-based Model for Effective Service Integration...
byAXELOS Global Best Practice
 

Viewers also liked

PPTX
ServiceNow Overview
byJeremy Smith
 
PDF
end-to-end service management with ServiceNow (English)
byOrange Business Services
 
PDF
How To Drive A Successful ServiceNow Implementation
byAspire Systems
 
PDF
HGConcept-ITAM-Design
byHGConcept Inc.
 
PDF
7 Steps to a successful ServiceNow Implementation
byNavvia
 
PDF
Managing Software Entitlements in Software Asset Management Solutions from CA
byCA Technologies
 
PDF
Asset management
byrob coulson
 
PPTX
Configuration Managment Powerpoint
byJeannine Jacobs, MS
 
PPTX
Pre-Con Ed: Software Asset Management Jump Start: Ingredients to Success
byCA Technologies
 
PPTX
Maximize Control with ITIL Service Asset & Configuration Management
byBMC ITSM
 
PDF
HGConcept-CMDB-Service Design
byHGConcept Inc.
 
PDF
How to Get Your Life Back: Succeeding at Software Asset Management (SAM) at F...
byCA Technologies
 
PDF
Rob England, Dead Cat Syndrome by The IT Skeptic
byTFT presentations Tomorrow's IT Service Future Today
 
PDF
Benefits of Software Asset Management
byIskandar Ahmat
 
PPTX
C17 corrective & preventive actions (capa)
byIka Nurkasanah
 
PDF
blay Oracle Audit Defence_ ITAM Review Audit Defence Workshop Amsterdam April...
byMartin Thompson
 
PDF
How To Save A Million Dollars in 15 Minutes with Software Asset Management (a...
byCA Technologies
 
PPTX
ITAM Best Practices - Knowledge14
byMartin Thompson
 
ServiceNow Overview
byJeremy Smith
 
end-to-end service management with ServiceNow (English)
byOrange Business Services
 
How To Drive A Successful ServiceNow Implementation
byAspire Systems
 
HGConcept-ITAM-Design
byHGConcept Inc.
 
7 Steps to a successful ServiceNow Implementation
byNavvia
 
Managing Software Entitlements in Software Asset Management Solutions from CA
byCA Technologies
 
Asset management
byrob coulson
 
Configuration Managment Powerpoint
byJeannine Jacobs, MS
 
Pre-Con Ed: Software Asset Management Jump Start: Ingredients to Success
byCA Technologies
 
Maximize Control with ITIL Service Asset & Configuration Management
byBMC ITSM
 
HGConcept-CMDB-Service Design
byHGConcept Inc.
 
How to Get Your Life Back: Succeeding at Software Asset Management (SAM) at F...
byCA Technologies
 
Rob England, Dead Cat Syndrome by The IT Skeptic
byTFT presentations Tomorrow's IT Service Future Today
 
Benefits of Software Asset Management
byIskandar Ahmat
 
C17 corrective & preventive actions (capa)
byIka Nurkasanah
 
blay Oracle Audit Defence_ ITAM Review Audit Defence Workshop Amsterdam April...
byMartin Thompson
 
How To Save A Million Dollars in 15 Minutes with Software Asset Management (a...
byCA Technologies
 
ITAM Best Practices - Knowledge14
byMartin Thompson
 

Similar to SACM Workshop Best Practice and Road Map Implementation Process Guide - PL Corp Dec 2015

PDF
Infrastructure Management PowerPoint Presentation Slides
bySlideTeam
 
PPTX
Implementing IT Service Management: A Guide to Success
byDave Cornelius - Value Contributor-agility and innovation
 
PDF
Infrastructure Planning And Management Powerpoint Presentation Slides
bySlideTeam
 
PDF
Presentation Maintenance Cloud.pdf
byWalidShoman3
 
PDF
It asset management processes using tivoli asset manager for it sg247601
byBanking at Ho Chi Minh city
 
PDF
It asset management processes using tivoli asset manager for it sg247601
byBanking at Ho Chi Minh city
 
PDF
Strategies for Effective Hardware and Software Asset Management
byCA Technologies
 
PPTX
E2E technology Asset Management Transformation Example
byAkshyadeep Raghav
 
PPTX
Indranil Guha, Head of IT Infrastructure at Commercial Bank of Dubai - Agile ...
byGlobal Business Events
 
PPTX
Asset Management vs. Configuration Management: Who's Winning?
byCireson
 
PDF
ML-MT4572 - Safak (2)
byJessie Maguire
 
PDF
CI Lifecycle in ServiceNow CMDB_ A Comprehensive Guide.pdf
bygauthamroyalcyber
 
DOCX
ServiceNow Software Asset Management - PPT.docx
byMultisoft Virtual Academy
 
PDF
It asset management processes using tivoli asset manager for it sg247601
byBanking at Ho Chi Minh city
 
PPTX
(ONLINE) ITIL Indonesia Community - Practical SACM
byITIL Indonesia
 
PDF
It asset management_wp
bywardell henley
 
PPT
Jeremy carson nz oracle user group presentation an overview of enterprise a...
byobulreddy biyyam
 
PDF
TLM_SalesSheet_AUNZ
byJonathan Morgan
 
PPTX
Challenges in implementing property management system -- presented in Aug'15 ...
byJackie Luo
 
PPTX
The Issues Slashing IT Productivity
byIvanti
 
Infrastructure Management PowerPoint Presentation Slides
bySlideTeam
 
Implementing IT Service Management: A Guide to Success
byDave Cornelius - Value Contributor-agility and innovation
 
Infrastructure Planning And Management Powerpoint Presentation Slides
bySlideTeam
 
Presentation Maintenance Cloud.pdf
byWalidShoman3
 
It asset management processes using tivoli asset manager for it sg247601
byBanking at Ho Chi Minh city
 
It asset management processes using tivoli asset manager for it sg247601
byBanking at Ho Chi Minh city
 
Strategies for Effective Hardware and Software Asset Management
byCA Technologies
 
E2E technology Asset Management Transformation Example
byAkshyadeep Raghav
 
Indranil Guha, Head of IT Infrastructure at Commercial Bank of Dubai - Agile ...
byGlobal Business Events
 
Asset Management vs. Configuration Management: Who's Winning?
byCireson
 
ML-MT4572 - Safak (2)
byJessie Maguire
 
CI Lifecycle in ServiceNow CMDB_ A Comprehensive Guide.pdf
bygauthamroyalcyber
 
ServiceNow Software Asset Management - PPT.docx
byMultisoft Virtual Academy
 
It asset management processes using tivoli asset manager for it sg247601
byBanking at Ho Chi Minh city
 
(ONLINE) ITIL Indonesia Community - Practical SACM
byITIL Indonesia
 
It asset management_wp
bywardell henley
 
Jeremy carson nz oracle user group presentation an overview of enterprise a...
byobulreddy biyyam
 
TLM_SalesSheet_AUNZ
byJonathan Morgan
 
Challenges in implementing property management system -- presented in Aug'15 ...
byJackie Luo
 
The Issues Slashing IT Productivity
byIvanti
 
In this document
Powered by AI

This section introduces the SACM process for PL Corporation, highlighting versions, important parties involved, and critical recommendations for improvement based on assessment.

Describes the SACM workshop objectives at PL, including the review of processes and best practices, aiming for effective IT Asset Management in ServiceNow.

Discusses the scope and goals of IT Asset Management processes, focusing on governance, cost reduction, compliance enhancement, and efficiency decisions.

Amounting IT asset lifecycle management best practices, emphasizing phases from request to disposition, addressing asset optimization and reporting.

Introduces roles in SACM, including the governance model, RACI matrix for responsibilities, and key processes for proper asset tracking and management.

Outlines the overall lifecycle processes in asset management, detailing each phase with objectives and relevant tools for effective management.

Provides a phased implementation roadmap for SACM processes, emphasizing the importance of integrating processes within overall IT management.

Details foundational configuration needs for implementing IT Asset Management within ServiceNow, suggesting plugins and model guidelines.

Describes the tiered implementation approach for ServiceNow IT Asset Management, emphasizing governance, data quality, and operational integration.

Summarizes PL Corporation's current capability assessment in IT Asset Management and identifies recommended next steps for improvement.

Includes document conventions, glossary terms, software asset tagging practices, and asset management process overviews for further guidance.

SACM Workshop Best Practice and Road Map Implementation Process Guide - PL Corp Dec 2015

  • 1.
    SERVICE, ASSET &CONFIGURATION WORKSHOPGUIDE FOR PL CORPORATION VERSION:1.3
  • 2.
    IT Asset Management SACMProcess Guide v1.3 Page 2 of 120 RevisionHistory Version Date of Issue Nature of Changes Author (s) 1.1 December28, 2015 Initial Doc–Internal – PT (Linium) &DS (SN) PhilipTishberg- Linium 1.2 January15, 2016 Final Notes/RecommendationsCompleted PhilipTishberg- Linium 1.3 January15, 2016 Final DeliverableContent DinoSammarco
  • 3.
    IT Asset Management SACMProcess Guide v1.3 Page 3 of 120 Table of Contents 1 EXECUTIVE SUMMARY...................................................................................................................6 1.1 Scope...........................................................................................................................................................................6 1.2 Process Description...............................................................................................................................................6 1.3 Critical Findings.....................................................................................................................................................6 1.4 Critical Recommendations.................................................................................................................................8 1.5 Next Steps.................................................................................................................................................................9 2 ASSET WORKSHOP OVERVIEW.....................................................................................................11 2.1 Scope........................................................................................................................................................................12 2.2 Process Description............................................................................................................................................12 2.3 Process Goal..........................................................................................................................................................13 2.4 Process Objectives...............................................................................................................................................13 2.5 Best Practice Relationship with other processes....................................................................................14 2.6 Best Practice Asset Management..................................................................................................................14 3 PROCESS ROLES...........................................................................................................................16 3.1 Best Practice RACI Matrix...............................................................................................................................18 3.2 PL Process Roles..................................................................................................................................................19 4 ASSET MANAGEMENT LIFECYCLE PROCESS OVERVIEW .................................................................20 4.1 Best Practices – Asset Management Lifecycle Process Overview.....................................................20 4.2 Best Practices – Asset Management Lifecycle Process Overview (phases 1-4)...........................20 4.3 Best Practices – Asset Management Lifecycle Process Overview (phases 5-7)...........................24 4.4 Best Practices – Asset Management Lifecycle Process Overview (phases 8-10)........................27 4.5 PL – Asset Management Lifecycle Processes / Business Use Cases..................................................29 5 ASSET MANAGEMENT PROCESS GUIDE ........................................................................................30 5.1 Governance............................................................................................................................................................31 5.1.1 Policy Management........................................................................................................................................31 5.1.2 Processes.............................................................................................................................................................32 5.2 Fulfillment.............................................................................................................................................................37 5.3 Auditing..................................................................................................................................................................41 5.4 Active Asset Management................................................................................................................................45 5.5 Disposition.............................................................................................................................................................49 5.6 IT Financial Management...............................................................................................................................52 6 SERVICENOW CONFIGURATION REQUIREMENTS..........................................................................58 6.1 ServiceNow Plugins............................................................................................................................................58 6.2 Model / Class (Product Catalog)...................................................................................................................58 6.3 Models.....................................................................................................................................................................59 6.4 Asset Class.............................................................................................................................................................60 6.5 Configuration Item Class (Model Category).............................................................................................60 6.6 Asset and Configuration Item Status...........................................................................................................61 6.7 Asset States (install_status)............................................................................................................................61 6.8 CI Statuses(install_status)..............................................................................................................................62 6.9 Asset & CI State/Status Synchronization...................................................................................................63 6.10 Naming Conventions & Data Normalization.........................................................................................63 6.11 Naming Conventions.......................................................................................................................................64 6.12 Data Normalization........................................................................................................................................64
  • 4.
    IT Asset Management SACMProcess Guide v1.3 Page 4 of 120 6.13 Integrations........................................................................................................................................................65 6.14 MID Server..........................................................................................................................................................65 6.15 Web Services......................................................................................................................................................65 7 SERVICENOW IMPLEMENTATION.................................................................................................67 7.1 Implementation Methodology.......................................................................................................................67 7.2 PL Current Capability Summary...................................................................................................................70 7.3 Tier 0 Governance Capability.........................................................................................................................70 7.4 Tier 1 Trustworthy Data..................................................................................................................................70 7.5 Tier 2 Practical Management........................................................................................................................71 7.6 Tier 3 OperationalIntegration......................................................................................................................71 7.7 Tier 4 Strategic Conformance........................................................................................................................72 7.8 Implementation Roadmap..............................................................................................................................73 7.9 Roadmap Overview............................................................................................................................................73 7.10 Process Roadmap.............................................................................................................................................73 7.11 Technology Roadmap.....................................................................................................................................74 APPENDIX A: DOCUMENT CONVENTIONS.........................................................................................84 APPENDIX B: GLOSSARY OF TERMS AND ACRONYMS........................................................................85 APPENDIX C: ISO/IEC 19770-2 SOFTWARE ASSET TAGGING ...............................................................91 APPENDIX D: ASSET MANAGEMENT PROCESS OVERVIEW .................................................................92 1 ASSET MANAGEMENT PROCESS ACTIVITY OVERVIEW (BEST PRACTICE LEVEL STACK).....................................92 2 ASSET MANAGEMENT PLANNING AND DESIGN (BEST PRACTICE LEVEL STACK).................................................93 3 PROCURE ASSET ACTIVITY (BEST PRACTICE LEVEL STACK).....................................................................................94 4 RECEIVE ASSET ACTIVITY (BEST PRACTICE LEVEL STACK)......................................................................................96 5 MANAGE ASSET ACTIVITY (BEST PRACTICE LEVEL STACK)......................................................................................97 6 DISPOSE ASSET ACTIVITY (BEST PRACTICE LEVEL STACK)......................................................................................98 APPENDIX E: ROLES ASSOCIATED WITH SERVICENOW IMPLEMENTATIONS........................................99 1 CUSTOMER RESOURCES.....................................................................................................................................................99 2 SERVICENOW RESOURCES.............................................................................................................................................100 APPENDIX F: CONFIGURATION MANAGEMENT PROCESS OVERVIEW...............................................101 1.1 OVERVIEW..................................................................................................................................................................101 1.2 PROCESS DESCRIPTION............................................................................................................................................101 1.3 PROCESS GOAL..........................................................................................................................................................101 1.4 PROCESS OBJECTIVES...............................................................................................................................................101 1.5 RELATIONSHIP WITH OTHER PROCESSES............................................................................................................102 1.6 PRINCIPLES AND BASIC CONCEPTS.......................................................................................................................103 1.7 PROCESS OVERVIEW ................................................................................................................................................107 1.8 PROCESS PLANNING AND DESIGN .........................................................................................................................109 Process Planning andDesign Activity Description.........................................................................................109 1.9 CONFIGURATION IDENTIFICATION ........................................................................................................................113 Configuration Identification ActivityDescription..........................................................................................113 1.10 CONFIGURATION CONTROL..................................................................................................................................115 Configuration Control ActivityDescription......................................................................................................115 1.11 STATUS ACCOUNTING AND REPORTING ............................................................................................................116 Status Accounting and Reporting Activity Description................................................................................116 1.12 VERIFICATION AND AUDIT ...................................................................................................................................117
  • 5.
    IT Asset Management SACMProcess Guide v1.3 Page 5 of 120 Verification and Audit ActivityDescription......................................................................................................117 1.13 KPIS..........................................................................................................................................................................119 1.14 REPORTS & HOMEPAGE GAUGES........................................................................................................................119 APPENDIX G: DATA CERTIFICATION AND VERIFICATION..................................................................120
  • 6.
    IT Asset Management SACMProcess Guide v1.3 Page 6 of 120 1 Executive Summary 1.1 Scope The following Service Asset & Configuration Management (SACM) Guide was created in support of an Asset & Configuration Management Workshop between PL Corporation and ServiceNow (SN). The results of the Asset & Configuration Management Workshop are provided within this report. The Asset & Configuration Management Workshop (Service, Asset & Configuration Workshop) was held at PL’s Corporate Headquarters in Birmingham, Alabama. Stakeholders from PL were present to provide details related to Service Asset & Configuration Management within PL. 1.2 Process Description This report identifies the facts discovered during onsite efforts with PL and any follow-up efforts that may have occurred or planned for at the time of this document. These facts serve as baseline information that is used to both assess the current ITAM environment and recommend roadmap activities. Any details provided by PL are both referenced and embedded within this document unless otherwise noted. ServiceNow recognizes the importance of IT Asset Management for mitigating risks, reducing costs, and optimizing services supported by technology. The ability to effectively perform IT Asset Management is based on several factors identified as the Asset Lifecycle. The ServiceNow IT Asset Management Methodology focuses on enabling efficient management of IT Assets based on industry standards and real-world experience. The following are summary elements that identify critical findings and recommended next steps. 1.3 Critical Findings PL is beginning a new effort related to IT Asset Management. This effort currently lacks the following elements for long-term success. 1. Protective currently does not have a single central repository of asset records across the company. Instead a variety of disconnected tracking tools are used to store segments of information:  SCCM is relied on for asset discovery data. SCCM reports only discoverable attributes of discoverable assets thereby missing cost and assignment information for all assets and missing the In Stock, In Maintenance, and Retired assets entirely  Protective has a “project allocation” method for their financial system that is used to track asset purchases, however these are not organized in a single easy to access data store, and are only tied to specific assets, especially those that are not capitalized  Spreadsheets are used to track pieces of information, however there are no whole asset records with inventory. The cost and contractual data is being tracked through the Finance/Procurement Group (Laura)
  • 7.
    IT Asset Management SACMProcess Guide v1.3 Page 7 of 120 2. There is currently no policy-driven, end-to-end Asset Lifecycle Management process in place across the organization and asset types to manage and track assets from the time they are acquired to the time they are disposed. The front (beginning) of the Asset Lifecycle is better understood, managed and tracked. The predicament question of “Where is the asset?” after it arrives is what is underlining this Critical Finding. Specifically:  Each IT Services team has their own set of procedures that they follow to complete their tasks  There are no documented process policies or procedures across Protective  There is no process automation to enable efficient reportable process compliance  There is no tracking of process updates to asset records, such as when and where it was returned to stock 3. The third key observation is that there is currently no formal IT Asset & Configuration Management organization with defined roles and responsibilities and users and groups assigned to the roles. The IT Services teams perform designated services related to the assets they manage, however their guardianship over the asset record is not defined or documented.  There is no formal program management office (PMO) for SACM  There is no governance for SACM  There are no documented roles and responsibilities for SACM  There is no continuous end-to-end ALM process governing the complete asset lifecycle - Procurement, Stockroom Management, Request Management, Move / Add / Change (MAC), Support, and Disposition  There are no targets or metrics to report their progress for asset management related tasks such as creating or updating asset records in a timely manner following an introduction or modification of an asset  There is no formal audit procedure in place to measure the accuracy of asset and configuration data 4. There is currently no real synergy between asset and configuration management and the business and IT services they support.  ServiceNow is not being used yet as the CMDB with raw discovery data being relied on referentially when evaluating incidents and planning upcoming changes  No formal integration or synchronization of processes or data between the key process areas of SACM – Financial, Contract, and Physical asset management  No formal synchronicity at either the process or data level with the IT Services that rely on trustworthy SACM data: Incident, Problem, Change, Release & Deployment, Disaster Readiness, Continuity and Availability management services  No comprehensive CMDB with consistent standard based configuration item records, attributes and relationships to support the IT services
  • 8.
    IT Asset Management SACMProcess Guide v1.3 Page 8 of 120 5. There is currently no business services map identifying the PL critical business services and the relationships of the IT assets and configuration items that support them.  No CI relationships among CIs  No ability to gauge impact of a proposed change based on CI relationships  No ability to report total cost of ownership of assets at the Asset Level, It is there for the business service level due to the Financial “Service Allocation Method” employed.  PL current ITAM Capability Assessment score is 1.8 out of a total 4.0. This assessment is based on the International Standards Organization (ISO) tiered Asset Implementation recommendation. A score of less than 3.0 shows a need to focus on Governance and Trustworthy Data (See Section 7.2) Tier / Activity Score Tier 0 – Governance 0.4 Tier 1 – Trustworthy Data 0.5 Tier 2 – Practical Management 0.5 Tier 3 – Operational Integration 0.5 Tier 4 – Strategic Conformance 0.5 Total Capability Score (out of 4.0) 1.8 1.4 Critical Recommendations Based on best practices from our customers and experts, the following critical recommendations have been made. PL has some pieces in place that will be needed for a successful SACM program. What is lacking is the stitching together of these pieces. The following key recommendations will form the basis of the PL Foundational SACM framework. R1. Establish a common data model for the use of asset and configuration item data elements in the ServiceNow platform  Foundational data including users, departments, entities, locations, and stockrooms  Model management data including vendors, models, and maintenance contracts  Asset identification data including model, asset tag, and serial number  Asset assignment data including assigned user, department, location, entity, stockroom, host computer, cluster, rack, rack unit, and operating environment R2. Establish a SACM organization of defined roles and responsibilities with data stewards assigned for each asset type
  • 9.
    IT Asset Management SACMProcess Guide v1.3 Page 9 of 120  SACM Process Owner  Hardware asset managers – Microsystems (Desktop, Unix, Virtual) & Other (e.g., Headsets) and IT Services  Software asset managers – Microsystems and IT Services (same as above, esp. figure out non-persistent DT tracking if the value is for license & is the only effected determinant for the data tracking)  Configuration manager  SACM data analyst  SACM tools administrator R3. Establish a common end-to-end policy driven and metric monitored Asset Lifecycle Management (ALM) processes for all asset types and management scopes covered by Protective IT Services  Request fulfillment - Deployment  Acquisition – Purchase tracking and Receive  Mass moves – Departments, Data centers, etc.  Reclaim/ restock of unused assets  Retirement and disposal of assets at end of life R4. Establish the ServiceNow CMDB  Define the data model – configuration items and attributes desired for the CMDB  Configure SCCM to capture desired data elements  Import the SCCM discovery data (Compare for cleaning against the BDNA data for a more accurate inventory prior to migrating into Production for use)  Update configuration items with non-discoverable attributes (Wyse Terminals?) R5. Establish a Business Services Maps using ServiceWatch that can be used for impact analysis when managing incidents, changes, and unplanned events  Identify core services where continuity, availability, and capacity are key  Identify the entry points to these services, such as a URL  Let ServiceWatch build and update the Business Service Map 1.5 Next Steps An implementation plan has been provided (See Section 7) that suggests a phased approach for SACM at PL using ServiceNow. This phased implementation will need to include the time to build the requirements (stories) needed to begin a technical implementation of Phase 1. It is recommended to focus on any Process recommendations while implementing the technical requirements.
  • 10.
    IT Asset Management SACMProcess Guide v1.3 Page 10 of 120 ServiceNow is available to assist in any enablement and implementation efforts in support of PL. The details of this report may be easily turned into an implementation Statement of Work upon your request.
  • 11.
    IT Asset Management SACMProcess Guide v1.3 Page 11 of 120 2 ASSET WORKSHOP OVERVIEW ServiceNow has assembled the following Service, Asset & Configuration Management (SACM) Workshop Guide that will assist PL in optimizing the implementation and operation of IT Asset and Configuration Management within ServiceNow. The guide includes a review of the existing processes, roles & responsibilities, best practice recommendations, and ongoing asset & configuration management guidance. In addition to the SACM Process review, the Asset Management Workshop Guide provides an Action Plan for the implementation of IT Asset Management within ServiceNow. This action plan identifies PL specific configuration requirements that can be used to build Stories for implementation. A roadmap is provided to assist PL in the planning of activities related to initial and ongoing implementation of IT Asset Management within ServiceNow. A Service, Asset & Configuration Workshop was held at PL in Birmingham, Alabama during the week of December 16-17, 2015. ServiceNow representatives included ROLE ATTENDEE Engagement Manager DinoSammarco (SN) Process/Business Lead PhilipTishberg(Linium) Technical Consultant RoderickGodfrey(SN) The following PL representatives participated in the workshop. ROLE / O R G A N I Z A T I O N ATTENDEE RiskAnalysis Ron W. Business Service Level Costing/Allocation KenW. NetworkAnalysis –WorkflowAutomation Jeff B. NetworkAnalysis –WorkflowAutomation AjayB. QualityandProcessManagement Gerry I. SACMOwner ChrisB. Enterprise Architecture JeremyP. ServiceNow JonS./Eric R. ServiceNow &BillingManager KimP. Finance Laura T. Service Operations Steve M./DerekS. Facilities,DataCenter Rich U./SamP. Enterprise Messaging Joe S. This document assumes that the Asset Management Workshop has been completed and that one or more of the Asset Management applications have been, or will be, activated. The applications are as follows: Asset Management, Software Asset Management, and Contract
  • 12.
    IT Asset Management SACMProcess Guide v1.3 Page 12 of 120 Management. PL also plans to test the Procurement module in parallel with use of their current procurement system for feasibility and use with the other components mentioned. 2.1 Scope The attendees shared at the beginning of the workshop some of the goals that they personally wanted to get out of the workshop and the future use for SACM in SN. In no particular order as above the following are the goals mentioned individually and collectively shown: • Implementation project roadmap and scope • Maturing current asset processes • Hardware life cycle refresh • Impact of changes on configuration items, cascading up to business services • Data Analytics/BSM/BI/ITSM –Workflow automation • Vendor Management, Contract Management, Risk Analysis, Coordination with Business Team • Desktop procurement • Inventory of server assets, physical, virtual, non-discoverable items • Single Source of record for IT assets • Leverage CMDB for monitoring • Life cycle management. Ability to coordinate Application owners for schedules & maintenance window notifications • Lifecycle of desktop hardware • Maintenance renewals on hardware/software/license purchases • Making asset tracking, software compliance, and allocations simpler • Impact of changes throughout the ecosystem. Mapping assets all the way through business process/service • Workflow automation. How do we leverage the tools we have to become more efficient? • Business service level costing and allocation: “how much does it cost us to run Application X?” • Risk Analysis, Coordination with Business Team 2.2 Process Description The enclosed process models are compliant with the concepts depicted in the ITIL framework. Additional elements related to industry best practices are offered in a manner to facilitate best-in-class performance related to IT Asset Management. ITAM is the process responsible for tracking accurate and complete financial, contractual, and operational information about hardware and software assets. Asset Management is not Configuration Management.
  • 13.
    IT Asset Management SACMProcess Guide v1.3 Page 13 of 120 Asset Management is one of the lifecycle processes in ITIL and is one of the foundations of IT Service Management. 2.3 Process Goal IT Asset Management (ITAM) is a core business discipline that integrates financial, contractual and inventory processes, controls and technologies, enabling strategic decision making for the IT environment. ITAM business practices have a common set of goals:  Uncover savings through process improvement and support for strategic decision making  Establish governance and control processes over hardware and software asset inventory  Reduce total cost of ownership (TCO) through transparency in all costs associated to assets and how it supports critical business services related to budgeting, allocation, accounting, and service valuation  Increase accountability to ensure compliance  Enhance performance of assets and life-cycle management  Reduce impacts to assets caused by changes 2.4 Process Objectives Configuration Management: Focuses on operational usage and logical relations
  • 14.
    IT Asset Management SACMProcess Guide v1.3 Page 14 of 120 ITAM Process objectives describe material outcomes that are produced or achieved by the process. The following is a list of objectives for this process:  Challenge the Status Quo  Identify data needs  Identify opportunities for automation  How to build a Roadmap for proceeding further is tabled but outlined until further discussion around requirements occurs. 2.5 Best Practice Relationship with other processes This is a graphic depicting not only ITIL best practice, but a clear functional map for Service Now workflows and the design that those tasks enable the tool to leverage for the processes. 2.6 Best Practice Asset Management Process RelationDescription Input Output Service Request/ The IT AssetRepositorycontainsdetailsof the infrastructure vital to efficientincidentclassification,initialsupport, X
  • 15.
    IT Asset Management SACMProcess Guide v1.3 Page 15 of 120 Process RelationDescription Input Output Incident Management investigationanddiagnosis. WhenAssetrecordsare identifiedasinaccurate,incident recordsare createdand assignedto Assetmanagementfor correction. X Change Management The CMDB provideschange managementwiththe necessary informationforthe assessmentof the riskandimpactof proposedchanges. X New,modifiedordisposedassets. Change management ensuresthatthe informationrelatedtoassetsisupdated properlyfollowing the implementationof achange. X
  • 16.
    IT Asset Management SACMProcess Guide v1.3 Page 16 of 120 3 PROCESS ROLES Each role is assigned to perform specific tasks within the process. Within a specific process, there can be more than one individual associated with a specific role. Additionally, a single individual can assume more than one role within the process although typically not at the same time. Depending on the structure and maturity of a process, all roles described may not exist in every organization. The following describes the typical roles defined for service asset management, and the identified personnel that will be undertaking that role: Role Description Designee Process Owner A SeniorManagerwiththe abilityandauthoritytoensure the processis rolledoutandusedby the entire ITorganization. Responsible andAccountable for:  Definingthe overallmissionof the process  Sponsorship,design,andcontinual improvementof the process and itsmetrics  Establishingandcommunicatingthe processmission,goals,and objectivestoall stakeholders  Ensuringconsistentexecutionof the processacrossthe organization  Reportingonthe effectivenessof the processtosenior management  Initiatinganyprocessimprovements  Resolvinganycross-functional(departmental)issues ChrisB. Asset Manager Responsible for:  Managing the dayto day activitiesof the process  Maintainingdatacontinuitywithinthe IT AssetRepository, includingAsset Models  Trackingand governingcompliance of the processwithintheir team  Gatheringandreportingonprocessmetrics  Escalatinganyissueswiththe processtothe ProcessOwner KimP/Laura T./Jeff B./JeremyP. Asset Analyst Responsible for:  Assetsdefinedwithinthe scope of theirarea  Recordingandmaintainingassetswithinthe Repository  Monitoringthe repositoryforaccuracy& consistency  Analyzingdataandcreatingreports  Assistingthe AssetManagerwithauditsandreportgeneration  Collectingandretainingassetdataforriskand cost assessment Gerry I/Rich E./AjayB.
  • 17.
    IT Asset Management SACMProcess Guide v1.3 Page 17 of 120 Asset Owner Responsible for:  Supporting,maintaining,controllingandupdatingof aspecific assetor assets  All activitiesthatdirectlyaffectthe actual assetorassets  CollaboratingwithProcessOwneronprocess changes/continualimprovement Laura T. / ChrisB. Stakeholder  All personswhohave aninterestinthe informationcontained inthe CMDB. Stakeholdersmayinclude employees,customers, partners,CIowners,andothers Can be anyone
  • 18.
    IT Asset Management SACMProcess Guide v1.3 Page 18 of 120 3.1 Best Practice RACI Matrix An example of aRACIisnotedbelow. The Rolesandresponsibilitiesare assigned tospecificprocessactivities. ID Activities ProcessOwner AssetManager AssetAnalyst AssetOwner ProcessPlanning and Request Produce assetmanagementplan A R I C Define what'sinscope (models...etc.) R C I A Determine selectionguidelines R C I A Performaudit I A R C Baseline CMDB I A/R R C Procurement Manage vendors I A/R R I Add/Remove newvendors I A/R R I Add/Remove newmodels I A/R R I Evaluate appropriate attributes I A/R R I Stockroom/Receiving Receive newasset A R I Proof of Entitlement A R I Inputassettag onto new hardware A R I Create assetsinthe CMDB A R I Validate assetattributes A R I Assignappropriate statusinCMDB A R I Validate financialsonassetrecord A R I Deploy/Financials Activate licenses,contracts and/orentitlements A R I Validate assetattributes(location,financials…etc.) A R I Validate assetstatus A R I Assignassetstousers A R I Update the CMDB A R I Manage/Move,Add, Change (MAC) Ensure approvedchange request A R I ModifyassetattributesinCMDB A R I Planand organize routine maintenance A R C Execute assetaudits A R C Determine correctiveaction A R C Initiate corrective action A R I Execute corrective action A R I Track asset history A R I Transferassetsto new locations/stockrooms A R I
  • 19.
    IT Asset Management SACMProcess Guide v1.3 Page 19 of 120 Retire/Dispose Retire ordispose asset A R C Update assetto disposed/retire inCMDB A R C Harvest/Reclaimsoftware entitlements A R I Generate disposal report A R I R: Responsible,A:Accountable,C:Consulted,I:Informed A spreadsheetisprovidedforyourongoinguse/modification: 3.2 PL Process Roles It isexpectedthat PLwill confirmthe personnelnamesforeach ProcessRole priortoimplementationphase.
  • 20.
    IT Asset Management SACMProcess Guide v1.3 Page 20 of 120 4 ASSET MANAGEMENT LIFECYCLE PROCESS OVERVIEW Section 4 contains Best Practices found within the industry. Section 4.5 includes practices related to PL gathered during the workshop. 4.1 Best Practices – Asset Management Lifecycle Process Overview ID Activity Phase Description 1 Request Where the requestforan assetis initiated 2 Buy/Build/Stock Where the Buy / Build/Stock decisionisperformed 3 Acquisition Where acquisitionactivitiesare performed 4 Receive Where the receive activitiesare performed 5 Deploy Where the deployactivitiesare performed 6 Move/Add/Change Where move /add / change activitiesare performed 7 Validation Where data validationactivitiesare performed 8 Harvest Where harvestactivitiesare performed 9 Decommission Where the decommissionactivitiesare performed 10 Disposition Where the dispositionactivitiesare performed Tools These identifythe variouscategoriesof toolsinvolvementinAsset Managementprocesses. Theyinclude:  Policies&ProcessDocumentation  StandardsLists  RequestSystem(s)  Purchase System(s)  Financial System(s)  AssetManagementSystem(s)  Software DeploymentSystem(s)  DiscoverySystem(s)  Contract ManagementSystem(s) Each of these activity phases are further detailed below: 4.2 Best Practices – Asset Management Lifecycle Process Overview (phases 1-4)
  • 21.
    IT Asset Management SACMProcess Guide v1.3 Page 21 of 120 1 - RequestPhase  Where the asset requeststarts and it includesapprovals Triggers include:  Userneedsa Software or Hardware asset  SupplyPoint inventoryreorder ID Activity Task Description 1.1 RequestNewAsset Thistask initiatesthe requestforthe asset 1.2 Approve AssetRequest Thistask iswhere the assetrequestis approvedordisapproved. - if requestisdisapproved,Requestorisnotified 1.3 Approve Architecture Thistask iswhere the approvedassetrequestisreviewedforArchitectural approval. - if requestisdisapproved,Requestorisnotified Tools/Data for activity include:  Policies& ProcessDocumentation – to support the activities  RequestSystems– to support Requestinputs, approvals and workflow  Standards List – to provide organizational standards information 2 - Buy / Build/ Stock Phase  Where the Buy / Build / Stock decisionisperformed Triggers include:  An approved AssetRequest
  • 22.
    IT Asset Management SACMProcess Guide v1.3 Page 22 of 120 ID Activity Task Description 2.1 DeterminingSourcing Thistask determinedhow tofulfill the AssetRequest–choicesinclude: Buy or BuildorStock 2.2 AssetinStock? Thistask iswhere the determinationif requestedassetisinstock. - if Yes,proceedto task2.3 - if No,thenproceedtotask 3.1 2.3 Secure fromstock / inventory Thistask iswhere the requestedassetiscollectedfromstock/inventory 2.4 Update AssetRepository Thistask iswhere the assetrepositoryisupdated - thistask connectstoPhase 5 Tools/Data for activity include:  Policies& ProcessDocumentation – to support the activities  RequestSystems– to support Requestinputs, approvals and workflow  Standards List – to provide organizational standards information  AssetManagement System(s) – to support inventoryinformation 3 - AcquisitionPhase  Where acquisitionactivitiesare performed Triggers include:  An AcquisitionRequest ID Activity Task Description 3.1 Create AcquisitionOrder Thistask determinedhow tofulfill the requestforthe asset – choices include:BuyorBuildor Stock 3.2 Approve Acquisition Order Thistask iswhere the determinationof whetherthe assetistobe ordered. - if assetisto be ordered,thenproceedtotask3.1 - if assetisto come fromstock/inventory,proceedtotask2.3 Tools/Data for activity include:  Policies& ProcessDocumentation – to support the activities  RequestSystems– to support Requestinputs, approvals and workflow  Standards List – to provide organizational standards information  AcquisitionSystem(s) – to support the acquisitionprocess(creation and approvals) 4 - Receive Phase  Where receive activitiesare performed Triggers include:  Assetarrives (hardware or software) ID Activity Task Description 4.1 Receive Asset Thistask iswhere the assetisreceivedintoAIG 4.2 Update AssetRepository Thistask iswhere the assetrepositoryisupdated 4.3 Approve Payment? Thistask iswhere the determinationif the receiptrequiresapayment approval to be completed - if Yes,the go to Task 4.4
  • 23.
    IT Asset Management SACMProcess Guide v1.3 Page 23 of 120 - if No,go to Phase 5 4.4 Approve Payment Thistask is where the paymentapproval activitiesisperformed - thistask connectstoPhase 5 Tools/Data for activity include:  Policies& ProcessDocumentation – to support the activities  RequestSystem(s) – to support Requestworkflow  AcquisitionSystem(s) – to support the acquisitionprocess(receiving)  Financial System(s) – to support FixedAsset,ifrequired
  • 24.
    IT Asset Management SACMProcess Guide v1.3 Page 24 of 120 4.3 Best Practices – Asset Management Lifecycle Process Overview (phases 5-7)
  • 25.
    IT Asset Management SACMProcess Guide v1.3 Page 25 of 120 5 - DeployPhase  Where the deployactivitiesare performed Triggers include:  Input from Phase 2 (assetin stock/inventory)  Input from Phase 4 (assetreceived) ID Activity Task Description 5.1 RequestDeploy Thistask iswhere the Requesttodeployanassetisreceived 5.2 PerformBuild/Configure AssetSteps Thistask iswhere the assetisbuilt/ configuredandreadiedfor deployment 5.3 PerformDeployAsset Steps Thistask iswhere the assetisactually deployed 5.4 Update AssetRepository Thistask iswhere the assetrepositoryisupdatedbasedonthe actions Tools/Data for activity include:  Policies& ProcessDocumentation – to support the activities  RequestSystems– to support Requestinputs, approvals and workflow  Standards List – to provide organizational standards informationAsset ManagementSystem(s) – to support inventoryinformation  Software DeploymentSystem(s) –to support the build/configure and deploymentactivities 6 – Move / Add / Change Phase  Where the Move/Add/Change activitiesare performed Triggers include:  MAC request(hardware or software) ID Activity Task Description 6.1 RequestMAC Thistask iswhere the MAC activityisrequested 6.2 Approval Required? Thistask iswhere the determinationif anyapprovalsare requiredforthe MAC activity - if Yes,thenproceedtotask 6.3 - if No,proceedto task6.4 6.3 Approve MACRequest Thistask iswhere the approval forMAC activityisapproved 6.4 PerformMAC Steps Thistask iswhere the actuallyMAC activitiesare performed 6.5 Update AssetRepository Thistask iswhere the assetrepositoryisupdatedbasedonthe actions Tools/Data for activity include:  Policies& ProcessDocumentation – to support the activities  RequestSystems– to support Requestinputs, approvals and workflow  Standards List – to provide organizational standards informationAsset ManagementSystem(s) – to support inventoryinformation  Software DeploymentSystem(s) –to support the build/configure and deploymentactivities
  • 26.
    IT Asset Management SACMProcess Guide v1.3 Page 26 of 120 7 – ValidationPhase  Where the validationactivitiesare performed Triggers include:  ValidationRequest  Audit Request– external  ReviewRequest– internal ID Activity Task Description 7.1 RequestValidation Thistask iswhere the Validationactivityisrequested 7.2 ApprovalsRequired? Thistask iswhere the determinationif anyapprovalsare requiredforthe Validationactivity - if Yes,thenproceedtotask 7.3 - if No,proceedto task7.4 7.3 Approve Validation Request Thistask iswhere the approval forValidationactivityisapproved 7.4 Review&Validate Asset Repository Thistask iswhere the AssetRepositorydataisreviewedandvalidated 7.5 PerformReconciliation Steps Thistask is where the reconciliation(entitlementstodeployments) activity isperformed 7.6 Document& Report Results Thistask iswhere the resultsof the reconciliationisdocumentedand reported Tools/Data for activity include:  Policies& ProcessDocumentation – to support the activities  RequestSystems– to support Requestinputs, approvals and workflow  Standards List – to provide organizational standards informationAsset ManagementSystem(s) – to support inventoryinformation  Discovery System(s) – to support the inventoryactivities
  • 27.
    IT Asset Management SACMProcess Guide v1.3 Page 27 of 120 4.4 Best Practices – Asset Management Lifecycle Process Overview (phases 8-10) 8 – Harvest Phase  Where the asset harvesting/reclaimingisperformed Triggers include:  Harvest (MAC) Request ID Activity Task Description 8.1 RequestHarvest Thistask iswhere the Harvest(MAC) activityisrequested 8.2 Determine Harvest Candidates Thistask iswhere the determinationif whichassetsare candidatesfor harvest 8.3 Perform Harvest/ReclaimSteps Thistask iswhere the harvesting/reclaimingactivitiesare performed 8.4 Update AssetRepository Thistask iswhere the assetrepositoryisupdatedbasedonthe actions Tools/Data for activity include:  Policies& ProcessDocumentation – to support the activities  RequestSystems– to support Requestinputs, approvals and workflow  Standards List – to provide organizational standards information  AssetManagement System(s) – to support inventoryinformation  Discovery System(s) – to support the inventoryactivities  Software DeploymentSystem(s) –to support software harvesting
  • 28.
    IT Asset Management SACMProcess Guide v1.3 Page 28 of 120 9 – DecommissionPhase  Where assetdecommissionactivitiesare performed Triggers include:  Decommission(MAC) request ID Activity Task Description 9.1 RequestDecommission Thistask iswhere the Decommission(MAC) activityisrequested 9.2 Determine Decommission Candidates Thistask iswhere the determinationwhichassetsare candidatesfor decommissioning 9.3 Approval Required? Thistask isto determine if approvalsare requiredforDecommission activities 9.4 Approval Decommission Thistask iswhere the decommissioningof assetsisperformed 9.5 PerformDecommission Steps Thistask iswhere the decommissioningactivitiesare performed 9.6 Update AssetRepository Thistask iswhere the assetrepositoryisupdatedbasedonthe actions Tools/Data for activity include:  Policies& ProcessDocumentation – to support the activities  RequestSystems– to support Requestinputs, approvals and workflow  Standards List – to provide organizational standards information  AssetManagement System(s) – to support inventoryinformation  Discovery System(s) – to support the inventoryactivities  Software DeploymentSystem(s) –to support software harvesting 10 – DispositionPhase  Where dispositionactivitiesare performed Triggers include:  Disposal (MAC) request ID Activity Task Description 10.1 RequestDisposal Thistask iswhere the Disposition(MAC) activityisrequested 10.2 Determine Disposition Candidates Thistask iswhere the determinationif whichassetsare candidatesfor disposition 10.3 FixedAsset? Thistask isto determinationif the assetis partof FixedAssets? - if Yes,proceedto task10.4 - if No,proceedto task 10.5 10.4 Approve FixedAsset Disposition Thistask iswhere the dispositionof aFixedAssetisapproved. 10.5 PerformDisposal Steps Thistask iswhere the disposition activitiesare performed 10.6 Update AssetRepository Thistask iswhere the assetrepositoryisupdatedbasedonthe action 10.7 File Disposition Documentation Thistask iswhere the DispositionDocumentationgetfiled –includingthe certificationof destruction Tools/Data for activity include:  Policies& ProcessDocumentation – to support the activities  RequestSystems– to support Requestinputs, approvals and workflow  Standards List – to provide organizational standards informationAsset ManagementSystem(s) – to support inventoryinformation  Discovery System(s) – to support the inventoryactivities  Software DeploymentSystem(s) –to support software harvesting  Financial System(s) – to support FixedAssets
  • 29.
    IT Asset Management SACMProcess Guide v1.3 Page 29 of 120 4.5 PL – Asset Management Lifecycle Processes / Business Use Cases Use Case #1: As the Financial Operations,ServerAdmin,andDesktopAdminteams,Iwanttohave and produce accurate data forannual software vendorcontracttrue-ups,sothe organizationremainsin compliance witheachvendor. Use Case #2: As a systemadministratorandFinancial Operations teammember, Iwantconfirmationthat systemchangesdon’tadverselyimpactexisting license compliance withanyvendor,sothe organization remainsincompliance witheachvendor. Use Case #3: As an Infrastructure orApplicationsteammember,Iwanttosee the relationshipsbetween configurationitems,sothe organizationcanassessthe riskandimpactof any eventorchange upstreamand downstreamthroughtechnologyplatforms. Use Case #4: As a Financial Operationsteammember,Iwanttobe able to allocate the cost of technology servicestobusinessorganizationssoIcan assess andreportthe true cost of ownershipof aservice/sub- service. Use Case #5: As a Businessmanager,Iwantto see the refreshscheduleforthe hardware assignedtoeachof my directreports,soI can planmy resourcesaroundthe change. Use Case #6: As an Infrastructure Adminmanager,Iwanttoreport onend-of-life datesforall relevant hardware componentsthatmyteammanages,so I can plan,disposition,warrant,andrefreshthe hardware on an appropriate schedule. Use Case #7: As an Infrastructure Admin teammember,Iwantto see the detailsof eachextendedwarranty contract so I can assessthe accuracy of the numberof devicesonthe extendedwarrantyinvoices. (Note:Duringthe implementation,we’ll initiallyfocusonreconcilingHPinvoices,but the processshouldbe the same for all vendors) Use Case #8: As an Infrastructure Adminmanager,Iwanttoproduce a monthlymetricsreportwithdata relevanttothe CIOreport,so I can easilyproduce mycomponentof thisreport. (Note:The initial implementationtoinclude onlythe metricsforthe CIOreport) Use Case #9: As a Serveradmin,Iwant to see the relationshipbetweenserversandthe monitoringsystem, so I can confirmwhichserversare beingmonitored. Use Case #10: Asa Financial Operations teammember,Iwanta drillable reportonthe contracts with upcomingcontract renewal dates, andbe notifiedonce percontract,soI can proactivelyact & renewthe contracts where needed. Use Case #11: Asan Infrastructure admin,Iwantto see the locationandownerfor eachasset,so I can manage any operational activitiesrequiredforthatasset. Use Case #12: Asan Infrastructure admin,Iwantto see an exceptionreportlistingall unknownand unidentifiedassets,soIcan investigate eachtodetermineitsdetailsanduse. Use Case #13: Asan Infrastructure admin,Iwantto define aprocessto investigate andreconcileeach unknownandunidentifiedasset,soIam clear onhow to disposition eachasset(i.e., coveranylicensing impactsfromthe assetchange). Use Case #14: Asa LoadingDock user,I want to receive anddispose assetsviabarcode scannersoI can quicklyinputthe dataintothe systemandcontrol these processesappropriately. Use Case #15: Asan Infrastructure orFinancial Operationsuser,Iwanttodefine aprocessformanaging assetsthroughtheirlifecycle,soassetscanbe accountedforat all times.
  • 30.
    IT Asset Management SACMProcess Guide v1.3 Page 30 of 120 5 ASSET MANAGEMENT PROCESS GUIDE ServiceNow has assembled the following review of IT Asset Management related processes as part of the ServiceNow Asset Management methodology and process integration overview. The Process Guide is based on the full lifecycle management of IT assets. This lifecycle is identified within 6 Asset Towers: Governance, Fulfillment, Auditing, Active Asset Management, Disposition, and IT Financial Management. Below is a diagram that depicts the asset management towers and their associated components. Various topics are contained within each Asset tower; these topics create the individual tower. For example, the Governance Tower contains topics related to Policy Management, Education & Training, Reporting, and Security. The procedures that shape an organization’s IT Asset Management capability are identified within each topic and are referred to as “Components.” The Process Guide will focus on these Topics and Components as they are organized by Asset Tower. Each Topic is defined with additional details related to onsite observations and related ServiceNow technology. Where available a readiness assessment is provided based on ServiceNow implementation (ISO Tiered Implementation) recommendations. The primary objectives of the Process Guide are to rationalize and reduce IT costs, reallocate underutilized IT resources, and streamline IT business processes. ServiceNow completed an onsite Asset Workshop to validate PL’s strategic goals, processes, workflows, and organizational capabilities. Using the workshop information an analysis is completed Governance Policy Management Processes Education & Training Reporting Security Fulfillment Purchasing Receiving Contract Management Lease/Warranties Maintenance Vendor Management Auditing Scanning / Discovery Inventory Management Data Delta Management Internal / External Auditing Compliance ActiveAsset Management IMAC (Install Move Add Change) Break Fix Model Management Usage Management Asset Optimization Disposition Harvest / Cascade End of Life / Disposal Regulatory Management Data Security Validation IT Financial Management Total Cost of Ownership Business Service Costing Budgeting / Forecasting Depreciation Cost Allocation / Chargeback
  • 31.
    IT Asset Management SACMProcess Guide v1.3 Page 31 of 120 to determine the Infrastructure design, technology configuration; data capture, and process requirements to help maintain the asset lifecycle. This information captured here in the ITAM Process Guide has the following goals:  Help technicians become more effective and efficient by giving them accurate, complete IT asset management information  Help manage procurement, and budgeting more effectively  Proactively manage compliance efforts  Maximize the use of IT resources by identifying and redeploying underutilized assets  Help to control IT costs and more accurately plan for future IT needs 5.1 Governance The Governance Tower within the ServiceNow Asset Lifecycle Management methodology accounts for the impact IT Asset Management has on the business. Organizations make decisions, allocate resources/returns, execute responsibilities and undertake risk management, whether financial or otherwise, with an objective of protecting and promoting the interest of the shareholders, management, board of directors and the employees. An effective IT Asset Lifecycle management program executes on these objectives with technology that supports the transparent and efficient use of information. The following Topics are critical to the success of an effective ITAM Governance effort and foundational to both short and long-term success. The ServiceNow Governance Tower is broken into 5 Topics: Policy Management, Processes, Education & Training, Reporting, and Security. Below are details of each topic area as discovered during onsite efforts with ServiceNow. 5.1.1 Policy Management Definition: Policy Management as it relates to IT Asset Lifecycle is the foundation and first step in efforts of performing IT Asset Management. A Use Policy should include language that clearly identifies responsibilities, personal use of company assets, unauthorized hardware/software, optimization, retirement, and internal control rights. Effective policy language includes identification of responsibilities, and approval requirements. Internal personnel should be able to reference the asset request fulfillment and life-cycle management policies and all other Asset Management developed policies at their convenience. After an acceptable policy is created it should function for several months before revisiting the process to determine whether or not the policy is working. Establish a process by which the review continues over time. The first review should be conducted four months after initial implementation. If the policy requires adjustment, do so, and then re-evaluate again in six months after the adjustment. If the policy or procedure does not require adjustment, permit it to operate for six to twelve months, and then conduct the second review. Revisit and update policies (if necessary) as necessary.
  • 32.
    IT Asset Management SACMProcess Guide v1.3 Page 32 of 120 The following steps provided by the International Association of IT Asset Managers (IAITAM) support the development of polices that are relevant, enforceable and understandable. Educate Establish that there is a general issue that affects everyone, though it can affect some employees more directly than others. Do some research and include information on how the issue impacts all the employees’ day-to-day job functions. Next, explain why the issue is important and how establishing a policy is a prudent step to decrease unnecessary exposure in the workplace. Relating this background information helps employees who are not directly involved understand the issue better. Develop The next step is to create a functional, practical and useful policy. Open dialog between opposing viewpoints should be encouraged. A committee should be formed to discuss any issues and develop the appropriate policy for the organization. Policies from industry leaders can be used as a template and altered to fit the organizations particular need. Implement Once a need is determined for a particular policy and it has been developed, the next step is implementation. Rollout of the policy requires transition time. There will be some adjustment for employees, which is why it is very important that employees understand the reasons/need for the particular policy. Evaluate Once implemented, policies should always be reviewed periodically to monitor their effectiveness and relevance. Having a policy in place without follow up is not sufficient. Policies will always need fine-tuning. Have in place a procedure for periodic review. Create a Policy Review Board/Team. ServiceNow Support: The ServiceNow platform can support policies by providing transparency into the effectiveness of said policies and reporting on discrepancies related to internal service level agreements. 5.1.1.1 Observations: A policy has been drafted internally at PL and is considered work in process. 5.1.1.2 Recommendations: Continue work on the policy, incorporating the recommendations above and the information referenced in the “Educate”, “Develop”, “Implement”, “Evaluate” framework defined above. 5.1.2 Processes Definition: IT Asset Management business practices are process-driven and matured through iterative and focused improvements. Most successful IT Asset Management programs are integrated throughout the organization, involving everyone at some level, such as end users (educating on compliance), budget managers (redeployment as a choice), IT service departments (providing information on warranties), and finance (invoice reconciliation, updates for fixed asset inventories). The Gartner Group identifies a successful IT Asset Management program as 80% Process and 20% Technology. The best technology will fail without successful process.
  • 33.
    IT Asset Management SACMProcess Guide v1.3 Page 33 of 120 An effective IT Asset Management process includes all stakeholders in their definition while the supporting technology utilizes automation where available to support the goals of the said process. Manual procedures lead to breakdown in the effectiveness of efforts and the trustworthiness of related data. IT Asset Management related processes should include all efforts of lifecycle management for all in- scope assets. Such lifecycle management efforts include the following:  Product Model Management  Request Management  Procurement  Contract Management  Inventory Management  Deployment Management  Compliance Management  Disposal Management  Financial Management Each process should identify related roles and have regular reviews (minimum review annually). These processes should have a centralized repository that supports global training and the knowledge of said processes. Additionally, the format of these processes should be consistent throughout the organization and follow as closely as possible the PMCI standard. ServiceNow Support: The ServiceNow platform provides for the management of any type of asset and includes modules for the support of all lifecycle efforts from Product Model Management through Disposal Management. 5.1.2.1 Observations: A maturity assessment has been completed and – came in at “repeatable”. Processes are not generally written down, but more driven by institutional knowledge. Target process maturity for all processes is agreed to be a 3: written down, trainable, repeatable. Protective wants to bring data sources into ServiceNow. 5.1.2.2 Recommendations: Create a steering/governance committee to drive standards for how ITAM is performed. Establish an IT Asset Center of Excellence (COE) Team with responsibilities for overseeing the management of the IT Asset Lifecycle Processes throughout PL as well as across the entire organization. Additional activities would include, but not limited to, those associated with Software Asset Management (SAM), Financial Management (ITFM), Infrastructure Management, and PC Management.
  • 34.
    IT Asset Management SACMProcess Guide v1.3 Page 34 of 120 a. The COE should oversee global training of said processes in a manner that provides consistency of process throughout the organization. b. Create KPI’s that support the use of said processes. c. Identify key metrics that identifies the continued value of said processes d. The COE should have the responsibility to validate localized/distributed efforts to ensure activities conform to established policies and processes. e. Utilize the best practice processes provided in this document (Section 4) as a framework for the creation of a full Asset Lifecycle Management process within PL. f. Utilize the Roles & Responsibilities with related Activities found in the RACI provided in this document (Section 3). g. Establish a central Asset Management Team that reports to the COE and tasked with performing the activities outlined by the COE as part of the RACI (Section 3). This team should consist of a minimum of 4 FTEs for an organization the size and maturity of PL. Empower the COE to establish a global process for IT hardware and software asset management. a. Enable the ability to localize the global IT hardware and software asset processes by creating and documenting local procedures based on the global processes. These processes and procedures should support the business unit needs but they should also be shared with all BU’s and the COE so all areas can benefit standardized processes. b. The COE should have the responsibility to validate localized efforts to ensure activities conform to established policies and processes. Identify a centralized location or focal point where these ITAM processes and localizations are maintained and accessible to the organization. Communicate/publish this location to the organization. a. A Best Practice is to have an internal ITAM website where their processes are identified and links to them are available to individuals within the organization. Center of Excellence ITAM Team Infrastructure Management PC/Laptop Management Software Asset Management Finance Security Support Vendors
  • 35.
    IT Asset Management SACMProcess Guide v1.3 Page 35 of 120 Review the established processes and update/revise them to take the integration of ServiceNow into account. Empower the various business units to modify these processes to take into account specific requirements they may have, but make sure they are documented and controlled. Communicating and making these Software Asset Management processes readily available is a must have in order to have all within PL be aware they need to be followed. 5.1.3 Education & Training Definition: An effective asset management environment includes an understanding of the risk and value associated with the management of IT assets. This understanding must be communicated openly and effectively to all levels of the organization. Such effort begins with executive support and permeates the entire staff. A best practice occurs when staff at all levels is informed, understood and proactive in the optimization of IT assets. ServiceNow Support: The ServiceNow organization provides training resources for topics including System Administration, Asset Management, Configuration Management, and more. Publicly available Wiki and Community websites provide documentation and peer support. Regional in-person gatherings of user groups called SNUGs (ServiceNow User Groups) occur on a regular basis with the goal of knowledge transfer. Additionally, the ServiceNow Knowledge annual meeting of ServiceNow users and engineers provides resources for training and knowledge transfer. Within the ServiceNow platform there are multiple capabilities to manage and associate knowledge to activities and assets. 5.1.3.1 Observations: This was the lowest score on the maturity assessment. Need to formalize training activities as part of the implementation of the Asset Management module, including training all levels of the IT organization (down to Techs) as to the work they’ll do in the system. 5.1.3.2 Recommendations: Formalize and document the processes before starting to build training plans. 5.1.4 Reporting Definition: Effective Asset Management technology consists of value based reporting through filtered lists and dashboards. Asset reporting requirements drive the data discovery and retention requirements of IT Asset Management. Understanding the needs of stakeholders helps in developing the critical data elements of an IT Asset Repository.
  • 36.
    IT Asset Management SACMProcess Guide v1.3 Page 36 of 120 Often the data found in an IT Asset Repository is based on “what can be done” rather than “what should be done”. Reporting requirements from stakeholders identify “what should be done” within an effective IT Asset Management repository. That said reporting requirements become a critical aspect of IT Asset technology implementation and ongoing evaluation. As stated in the Process definition above, “Most successful IT Asset Management programs are integrated throughout the organization, involving everyone at some level integration with stakeholders.” It is imperative that reporting needs of all stakeholders are identified and understood both in the creation and sustainability of the IT Asset Lifecycle ServiceNow Support: The ServiceNow platform has the ability to present, filter, configure and export any list of assets and/or configuration items within the default display. In ServiceNow, a report can be a list, chart, or calendar-based view of data in a particular table. Use reports on homepages to display key information to different users. You can also publish reports to a URL that can be sent out through email. ServiceNow also offers a range of predefined reports that pertain to applications and features like incident management and service catalog requests. If none of these meet your needs, you can create your own reports at any time. Additional details can be found on the ServiceNow wiki at ServiceNow Creating Reports. 5.1.4.1 Observations: A considerable amount of manual reporting currently exists. 5.1.4.2 Recommendations: With the implementation of Asset Management in ServiceNow, the goal is to help automate these well-defined, but manual, reporting processes. 5.1.5 Security Definition: Security is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. IT Asset Management has the ability to support Security efforts due to effective processes and the mass amount of discovery data available. Access to ITAM data for subject matter experts (SME’s) is critical. Yet control of said access is just as critical. It is important to consider the controls to Asset and Configuration Item data in a manner that helps keep data fresh, accurate, and useful. Utilize automation to populate data where available thus eliminating manual data intervention. Additionally, ensure said data is editable by appropriate SME’s. It is not best practice to let Network Infrastructure SME’s create/edit Database CI’s. Thus an effective management of security through roles within the various data elements is critical to long-term data accuracy.
  • 37.
    IT Asset Management SACMProcess Guide v1.3 Page 37 of 120 ServiceNow Support: The ServiceNow platform fully supports ACLs in the managed of individual tables and table attributes. These ACL’s provide for the secure management of data. 5.1.5.1 Observations: Without specific action to prevent it, all of IT is going to see all information for all Assets. 5.1.5.2 Recommendations: Specific work will be required during the implementation project to define requirements by asset type and who has access to that data. One note: IT cannot see Networking assets, only Networking Team and Laura/Kim 5.2 Fulfillment The Fulfillment Tower within the ServiceNow Asset Lifecycle Management methodology accounts for the processes from request through delivery of IT Assets including Vendor Management. With a focus on the asset supply chain and the management of said supply chain an effective IT Asset Fulfillment program identifies the right asset for the right purpose within the organization while maintaining standards throughout vendor management. Ineffective supply-chain efforts lead to rogue asset activity that can increase organizations financial risks. 5.2.1 Procurement Definition: IT procurement is the series of activities and procedures necessary to acquire information technology (IT) products and services. IT procurement involves both strategic and administrative responsibilities. Day-to-day tasks may include conducting market research, negotiating pricing, establishing terms and conditions for services, resolving invoice discrepancies and communicating the status of purchases with internal customers. An IT procurement process, formal or informal, exists in every organization that acquires information technology. As users of information systems increasingly find themselves in roles as customers of multiple technology vendors, this IT procurement process assumes greater management significance. In addition to hardware, operating system software, and telecommunications equipment and services - information resources traditionally acquired in the marketplace - organizations now turn to outside providers for many components of their application systems, application development and integration, and a broad variety of systemmanagement services. ServiceNow Support: ServiceNow has specific capability to manage the asset procurement process including the following:  Request Management  Procurement  Financial Management
  • 38.
    IT Asset Management SACMProcess Guide v1.3 Page 38 of 120 5.2.1.1 Observations: Current state process is “we buy when the closet goes down” - what is bought is not tied into user provisioning today. 5.2.1.2 Recommendations: Develop a notice/trigger for incremental purchases based on when the inventory levels hit a set minimum. Create an organizational mandate prohibiting off-the-shelf purchasing. This provides for a process that is controlled and standard. 5.2.2 Receiving Definition: The legal responsibility of an asset often begins upon the receipt of said assets. In today’s business assets can be physical and/or digital making the receiving and documenting activities more complex. An efficient environment is able to receive new assets against a specific purchase and relate said asset to both the original purchase and the new asset record within the organizational repository. The old world of receiving assets at “the dock” is not lost but electronic and real-time requirements have complicated receiving activities. Planning for receiving – what will arrive and when it will arrive – is as critical as recording details. The recorded details must be accurate and without manual errors. ServiceNow Support: Within the ServiceNow Platform, Assets can be received and added to the system when they are delivered to a stockroom. Stockrooms are places where physical assets are received and assigned. When stock is low on a particular asset, stock rules can either notify an asset/procurement manager or automatically transfer inventory from one stockroom to another. Stockrooms are separate, standalone entities in the Asset Management application. ServiceNow can integrate with barcode scanners for efficient input of receiving efforts (data) eliminating the risk of manual errors. 5.2.2.1 Observations: Today, John counts all inbound product, which requires considerable manual back-and-forth conversations. 5.2.2.2 Recommendations: As part of the ServiceNow Asset Management implementation, many of the currently manual steps can be automated. It is also recommended that Protective develop and implement exception processes as part of the Asset Management implementation. Finally, the closer aligned that the
  • 39.
    IT Asset Management SACMProcess Guide v1.3 Page 39 of 120 receiving processes are between organizations/asset classes, the easier it will be to implement. Consider some business process redesign to that effect. 5.2.3 Contract Management Definition: A contract is a written or oral legally binding agreement between the parties identified in the agreement to fulfill the terms and conditions outlined in the agreement. A prerequisite requirement for the enforcement of a contract, amongst other things, is the condition that the parties to the contract accept the terms of the claimed contract. Historically, this was most commonly achieved through signature or performance, but in many jurisdictions - especially with the advance of electronic commerce - the forms of acceptance have expanded to include various forms of electronic signature. IT Contracts can be of many types, e.g. service contracts, software licenses, maintenance, warranties, lease, insurance, and more. Identifying and relating contracts to assets and configuration items allows for the simplification of efforts such as warranty management, lease management, and software license management. ServiceNow Support: Within the ServiceNow platform is the ability to manage Contracts. A contract is a binding agreement between two parties. Contracts contain detailed information such as contract number, start date, active status, terms and conditions, renewal information, and financial terms. Contract Management in ServiceNow is active by default. Contract Management integrates with Cost Management module within ServiceNow to associate contracts with costs and determine the total cost of ownership. 5.2.3.1 Observations: PL will focus contract management in ServiceNow on maintenance agreements, not for MSAs, etc. 5.2.3.2 Recommendations: Aim for simplicity – providing only the contract information needed within the IT organization. In this case, that means bringing in the information Financial Operations needs for maintenance agreements and the operational details IT users require. 5.2.4 Lease/Warranties Maintenance Definition: Lease and Warranty maintenance is based on contracts between two parties with defined term and conditions. In particular to lease management an organization can obtain access to technology assets with little upfront cost. Asset managers need to be able to track leased items and relate them to specific contracts with specific terms and conditions concerning the lease.
  • 40.
    IT Asset Management SACMProcess Guide v1.3 Page 40 of 120 Additionally, any dates needed related to the lease or warranty need to be tracked with associated contacts both internally and externally to the organization. Notifications are needed with regards to the associated dates. ServiceNow Support: The ServiceNow platform can manage the full lease/warranty contract lifecycle including dates and related asset/CIs. 5.2.4.1 Observations: John currently goes to the HP site to confirm whether a device is under warranty, and end-of-life status. 5.2.4.2 Recommendations: A device’s warranty and end-of-life status should be captured in ServiceNow, which is available out of the box. For several different classes/types of hardware, there is a nice to have request to screen scrape the vendor’s website to gather warranty end dates (SmartNet for Cisco, HP, etc). This can be considered as a custom integration as part of the implementation project, or as a phase 2 type request. 5.2.5 Vendor Management Definition: Vendor Management relates to the active and ongoing evaluation of the business relationship between a customer and all publishers, resellers, vendors and distributors detailed in a contract management repository. Vendor Selection, Vendor Performance Evaluation & Tracking, and Vendor Development are the widely recognized pillars of a successful Vendor Management Policy Effective Vendor Management enables organizations to optimally develop, manage and control vendor contracts, relationships and performance for the efficient delivery of contracted products and services. This can help clients meet business objectives, minimize potential business disruption, avoid deal and delivery failure, and ensure more-sustainable multi-sourcing, while driving the most value from their vendors. ServiceNow Support: The ServiceNow platform provides tools for defining and monitoring these vendor contracts. Additionally, if the vendor management team has negotiated underpinning contracts attached to service level agreements, these can be defined and automated using the Service Level Agreements (SLA) Plugin. Underpinning contracts define and monitors the guarantees. Within ServiceNow, these are fully integrated into the Service Level Management system. 5.2.5.1 Observations: As with the Contracts tower, the contractual relationships captured within ServiceNow will be focused only on maintenance agreements.
  • 41.
    IT Asset Management SACMProcess Guide v1.3 Page 41 of 120 5.2.5.2 Recommendations: IT Vendors should be maintained in ServiceNow so that relationships with assets and other objects in ServiceNow can contain the vendor information. 5.3 Auditing An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a software audit, internal audit, or other form of attestation engagement. IT Asset Management (ITAM) auditing allows for organizations to understand the “what” and “where” of IT Assets. A proactive effort with supported processes reduces the cost of 3rd party audits by as much as 700%. 5.3.1 Scanning and Discovery Definition: An inventory control system is a set of hardware and software based tools that automate the process of tracking inventory. The kinds of inventory tracked with an inventory control system can include almost any type of quantifiable technology good, including software, database instances, computers, networking equipment, and any other item that organizations may purchase and utilize. Modern inventory control systems are almost exclusively based on barcode technology for scanning and agent/agentless software for network-enabled discovery. Though barcodes were initially developed to automate the process of grocery store checkout, their ability to encode a wide variety of alphabetic and numeric symbols makes them ideal for encoding technology assets. Inventory control systems work in real-time using wired and/or wireless technology to transmit information to a central computer systemthat serves as a discovered repository. Though agent-based solutions are often considered “Discovery” tools, the fact is these solutions can only inventory known machines for which the agent is installed. By definition, discovery occurs from outside a known environment. The fact that an agent-based solution does not “discover” a new asset outside of its installation eliminates it as discovery tool. The value of agent-based solutions is in the recording of data such as usage information unavailable to agent-less solutions. Additionally, the use of the ISO/IEC 19770-21 Software Identification (SWID) Tag can be utilized in the discovery process, and some major vendors are already using them within their software applications. These SWID Tags are XML files that contain details related to the specific software application that is installed. Other areas where these SWID tags are beneficial include:  Platform Stability - Determining the variety of software installed within the environment, including the number of versions of particular software, is particularly important if your 1 See Appendix C for more regardingISO/IEC 19770-2 software assettagging
  • 42.
    IT Asset Management SACMProcess Guide v1.3 Page 42 of 120 organization is required to test new critical applications against all known applications within the environment. Interoperability and sociability testing answers questions such as: Do multiple VPN clients cause any issues? Do multiple versions of Internet Explorer cause issues? Are there rogue installs of an application happening?  Security Decision-Making Based On Risk Assessment - Accurate software inventory enables you to determine if there is software with known security risks installed within your environment. It answers questions such as: Do all Windows XP installations have all the critical patches installed? Are there unauthorized (or unwanted) software applications such as peer-to- peer file sharing or hacking tools installed anywhere on the network? Armed with accurate information, you can make better decisions, and ensure that your security policies are enforced.  Disaster Recovery/Business Continuity Planning and Operations - An accurate software inventory allows you to determine the locations of business-critical software installations. In turn you can ensure their data is being fully backed up, and ensure that both the software and the data are available in a disaster situation or crisis. ServiceNow Support: The ServiceNow Discovery application finds computers and other devices connected to an enterprise's network. When Discovery finds a computer or device, it explores the device's configuration, provisioning, and current status and updates the CMDB accordingly. On computer systems, Discovery also identifies the software that is running and any TCP connections between computer systems. Discovery creates all the relationships between computer systems (such as an application on one server that uses a database on another server). ServiceNow can integrate with barcode scanners for efficient input of receiving efforts (data) eliminating the risk of manual errors. ServiceNow supports the ISO/EIC 19770 Software Asset Management standards including the discovery and retention of the ISO xml file details. 5.3.1.1 Observations: No process for defining unknown and unidentified assets currently exists. Switches/routers will likely be manually discovered even after the implementation project; Rich’s spreadsheet will be used to upload these devices. 5.3.1.2 Recommendations: Consider implementing integration to SCCM and vCenter for more streamlined discovery processes. 5.3.2 Inventory Management Definition: Inventory Management is a systemfor tracking IT inventory levels, orders, and deliveries. Companies often use inventory management software to reduce their carrying costs. The software is used to track products and parts as they are transported from a vendor to a warehouse, between
  • 43.
    IT Asset Management SACMProcess Guide v1.3 Page 43 of 120 warehouses, and finally to a retail location or directly to a customer. Inventory management software is used for a variety of purposes, including:  Maintaining a balance between too much and too little inventory.  Tracking inventory as it is transported between locations.  Receiving items into a warehouse or other location.  Picking, packing and shipping items from a warehouse.  Keeping track of product sales and inventory levels. ServiceNow Support: Within the ServiceNow Platform, Assets can be received and added to the system when they are delivered to a stockroom. Stockrooms are places where physical assets are received and assigned. When stock is low on a particular asset, stock rules can either notify an asset/procurement manager or automatically transfer inventory from one stockroom to another. Stockrooms are separate, standalone entities in the Asset Management application. 5.3.2.1 Observations: Life cycle management for physical assets is not a clean process and different across different asset classes. 5.3.2.2 Recommendations: Standardize life cycle management processes prior to the ServiceNow implementation (or, agree to a standardized model during ServiceNow Requirements/Discovery Workshops) so that a single process can be implemented with the Asset Management Go-Live. 5.3.3 Data Delta Management Definition: Data Delta Management, or Data Validation, is an Asset Management activity out of necessity vs. choice. Many organizations spend up to 75% of IT Asset FTE effort on validating the accuracy of IT Asset data. Organizations need a process and supporting technology that can increase data accuracy while reducing the manual effort of data validation. Said validation should focus on critical non- discoverable elements of an asset record such as Owner/User, Location, Status, and etc. ServiceNow Support: The Data Certification plugin within ServiceNow manages scheduled or on- demand validations of CMDB data. Information is added to the CMDB by Discovery, by importing from third-party tools, or manually. For regulatory or procedural reasons, information in the CMDB needs to be checked for accuracy and certified. The person or team responsible for certification can define what information should be verified and the verification schedule. The schedule then generates a checklist for verifying the data. Individuals assigned to certification tasks answer a series of questions to verify the data.
  • 44.
    IT Asset Management SACMProcess Guide v1.3 Page 44 of 120 Data certification can be performed against specific fields on specific tables. Based on the certification schedule, certification tasks are automatically created and assigned. For example, a certification can be set up to validate key information fields (such as Operating System and CPU count) on all Windows servers located in Chicago and automatically be assigned to the appropriate team member. 5.3.3.1 Observations: BDNA data validation is being considered as an option to normalize asset data. 5.3.3.2 Recommendations: Define rules for each asset state to assess whether assets in that state need to be discovered. Define a process to disposition unknown and unidentified assets. 5.3.4 Internal / External Auditing Definition: An IT Asset audit is a comprehensive review of an organization’s adherence to regulatory or contractual guidelines. What, precisely, is examined in an IT Asset audit will vary depending upon whether an organization is a public or private company, what kind of data it handles and if it transmits or stores sensitive financial data. For instance, SOX requirements mean that assets must be cataloged. Healthcare providers that store or transmit e-health records, like personal health information, are subject to HIPPA requirements. Companies that transmit credit card data are subject to PCI requirements. In each case, the organization must be able to demonstrate compliance by producing an audit trail. GRC (governance, risk management, and compliance) enables CIOs to quickly show auditors that the organization is in compliance and will not be subject to costly fines or sanctions. ServiceNow Support: The ServiceNow Platform can provide the needed audit details from supporting manual or automated sources. 5.3.4.1 Observations: An SOP appears to be in place now, but based on manual processes. 5.3.4.2 Recommendations: Once ServiceNow Asset Management has gone live, use ServiceNow as the base data source to begin to automate the existing processes. 5.3.5 Compliance Definition: Software Asset Management (SAM) is the business practice of using people, processes, and technology to systematically track, evaluate, and manage software licenses and software usage. A strong SAM program can help an organization:  Reduce costs: reduce the amount of money your organization spends on software.  Improve compliance: be audit ready with your most used vendors.  Control inventory: identify what you own and maintain an accurate database.  Remove unused software: delete old and unused versions of software.
  • 45.
    IT Asset Management SACMProcess Guide v1.3 Page 45 of 120  Simplify software requests: develop a process for employees to request software.  Reduce vendor list: logically reduce and consolidate the number of software vendors used.  Identify needs: create an accurate list of the software your organization requires. ServiceNow Support: Software Asset Management is a full-featured application for tracking and controlling software licenses. Features include:  Overview page showing key compliance information in graphs.  A variety of license types for software models.  Ability to manage software suites.  Ability to manage upgrade and downgrade software licenses.  Ability to manage unallocated/unused software licenses.  Software counters for reconciliation.  Software discovery models for normalization.  Software License Entitlement2 feature to assign a license to a person or machine. 5.3.5.1 Observations: Inbound software asset names are not clean and include redundancies. Reporting is not streamlined and very difficult to create. 5.3.5.2 Recommendations: Consider a data normalization service (BDNA was mentioned previously for this purpose). Consider including capabilities in compliance reporting that takes into account two versions of the same software installed on the same machine 5.4 Active Asset Management Active Asset Management represents those activities traditionally performed within IT Service Management. When Asset Management has visibility into the ITSM activities then optimization of the asset lifecycle may occur. The cost associated with the service management activities of an asset can be up to 70% of the total cost of said assets. Thus the value in Active Asset Management can be the visibility into the total cost of ownership and subsequent optimization activities to mitigate costs. 5.4.1 IMAC (Install, Move, Add, Change) Definition: IMAC covers all day-to-day activities associated with the scheduling and installation of hardware and software, changes to configuration, de-installation and relocation of equipment, including connectivity testing, data transfer and user orientation. 2 Not to be confused with PL PO Software Entitlement. Refer to Glossary Appendix B
  • 46.
    IT Asset Management SACMProcess Guide v1.3 Page 46 of 120 The objectives of this process are to install equipment with a minimum disturbance of the day-to-day operation and to provide the end-users on-the-spot familiarization with the equipment. Activities concerning hardware relocation or de-installation, and changes to configurations should be performed as scheduled and to the agreed standards, with minimum loss of end-users’ productivity time. ServiceNow Support: The ServiceNow platform supports the performance of IMACs through the standard IT Service Management capabilities. All efforts can be tracked to a configuration item (CI) that is then related to an Asset. All efforts, when related to a CI are reportable in mass based on the CI, Asset, Product Model, and any related attribute (data element). 5.4.1.1 Observations: Server: Want to provide better impact analysis and reporting of the change, but no process change required. Desktop: Gerry gets a spreadsheet from Facilities with a person’s old and new locations and executes IT components of the move from that. Desktop moves are not part of IT CAB; instead they are managed via a weekly facilities meeting. Weekly move sessions planned and executed on a scheduled basis. Consumables: Handsets and headsets are tracked with equipment IDs, but once they are deployed, hard to manage location (when an employee moves or offboards) 5.4.1.2 Recommendations: Document the existing IMAC processes prior to Asset Management implementation. 5.4.2 Break Fix Definition: An ITSM process whereby technical support for computers, servers, networks, software, etc. are performed. There may or may not be a written contract for the charges, however all parties have agreed to the terms. This can be the most expensive form of technical support. Asset Managers can track the associated costs related to the inventory of parts, frequency of break- fix activity per product model, and cost of resources. As activities related to break-fix are performed, they are associated to Incident and/or Problem tasks. The aggregation of related details helps identify the 70% post purchase costs traditionally associated with Assets. ServiceNow Support: The ServiceNow platform supports the creation and management of Incident and Problem records through the standard IT Service Management capabilities. All efforts can be
  • 47.
    IT Asset Management SACMProcess Guide v1.3 Page 47 of 120 tracked to a configuration item (CI) that is then related to an Asset. All efforts, when related to a CI are reportable in mass based on the CI, Asset, Product Model, and any related attribute (data element). 5.4.2.1 Observations: Protective has an open issue around relating a CI to an incident for break-fix purposes 5.4.2.2 Recommendations: Report break/fix performance against asset and supplier, as an input to vendor performance reporting. 5.4.3 Model Management Definition: Models are specific versions or various configurations of an asset (hardware and software), for example, a MacBook Pro 17" or Adobe Acrobat Pro 9. The management of models refers to the activity of identifying and certifying standards associated to the products supported within an organization. The following are Model Management activities that IT Asset Management may perform or participate in:  Certification – Testing hardware and/or software within the environment to determine its feasibility, usefulness, and/or capability  Product Standards – List of those hardware and/or software models that are supported within the organization. An asset not on the supported list may or may not incur extra effort/fees related to support  Consolidation – The support of many product models has a direct cost to an organization. Visibility of the product models and subsequent management can reduce related costs. ServiceNow Support: The ServiceNow platform contains a dedicated environment for the management of models as “Products” within the Product Catalog. The product catalog is a set of information about individual models. Models are specific versions or various configurations of an asset. Models published to the product catalog are automatically published to the service catalog. The service catalog includes information about goods (models) and services. A model may be listed more than once if the model is available from multiple vendors. Asset managers use the product catalog as a centralized repository for model information. A detailed and well-maintained product catalog can coordinate with service catalog, asset, procurement, request, contract, and vendor information. Model categories within ServiceNow are defined groups of assets, consumables, product bundles, and configuration items. Using the categories, you can control what each category creates when a model associated with the category is selected.
  • 48.
    IT Asset Management SACMProcess Guide v1.3 Page 48 of 120 5.4.3.1 Observations: Currently no way to onboard and offboard an entire model category at once. 5.4.3.2 Recommendations: Build a link between CI Category and Model Category to enable Discovery to capture asset information. Define a process to determine standard models to purchase; similarly, define a process to end of life a standard model. 5.4.4 Usage Management Definition: Usage management and monitoring relates to the status of a network's hardware and software assets. Desired Status includes last use, historical use, and current use. An IT Asset Manager utilizes Usage Management to determine waste. Said waste can relate to hardware and software while identifying opportunities for optimization. Understanding how an asset is utilized and to what extent can help qualify need and alternative resources. Additional value from Usage Management is in support of harvesting and/or cascading of IT Assets; identifying when an asset is underutilized and helps to reassign the asset to a more appropriate need. ServiceNow Support: The ServiceNow Platform can integrate with discovery technology to load and report on asset use. After relating use to existing asset and business service records reports can be run to identify opportunities for optimization. 5.4.4.1 Observations: Employee offboarding process does not current facilitate harvesting of that employee’s licensed software. 5.4.4.2 Recommendations: Define a process to harvest software during employee offboarding. 5.4.5 Asset Optimization Definition: Asset optimization is the strategy of obtaining the most optimal use of the organization’s hardware and software assets. However, asset optimization strategies must also take into account other organizational requirements such as security, access control, etc. where those concerns may out weight the benefits of asset optimization options. Examples of asset optimization strategies include: • The practice of consolidating database instances on a certain server to reduce the number of required licenses
  • 49.
    IT Asset Management SACMProcess Guide v1.3 Page 49 of 120 • Determining the breakeven point of licensing an application by Client Access License (CAL) verses by processor, and when the advantage of the chosen license type changes, adjust the deployment of licenses to provide greater advantage to the organization • Determining where and when shared resources provide the organization the better option – VM’s, Clustering, etc. • Co-locating software on certain servers to reduce the licensing of access points to outside the organization • Licensing software at the parent organization level so sub-organizations can take advantage of pooled licenses ServiceNow Support: The ServiceNow Platform has plug-ins for license compliance and within the SAM plug-in, license counts and over- & under-licensing counts can be reported on by software model and by vendor across the models that are licensed for within the firm’s contracts. After relating use to existing asset and business service records reports can be run to identify opportunities for optimization. 5.4.5.1 Observations: The topic of asset optimization in Protective’s environment, with high use of application virtualized and non-persistent desktops, will require more conversation during the implementation project. 5.4.5.2 Recommendations: Consider automatically uninstalling software that is not used within a configurable time threshold. 5.5 Disposition Disposition is the process of maximizing the value of unused or end of life assets through effective reuse or divestment. Both large and small organizations practice asset disposition at some level with the end goal of obtaining the greatest possible return from the asset. Asset Disposition is also used to describe the process of liquidating excess inventory of healthy companies, refurbished items and equipment returned at the end of a lease. Asset Disposition can also refer to the task of recovery of assets that have been wrongfully taken stolen, fraudulently misappropriated or otherwise disposed of to remove them from their rightful owner. 5.5.1 Harvest / Cascade Definition: Harvesting and Cascading refer to the reuse of IT Assets. Harvesting refers to the recovering of a software license from a computer where the software is completely removed and the software license is returned to a pool of available licenses. Cascading refers to the recovery of hardware and reassignment of said hardware to a new user/function.
  • 50.
    IT Asset Management SACMProcess Guide v1.3 Page 50 of 120 ServiceNow Support: The ServiceNow platform supports the identification of underutilized assets through the integration of discovery mechanisms. Reports can be performed that can identify last use and other valuable details needed to identify assets for Harvesting and Cascading. Additional ServiceNow capabilities include Orchestration where triggers can initiate a workflow to install/uninstall software. 5.5.1.1 Observations: Harvesting appears to be a manual opportunistic process today. Does not appear to be strong processes in place to confirm that all available licenses that are not being used, are centrally known and available for another user. 5.5.1.2 Recommendations: Define a process to harvest an employee’s software upon offboarding Consider automatically uninstalling software that is not used within a configurable time threshold. 5.5.2 End of Life / Disposal Definition: End of Life / Disposal occurs when assets eventually the end of their useful lives. Assets then need to be retired and disposed of in a secure, economic and environmentally responsible manner. There are many types of disposal including donation, internal employee sale, recycle, external sale, and etc. Regardless of the disposal type there are many disposal companies that can assist with end of life activities. The key to best practice disposal includes the following  Work with certified disposal agencies  Receive disposal documentation that confirms disposal activities  Wipe/erase hard-drives prior to disposal  Validate disposal activities (don’t just trust agencies – see for yourself) ServiceNow Support: The ServiceNow platform identifies Disposal details on each asset record. Base elements of disposal include Disposal Reason, Scheduled Retirement, Retired Date, Beneficiary, and Resale Price. Additional elements may be added as needed. 5.5.2.1 Observations: Protective uses US Micro as the disposal company. There is one process for both server and desktop disposal.
  • 51.
    IT Asset Management SACMProcess Guide v1.3 Page 51 of 120 5.5.2.2 Recommendations: Consider integration to US Micro’s systems so Protective can reconcile what you think is disposed, is actually disposed. Regardless of the decision around whether or not to integrate with US Micro, the process of disposal should be documented. 5.5.3 Regulatory Management Definition: Regulatory management refers to the understanding and implementation of regulatory requirements, either internal and external, associated to organization’s hardware and software assets within the disposition phase. Integration between IT, Legal, security, human resources and other teams within the organization is essential to identifying the associated regulatory requirements. It is critical for the organization to be able to provide documented evidence for fulfilling required regulatory actions. ServiceNow Support: The ServiceNow platform has a legal hold process and can be integrated into the SAM process for industry specific regulatory requirements. Additional elements may be added as needed. 5.5.3.1 Observations: A legal hold process exists today, both for current employees, and for off-boarded employees. 5.5.3.2 Recommendations: Consider custom ServiceNow integration to more tightly integrate the legal hold process in ServiceNow into Asset Management to enable seamless legal hold functionality. 5.5.4 Data Security Definition: Data security refers to the practice of ensuring the data on organization’s hardware assets within the disposition phase is properly protected. This includes protection of the data through: encryption and/or access control methodologies; certified removal of the data from asset storage devices and/or components (especially hard drives and memory); and even removal of the asset storage devices and/or components (mainly hard drives and memory). Examples of data security best practices include: • Ensuring all laptops have their hard drives encrypted • Ensuring all assets identified for disposal have they internal hard drives and/or other storage media properly erased or removed prior to disposal – this includes computers, printers, multi- functional and mobile devices • Ensuring mobile devices with access to organization information (including email and data) are capable of remote erasing if lost, stolen or otherwise no longer required access to the information.
  • 52.
    IT Asset Management SACMProcess Guide v1.3 Page 52 of 120 ServiceNow Support: The ServiceNow platform identifies Disposal details on each asset record. Base elements of disposal include Disposal Reason, Scheduled Retirement, Retired Date, Beneficiary, and Resale Price. Additional elements may be added as needed. 5.5.4.1 Observations: Security processes are robust today. Drives are encrypted as per normal organizational process. 5.5.4.2 Recommendations: Document the current data security processes. Consider building or enhancing remote erase capabilities if they don’t exist today, as this piece of the topic was not discussed in the workshop. 5.5.5 Validation Definition: Validation is the final step within the disposition phase. This is a critical element – you cannot just trust – you need to validate what was intended to happen actually happened. This includes: ensuring the accuracy of data (status, location and other details) related to the assets within the disposition phase was accordingly updated; ensuring any data on these assets was properly secured (data has been properly removed from hard drives and/or storage devices or those devices destroyed; have been wiped or destroyed. Any activity from a 3rd party related to Disposition should include a Certificate of Disposition (COD) for each and every disposed asset. Vendors should be certified with US Government & ISO Standards of Disposition. Validation also includes the random visit/checks of disposal vendors to ensure the activities promised are the activities performed. ServiceNow Support: The ServiceNow platform identifies Disposal details on each asset record. Base elements of disposal include Disposal Reason, Scheduled Retirement, Retired Date, Beneficiary, and Resale Price. Additional elements may be added as needed. 5.5.5.1 Observations: Destruction is done on site. 5.5.5.2 Recommendations: Document the current policy/process. One open discussion should be held before progressing into the implementation project: Will Protective need to store certificates in ServiceNow? 5.6 IT Financial Management Financial Management is the process of planning, analyzing, directing, and controlling costs. The goal is to have an accurate account of what an organization is spending in order to maximize resources and control spending.
  • 53.
    IT Asset Management SACMProcess Guide v1.3 Page 53 of 120 Financial Management for IT is one of five components in the ITIL Service Delivery area. It determines the costs of services and provides financial accounting support to ensure expenditures fall within approved plans and those funds are well spent. The role of Financial Management varies depending upon the view of IT within the company. Some companies view IT as an expense center, some as a profit center, and some as a cost-recovery center. However, in all cases, Financial Management supports the "business" of IT. Financial Management activities include:  Providing oversight of all IT expenditures  Ensuring funds are available for planned events  Providing detailed financial information for proposed initiatives  Influencing the use of IT assets to maximize the return on IT investments through chargeback systems  Tracking current expenditures against the budget 5.6.1 Total Cost of Ownership Definition: Total Cost of Ownership, or TCO, is the purchase price of an asset plus the costs of operation. When choosing among alternatives in a purchasing decision, buyers should look not just at an item's short-term price, which is its purchase price, but also at its long-term price, which is its total cost of ownership. The item with the lower total cost of ownership will be the better value in the long run. The post purchase cost of assets can reach 70% of the Total Cost of an Asset. Understanding these costs is critical to business decision-making. ServiceNow Support: The ServiceNow Platform contains the Cost Management capability. Cost management tracks configuration item costs. The costs can be allocated to business units and used in reports. Specifically, cost management enables these features:  Using rate cards.  Defining configuration item (CI) costs.  Tracking one-time costs for CIs.  Processing recurring CI costs to generate expense lines.  Distributing bulk costs to multiple expense line sources.  Tracking costs related to tasks and projects.  Aggregating configuration item costs and charging the total cost to a business service or application  Allocating expense lines to business units with flexible allocation rules.  Tracking planned and actual budget costs by cost center. 5.6.1.1 Observations: TCO management is handled elsewhere and is out of scope of ServiceNow. The only component required is allocating asset costs fromwithin ServiceNow, to the organizations that use them.
  • 54.
    IT Asset Management SACMProcess Guide v1.3 Page 54 of 120 5.6.1.2 Recommendations: None noted – asset cost allocation is a clear organizational imperative around this project, and will be a major driver of value for Protective. 5.6.2 Business Service Costing Definition: The goal of Financial Management is the understanding of costs as they relate to the Business Services provided by the organization. When tasked with the decision to maintain and/or migrate services, it is critical to understand the true cost of said services. Business Service Costing pulls all of the TCO related to individual assets and relates them to the services the organization provides. Such activities help organizations plan and optimize for the future. ServiceNow Support: The ServiceNow platform contains the Service Portfolio Management capability. Service Portfolio Management addresses three core business needs:  The plugin can be used to document the various business services offered using a standardized, structured format. This list of offerings can be offered to the user base in a consumer-friendly catalog.  Once services are defined, the system will start automatically tracking performance against defined availability commitments. If outages are reported, the platform handles availability tracking.  Once service offerings are documented and performance is being tracked, the information can be relayed in real-time performance gauges available to end-users. When implemented with the Cost Management capability ServiceNow can track Business Service costs with their related configuration items. ServiceNow supports a related hierarchy to identify the complete view of a business service and its related components such as applications, application instances, databases, servers, virtual servers, and etc. A typical hierarchy may appear as follows:
  • 55.
    IT Asset Management SACMProcess Guide v1.3 Page 55 of 120 5.6.2.1 Observations: Currently, the linkage of business services to major software pieces that have cost is not defined for Protective. 5.6.2.2 Recommendations: The definition of Business Services can be tricky/non-obvious for some organizations. We recommend a rationalization effort to confirm if any business services overlap or are no longer required, given Protective has so many (~500 in Production) due to corporate acquisitions. Fully implement CMDB and CI relationships, to the business service level, to provide full end-to-end visibility into the components that support each business service. 5.6.3 Budgeting / Forecasting Definition: Budgeting enables an organization to plan future IT expenditure, thus reducing the risk of over-spending and ensuring the revenues are available to cover the predicted spend. Additionally it allows an organization to compare actual costs with previously predicted costs in order to improve the reliability of budgeting predictions. ServiceNow Support: The ServiceNow Platform contains the Cost Management capability. Cost management tracks configuration item costs. The costs can be allocated to business units and used in reports. Specifically, cost management enables these features:  Using rate cards.  Defining configuration item (CI) costs.  Tracking one-time costs for CIs.  Processing recurring CI costs to generate expense lines.  Distributing bulk costs to multiple expense line sources.  Tracking costs related to tasks and projects.  Aggregating configuration item costs and charging the total cost to a business service or application  Allocating expense lines to business units with flexible allocation rules.
  • 56.
    IT Asset Management SACMProcess Guide v1.3 Page 56 of 120  Tracking planned and actual budget costs by cost center. 5.6.3.1 Observations: ServiceNow will simply enable the budgeting process, but this will largely take place in another system. 5.6.3.2 Recommendations: During the implementation project, focus on building reporting that is clean and minimizes the amount of work required to prepare, so the overall Budgeting process can be as clean as possible as well. 5.6.4 Depreciation Definition: For accounting purposes, depreciation indicates how much of an asset's value has been used up. For tax purposes, businesses can deduct the cost of the tangible assets they purchase as business expenses; however, businesses must depreciate these assets in accordance with IRS rules about how and when the deduction may be taken based on what the asset is and how long it will last. ServiceNow Support: The ServiceNow Platform can identify and manage depreciation in support of IT Finance. The base instance includes the Financial Management application menu with several modules including Depreciation, Fixed Assets, Expense Lines, and Cost Centers. ServiceNow can calculate depreciation for a fixed asset using a choice of depreciation schedules. This can help IT coordinate with the corporate fixed asset system to report correct valuation and book value 5.6.4.1 Observations: Not in scope of the implementation, as this function will continue to occur in another system even after Asset Management is implemented 5.6.4.2 Recommendations: None noted – out of scope. 5.6.5 Cost Allocation / Chargeback Definition: Understanding how and why IT customers use services is critical to service planning as well as effectively managing costs and optimizing resources for business needs. IT managers are responsible for costly and complex assets of the company; they need to know how IT resources are
  • 57.
    IT Asset Management SACMProcess Guide v1.3 Page 57 of 120 utilized. They increasingly need to be able to provide reports to non-technical managers, to continually align IT resources with business activity. It is essential to have an understanding of IT resource usage when allocating scarce IT resources and talking too managers and internal users. Using IT chargeback is the best way to change end user behavior. In addition to being perceived as fair and accurate, a chargeback system also helps optimize IT investment utilization. An analogy is the electricity company that charges more during peak usage in order to spread the load more evenly during the day, thus utilizing the electrical grid systembetter. ServiceNow Support: The ServiceNow Platform contains the Cost Management capability. Cost management tracks configuration item costs. The costs can be allocated to business units and used in reports. Specifically, cost management enables these features:  Using rate cards.  Defining configuration item (CI) costs.  Tracking one-time costs for CIs.  Processing recurring CI costs to generate expense lines.  Distributing bulk costs to multiple expense line sources.  Tracking costs related to tasks and projects.  Aggregating configuration item costs and charging the total cost to a business service or application  Allocating expense lines to business units with flexible allocation rules.  Tracking planned and actual budget costs by cost center. Expenses can be allocated to a business entity that is responsible for the expense. This is not considered charge-back or billing but could be used as a source for billing. The primary purpose of expense allocation is to represent the consumer of the process that has incurred some expense. This can be accomplished by defining expense allocation rules. 5.6.5.1 Observations: Desktop and phone allocated by user Others are allocated via used by business service 5.6.5.2 Recommendations: Continue to drive cost allocation as the organizational imperative it appears to be. No other recommendations noted.
  • 58.
    IT Asset Management SACMProcess Guide v1.3 Page 58 of 120 6 ServiceNow Configuration Requirements The following identifies foundational configuration elements for the implementation of IT Asset Management within ServiceNow. 6.1 ServiceNow Plugins Plugins provide additional optional functionality that administrators can activate within a ServiceNow instance. Refer to this URL for additional plugins available and more in-depth information about each plugin https://wiki.servicenow.com/index.php?title=List_of_Plugins The following Plugins are recommended for consideration within the PL instance of ServiceNow in support of IT Asset Management: Name Description ExtendedCMDB Addsadditional 144 tables(includingPersonal Computer) for use withinthe CMDB. FieldNormalization Addscapabilitytonormalize fieldvalues. My Assets My Assetspluginprovidesuserswithself-service accessto theirownassets, contracts,and requests. Procurement Procurementmanagerscanuse the Procurementapplication to create purchase ordersand to obtainitemsforfulfilling service catalogrequests.Procurementoffersthe abilityto: • Track service catalogrequests • Create and manage purchase orders • Create and manage transferorders • Receive assets Software AssetManagement Providesthe capabilitytodosoftware assetmanagement, includesreconciliationof entitlementstolicenseincluding those fornamedusers,workstation, andenterprise software agreements. NOTE: this pluginshould be reinstalledaftera change to or additionof a discoverytool. 6.2 Model / Class (Product Catalog) The ServiceNow Product Catalog is critical to the implementation of Asset Management and related lifecycle elements within the ServiceNow platform. The product catalog is a set of information about individual Models. Models are specific versions or various configurations of an asset. Models published to the product catalog are automatically published to the service catalog. The service catalog includes information about goods (models) and services. A model may be listed more than once if the model is available from multiple vendors. Keep the following in mind when working with product catalog:  A product catalog item can be linked to multiple vendor catalog items or a single model.  A model can only have one product catalog item.  A vendor catalog item can only have a single product catalog item.
  • 59.
    IT Asset Management SACMProcess Guide v1.3 Page 59 of 120 Asset managers use the product catalog as a centralized repository for model information. A detailed and well-maintained product catalog can coordinate with service catalog, asset, procurement, request, contract, and vendor information. The following depicts the basic ServiceNow model-class-asset relationships: 6.3 Models Models are specific versions or various configurations of an asset. Models are used for managing and tracking assets through various ServiceNow asset applications, including Product Catalog, Asset Management, Software Asset Management, CMDB, and Procurement. Model definitions can be based on vendor-provided criteria (for example, the manufacturer name Apple MacBook Pro) or a custom abstraction (for example, Graphic Designer Workstation). A model can be in one or more model categories. For example, a laptop can be a computer and a server. Model definitions specify whether the model creates an asset, a configuration item, or both. On a hardware model record, compatible hardware models can be added.
  • 60.
    IT Asset Management SACMProcess Guide v1.3 Page 60 of 120 For details on creating a new Model please visit the ServiceNow Wiki at Creating New ServiceNow Models. The Display Name of a model is a combination of data attributes; Manufacturer and Model Name. Thus for the creation of a Model these two data elements should be required for consistency in the naming convention. Consumables are assets that are not tracked individually, but as a group of the same model with one or more of the following traits:  Same location  Same state  Consumed by the same asset (typically as accessories or parts)  Common consumable assets are computer mice and computer keyboards. Consumables follow a slightly different life cycle than other assets. 6.4 Asset Class The default asset classes are Hardware, Software License, and Consumable. These general classes can be used to manage a variety of assets. If the general classes are not appropriate for a specific group of assets, consider creating a new asset class. For example, a fleet of cars could be tracked in a custom asset class named Vehicle. Before creating new asset classes, analyze business needs to see if the general classes can be used. A large number of asset classes can be difficult to maintain. Built-in functionality allows you to use asset classes:  for financial tracking  in a model bundle  as a pre-allocated asset It is recommended that PL utilize the default asset classes within ServiceNow. 6.5 Configuration Item Class (Model Category) Model categories are defined groups of assets, consumables, product bundles, and configuration items. For example, create separate model categories for printers, servers, software, and computers. Using the categories, you can control what each category creates when a model associated with the category is selected. The categories also define the relationship between a CI class and an asset class. A model category can be related to many models and a model can be related to many model categories. For example, a specific model of a computer can be a computer and a server. PL will need to compare existing Categories with recommendations noted below SN Product Category Asset CI SN Notes Accessory alm_hardware cmdb_ci_acc PleaseReview
  • 61.
    IT Asset Management SACMProcess Guide v1.3 Page 61 of 120 Business Service cmdb_ci_service Circuit cmdb_ci_circuit Communication Device alm_hardware cmdb_ci_comm Communications Device - currently being used for Telecom Network Devices Communication Device alm_hardware cmdb_ci_comm Computer Peripheral alm_hardware cmdb_ci_peripheral review sub categories and rationalize ESX Server alm_hardware cmdb_ci_esx_server Generator alm_hardware u_generator Group with Datacenter, Consider table name that aligns with standard (u_cmdb_ci_) IP Router alm_hardware cmdb_ci_ip_router IP Switch alm_hardware cmdb_ci_ip_switch Linux Server alm_hardware cmdb_ci_linux_server Panel alm_hardware u_panel Consider tablename that aligns with standard (u_cmdb_ci_) PDU alm_hardware cmdb_ci_pdu Personal Computer alm_hardware cmdb_ci_pc_hardware change to Personal Computer Printer alm_hardware cmdb_ci_printer Rack alm_hardware cmdb_ci_rack Server Chassis alm_hardware cmdb_ci_chassis_server UPS alm_hardware cmdb_ci_ups 6.6 Asset and Configuration Item Status ServiceNow tracks the Lifecycle State and Configuration Status of Assets. An Asset record will display an Asset State where a Configuration Item (CI) will display a Status. Asset states and corresponding substates can be used to accurately track assets at a detailed level. Good asset information helps with reporting, controlling assets, and lowering costs. For example, accurately recording missing items using the Missing state and the Lost and Stolen substates enable you to run reports and analyze the information in order to lower costs. The Status fields on the two forms, asset and configuration item, are synchronized so that status changes made on one form trigger the same status update on the corresponding form, ensuring consistent reporting. (As a best practice, ServiceNow, Inc. recommends updating status on the asset form.) All state fields are synchronized as well. State fields are mapped to their most logical counterpart on the other table. For example, for a hardware asset set to state In Stock - Pending disposal, the corresponding CI is set to In Disposition with no substate. 6.7 Asset States (install_status)
  • 62.
    IT Asset Management SACMProcess Guide v1.3 Page 62 of 120 The following states and substates are default for ServiceNow. It is recommended that PL utilizes these default states and substates and merges their existing states and substates to align with the defaults as best as possible. State Available Substates Notes On order None Asset has been ordered but not received. In stock Available, Reserved, Defective, Pending repair, Pending install, Pending disposal, Pending transfer, Pre-allocated Asset is stored in a stockroom. Substate indicates if it is possible or recommended to put the asset into use. In transit Available, Reserved, Defective, Pending install, Pending disposal, Pre-allocated In use None Available only for non-consumables. Consumed None Available only for consumables. In maintenance None Asset is being repaired or undergoing maintenance. Retired Disposed, Sold, Donated, Vendor credit Setting an asset to a Retired state is recommended for asset end of life. Only delete asset records that were created erroneously. Missing Lost, Stolen 6.8 CI Statuses (install_status) The following status and substatus are default for ServiceNow. It is recommended that PL utilizes these default statuses and substatuses and merges their existing status and substatuses to align with the defaults as best as possible. CI-Install status Available CI SubStatus In Stock Available In Stock Reserved Pending Repair blank Pending install blank In Stock blank Pending Repair Repairable Pending install Reserved In Stock Disposable In Stock Pre-allocated Installed In use In maintenance blank Retired blank Retired Scrapped Retired Sold Retired Donated
  • 63.
    IT Asset Management SACMProcess Guide v1.3 Page 63 of 120 Retired Credit Absent blank Absent Lost Stolen blank 6.9 Asset & CI State/Status Synchronization The Status fields on the two forms (Asset and CI) are synchronized so that status changes made on one form trigger the same status update on the corresponding form, ensuring consistent reporting. (As a best practice, ServiceNow, Inc. recommends updating status on the asset form.) All state fields are synchronized as well. State fields are mapped to their most logical counterpart on the other table. For example, for a hardware asset set to state In Stock - Pending disposal, the corresponding CI is set to In Stock with no substate. Below are the synchronization mappings from Asset to CI State/Status: Asset State Asset substate CI-Install status On order None In Stock Available In Stock In Stock Reserved In Stock In Stock Defective Pending Repair In Stock Pending repair Pending Repair In Stock Pending install Pending install In Stock Pending disposal In Stock In Stock Pending transfer In Stock In Stock Pre-allocated In Stock In transit None In Stock In transit Available In Stock In transit Reserved In Stock In transit Defective Pending Repair In transit Pending install Pending install In transit Pending disposal In Stock In transit Pre-allocated In Stock In use None Installed In maintenance None In maintenance Retired None Retired Retired Disposed Retired Retired Sold Retired Retired Donated Retired Retired Vendor Credit Retired Missing None Absent Missing Lost Absent Missing Stolen Stolen 6.10 Naming Conventions & Data Normalization Naming conventions are important for the normalization of data within the ServiceNow platform. Often naming conventions are not enough and additional assistance is needed to help normalize data. The following are best practices and recommendations for the normalization of data and naming conventions.
  • 64.
    IT Asset Management SACMProcess Guide v1.3 Page 64 of 120 6.11 Naming Conventions The following are best practices as they relate to naming conventions related to IT Asset Management in ServiceNow. PL will need to compare existing naming conventions with best practices noted below Hardware Models: Hardware Model Display Name is a combination of the Manufacturer Name and the Model Name. For example if a Model has a manufacturer of Dell and a Model Name of Optiplex 760 then the Display Name for the Hardware Model record will be Dell Optiplex 760. ServiceNow, by default, will utilize the Hardware Model Display Name when referencing Assets, CI’s, Catalog Items, and Contracts. Thus retention of the ServiceNow naming convention for Hardware Models is important. Software Models: Software Model Display Name is a combination of the Manufacturer Name, Model Name, and Version. For example if a Model has a manufacturer of Adobe, a Model Name of Acrobat Pro, and a Version of 9 then the Display Name for the Software Model record will be “Adobe Acrobat Pro 9”. ServiceNow, by default, will utilize the Software Model Display Name when referencing Software Licenses, Software Counters, Catalog Items, and Contracts. Thus retention of the ServiceNow naming convention for Software Models is important. Asset Record: Asset records Display Name is a combination of the Asset Tag and the Model ID (Display Name). For example if an Asset record had an Asset Tag of C67893 and a Model ID (Display Name) of Dell Inc. XPS 14z then the Asset record Display Name would be “C67893 - Dell Inc. XPS 14z”. 6.12 Data Normalization Field Normalization includes two features: normalization and transformation. Normalization forces the ServiceNow platform to convert different forms of the same field value to a single, accepted value automatically. By forcing a field to use a simple, recognizable description for multiple variations of the same thing, normalization can eliminate duplicate records and make searches easier. In addition to reconciling different forms of the same value in fields, normalization can be configured to adjust queries automatically to return normalized results. Transformation enables an administrator to transform raw field input into standardized values that are more meaningful to an organization. An example of a standardized value might be to round RAM size in configuration items to a whole number, such as 4000 MB instead of 4112 MB.
  • 65.
    IT Asset Management SACMProcess Guide v1.3 Page 65 of 120 Transformations are controlled by parameters and conditions and can be configured to return transformed values in queries. 6.13 Integrations ServiceNow integrates with many third party applications and data sources. Two types of integrations are listed:  Base systemintegrations use ServiceNow plugins and include CMDB, Change Management, Incident Management, Problem Management, Single Sign-on, and User Administration.  Custom integrations are implemented through your ServiceNow Professional Services Consultant The ServiceNow platform is based on service-oriented architecture (SOA), in which all data objects can use web services to access bi-directional data-level integration. The interface is also direct and dynamic because all modifications to existing objects and all new objects are automatically published as a Direct Web Service. A more indirect web service creation and usage can be achieved through Mapped Web Service where a transform map is used to gather incoming web service data into the final tables. Finally, an advanced Scripted Web Service technique is available for defining process- based web services, where data is irrelevant, but serves more as a trigger for a process or a composite of actions that execute at the server. Additionally the platform offers a rich interface for loading external data using import sets. Using this feature, you can load from various data sources such as HTTPS, FTPS, and SCP using file formats such as XML, CSV, and Microsoft Excel XLS files. Information can also be pulled from a data source using a direct JDBC connection, provided the network connectivity allows. Information can be pulled from the platform to an external platform using an ODBC Driver. Forms, lists, and reports on the platform can be accessed directly using a URL, which facilitates integration on the UI level between two or more web applications. 6.14 MID Server PL may require a MID Server for Asset data integrations. The Management, Instrumentation, and Discovery (MID) Server is a Java server that runs as a Windows service or UNIX daemon. The MID Server facilitates communication and movement of data between the ServiceNow platform and external applications, data sources, and services. 6.15 Web Services HTTP-based Web Services allow diverse applications to talk to each other. ServiceNow supports both inbound (provider) and outbound web service consumer services. PL will utilize Web Services to communicate with some integration points. Web Service Data Format Types - The following standard data format types are supported by ServiceNow via the HTTP protocol:
  • 66.
    IT Asset Management SACMProcess Guide v1.3 Page 66 of 120  SOAP - http://en.wikipedia.org/wiki/SOAP  JSON - http://json.org/  CSV - http://en.wikipedia.org/wiki/Comma-separated_values  EXCEL - http://en.wikipedia.org/wiki/Microsoft_Excel_file_format#File_formats  XML - http://en.wikipedia.org/wiki/XML  PDF - http://en.wikipedia.org/wiki/Portable_Document_Format
  • 67.
    IT Asset Management SACMProcess Guide v1.3 Page 67 of 120 7 SERVICENOW IMPLEMENTATION ServiceNow recognizes the complex nature of IT Asset Management and the need for a successful implementation of technology in support of ITAM processes. Based on industry standards, best practices, and real-world experience the Implementation of ServiceNow follows a methodology that combines organizational goals with practical reality. 7.1 Implementation Methodology ServiceNow follows the International Standards Organization (ISO) recommendations for tiered implementation of best-in-class IT Asset and Software Asset Management environments. Tier 1 Good data isa prerequisite forgoodITAM& SAM. A commonmanagementobservation that applieshere isthat“youcannot manage whatyou donot know”.Thistieralso providesthe basisfordemonstratinginventorymanagementandlicense compliance, whichis typicallyahighprioritymanagementobjective. Tier 2 In practice,practical managementbeginsafterthe organizationhasrecognizedthe issues resultingfromnothavingtrustworthydata.The organizationrecognizesthe extentof the risksit facesas well asopportunitiesforimprovementandsavings.Thistierincludes targetinganddelivering“quickwins”made obviousbytier1. Tier 3 Buildingonthe foundationof the previoustwotiers,thistierdrivesthe integrationof ITAM& SAMintooperational ITSMprocesses.The resultisimprovedefficiencyand effectiveness. Tier 4 Thistieraddressesthe more advancedanddemandingaspectsof full ITAM& SAM, includingitsfull integrationintostrategicplanningforthe organizationincludingbutnot limitedtoBusinessService ManagementandFinancial Management.
  • 68.
    IT Asset Management SACMProcess Guide v1.3 Page 68 of 120 Implementation Tier with The ServiceNow Asset Management Methodology The ISO Implementation tiers relate to the Towers within the ServiceNow Asset Management Best Practices Methodology. Based on the Asset Management activities being performed and/or implemented within an organization a current capability and an implementation roadmap may be identified. Tier 0 Governance: Before implementation of Asset Management activities, organizations should address best practices related to Governance as outlined in the ServiceNow Asset Management Methodology. The critical foundational elements include Policy with Roles & Responsibilities, Processes, and Education/Training. Tier 1 Trustworthy Data: Good data is a prerequisite for good ITAM & SAM. A common management observation that applies here is that “you cannot manage what you do not know”. This tier also provides the basis for demonstrating inventory management, reporting, and license compliance. Technology requirements include an Asset Repository with effective and usable data (Models, Assets, Configuration items) that can be readily transformed into knowledge. Tier 2 Practical Management: The focus of Tier 2 efforts within the ServiceNow Asset Methodology is specific to Fulfillment and Auditing. An organization should have Discovery, Contract Management, and Software Compliance. Technology requirements include hardware/software discovery, software purchase record repository, contract terms & conditions repository, and warranty/maintenance attributes.
  • 69.
    IT Asset Management SACMProcess Guide v1.3 Page 69 of 120 Tier 3 Operational Integration: The integration of the ITAM Lifecycle throughout the organization including ITSM is critical for efficiency and effectiveness. Identifying and managing the “use” of assets in the field helps to locate opportunities for optimization. Technology requirements include Service Catalog, Procurement, and Vendor Management. This tier also provides the bases for demonstrating Financial Management within Tier 4. Tier 4 Strategic Conformance: Tier 4 addresses the more advanced and demanding aspects of full ITAM. Elements of Tier 4 include full integration into strategic planning for the organization including but not limited to Business Service Management and Financial Management. Technology requirements include Financial Management, Costing (rate cards), Contract Financials, and CMDB Relationships. Planning for Implementation: The Tiered approach is best implemented using the following phased activities: Note: While each Phase builds on one another, the prior Phase does not have to be completed before the next Phase begins.
  • 70.
    IT Asset Management SACMProcess Guide v1.3 Page 70 of 120 7.2 PL Current Capability Summary The following is a summary of finding related to an appraisal of current capability in the performance of IT Asset Management. This assessment is based on 2 days of onsite effort and a review of best practices with the PL team. Specific observations can be found in Section 5 of this document. Capability Score: The total capability scoring for PL is a 1.8 out of 4 (24/50). This score is a bit under 50% due to some key Activity items in Tier 0 and Tier 1 that must be accomplished and therefore more weighted. Overall, impressive for the organization as a whole and on the right path for future successes. The following are Capability recommendations for PL: I made an attempt to be fair in the scoring. While it is true that you have control over the processes that underlay the data for analysis, by not having documented procedures and an automated way for various ITIL staff to be able to gather that data in a coherent and expedited manner, the scores were skewed in a way that great efforts should be made to review ALL of the activities for not only improvements but integrations where the work has already been done in definition but needs publishing and adherence to compliance for the organization. 7.3 Tier 0 Governance Capability Unperformed (4/10) - The PL organization has performed 4 of 10 activities within Tier 0 Governance. It is recommended that PL establish and assign Roles & Responsibilities for ITAMactivities. The assignment of roles and responsibility will enable PL to move forward with recommended best practices. Tier 0 Activity Performed Centralized Asset Use Policies Yes Shared Asset Processes Yes Shared Asset Procedures No Processes Reviewed for Intended Outcome Yes Standard Process/Procedure Format No Industry Training in ITAM No Local User Group Participation Yes End User Training on Asset Policies & Procedures No Established KPI's for IT Asset Lifecycle Management No Roles & Responsibilities identified for ITAM Activities No 7.4 Tier 1 Trustworthy Data
  • 71.
    IT Asset Management SACMProcess Guide v1.3 Page 71 of 120 Unperformed (5/10) - The PL organization has performed 5 of 10 activities within Tier 1 Trustworthy Data. It is recommended that PL establish an enterprise wide capability for discovering and validating IT Assets in a manner that ensures visibility throughout the Enterprise. Tier 1 Activity Performed Centralized Repository for Assets (including financial/contractual data) No Standardized Hardware & Software Models Yes Centralized Inventory Management Yes Centralized ITAM Reporting No Internal Enterprise-wide Discovery Yes Visibility of all Asset Across the Organization No Acquisition Details of All Assets Yes Status/State of All Assets No Established KPI's for Data Accuracy No Automation of Data Population Yes 7.5 Tier 2 Practical Management Unperformed (5/10) - The PL organization has performed 5 of 10 activities within Tier 2 Practical Management. It is recommended that PL focus on Software Asset Management capabilities through automation and compliance views. Tier 2 Activity Performed Validated Discovery of PC Software Throughout the Enterprise No Validated Discovery of Datacenter Software Throughout the Enterprise Yes Software Catalog No Contract Repository Yes Contract Terms & Conditions Repository Yes Contract Lease/Warranty/Services Dates Recorded Yes Contracts Related to Assets and/or Configuration Items No Centralized Software Purchase Record Repository (Entitlements) Yes Centralized Software Compliance View No Established KPI's for Software Compliance No 7.6 Tier 3 Operational Integration Unperformed (5/10) - The PL organization has performed 5 of 10 activities within Tier 3 Operational Integration. It is recommended that PL establish integration between the Asset Repository and Lifecycle Management Elements – Catalog, Purchasing, and CMDB. Tier 3 Activity Performed CMDB No
  • 72.
    IT Asset Management SACMProcess Guide v1.3 Page 72 of 120 CI to CI Relationships No Incident/Problem Reporting for Vendor Management Yes Centralized Service Catalog Yes Centralized Purchasing Yes Integrated Service Catalog to Purchasing No Integrated Service Catalog to Asset Repository No Integrated Purchasing and Asset Repository Yes Integrated Asset Repository and CMDB No Established KPI's for Asset Purchasing Yes 7.7 Tier 4 Strategic Conformance Unperformed (5/10) - The PL organization has performed 5 of 10 activities within Tier 4 Strategic Conformance. It is recommended that PL establish Tiers 0-2 before full implementation efforts related to Tier 4. Tier 4 Activity Performed Business Service Mapping in CMDB No Financial Costing for Configurations Yes Rate Cards for Services Yes Rate Cards for Contracts Yes Rate Cards for Activities Yes Integrated Total Cost of Ownership Reporting No Integrated Budgeting/Forecasting Reporting Yes Depreciation Management No Chargeback/Showback No Established KPI's for Financial Management of Assets No
  • 73.
    IT Asset Management SACMProcess Guide v1.3 Page 73 of 120 7.8 Implementation Roadmap The following implementation roadmap has been assembled for the successful implementation of Asset Management Processes and Technology. This roadmap is provided based on the current capability of PL (Section 7.2) as well as the goals of the organization. This roadmap is a practical implementation recommendation based on best practices and experiences. 7.9 Roadmap Overview The primary goal of the Asset Workshop was to identify opportunities to establish and utilize best practices for Asset Management. ServiceNow utilizes the workshop to identify the current capability of PL in support of recommendations for implementation. The effort of implementing Asset Management with any organization carries a delicate balance between process and technology. The industry identifies that a successful Asset Management capability is based on 80% Process and 20% Technology. 7.10 Process Roadmap The Process Roadmap is assembled based on the Best Practices of Asset Management (Section 4) and the Capability Summary (Section 7.2). Process Technology Capacity Management Demand Management Software Asset Management Hardware Asset Management Policies Shared Processes & Procedures Education & Training Roles & Responsibilities
  • 74.
    IT Asset Management SACMProcess Guide v1.3 Page 74 of 120 Process Elements - The following elements are needed for the performance of IT Asset Lifecycle Management as they are related to the ISO Implementation Tiers. o Governance o Active Asset Management o Fulfillment o Auditing o Disposition o Financial Management Capability - The Capability results (Section 6.2) for PL are as follows: Tier / Activity Score Tier 0 – Governance 0.4 Tier 1 – Trustworthy Data 0.5 Tier 2 – Practical Management 0.5 Tier 3 – Operational Integration 0.5 Tier 4 – Strategic Conformance 0.5 Total Capability Score (out of 4.0) 1.8 Process Roadmap Implementation Recommendation – 4 Phases It is recommended that PL focus on the following elements as a roadmap to Asset Management Best Practices: o Phase 1 – Tier 0 & Tier 1 in support of Asset Management Implementations o Phase 2 – Tier 2 after Phase 1 and in support of Software Asset Management Implementations o Phase 3 – Tier 3 after Phase 1 and in support of Service Catalog and Optimized Configuration Management o Phase 4 – Tier 4 after efforts of Phases 1-3 7.11 Technology Roadmap
  • 75.
    IT Asset Management SACMProcess Guide v1.3 Page 75 of 120 The Technology Roadmap is assembled based on the Best Practices of Asset Management (Section 4). Practical experience has identified the need for a prescriptive and phased approach for Asset Management. This roadmap is intended as a guide for PL. Technology Elements & Restrictions: The following elements are needed for the performance of IT Asset Lifecycle within ServiceNow: o Service Catalog o Asset Management o Software Asset Management o Extended CMDB o Financial Management (with Cost Management) ID Element Restrictions 1 Service Catalog Service Catalog will require the use/management of Models for standard assets (hardware/software). Additionally, Service Catalog will require workflow fromthe Request& Acquisitionprocess. 2 AssetManagement Use/managementof Modelsforstandardassetsisneeded.Asset detailsare requiredinordertouniquelytrackandrelate provisioned assets. 3 Software Asset Management Discoveryis requiredforSoftware Asset Managementperformance. 4 ExtendedCMDB Capacity & Financial Managementis dependent upon a fully built out CMDB. The current CMDB does not have a complete picture of the environment. Additionally, best practice follows the lifecycle creation of records where an Asset exists BEFORE the creation of a Configuration Item. The CMDB needs all relationships completed fromCI to CI to Services. • Requisition • Provisioning • Automated Workflow • Model Management 1. SN Service Catalog • Model Management • Asset Repository • Costing • Contract Ts&Cs 2. SN Asset Repository • Software Entitlements • Enterprise Discovery • Software Counters (Compliance) 3. SN SoftwareAsset Management • Configurations • CI to CI Relationships • Application/Service Chunking 4. SN CMDB • Total Cost of Ownership • Business Service Costing • Expense Allocations • Budgets • Chargeback/Showback 5. SN Financial Management
  • 76.
    IT Asset Management SACMProcess Guide v1.3 Page 76 of 120 5 Financial Management Performance of Financial Management requires the fully built Service Catalog, Asset Management, Software Asset Management, and ExtendedCMDBenvironment. Technology Roadmap Risks The implementation of Asset Management within PL carries risks. Some of those risks are listed below:  The large number of non-persistent desktops and high level of application virtualization will need to be reviewed closely during the implementation timeframe  The split of financial capabilities between ServiceNow and other tools is conceptually easy to understand, but will need to be mapped to ServiceNow functionality to confirm the proper way to build this split into the system, to enable cost allocation through ServiceNow but not other financial functionality Technology Roadmap Implementation Recommendation – 4 Phases The Asset Management Roadmap enables the performance of IT Asset Management in a phased approach. The implementation phases allow for rapid returns on effort without the monumental effort and expense. It is recommended that the 5 technology elements of Asset Management be implemented in the following phases: o Phase 1 – Trustworthy Data: Asset Repository and CMDB optimization o Phase 2 – Practical Management: Full IT Asset Management with Software Asset Management o Phase 3 – Operational integration: Integrated Service Catalog with models for lifecycle management o Phase 4 – Financial Management
  • 77.
    7.11.1 ServiceNow AssetManagement Technology Implementation Phases The following details are provided in support of the recommended Technology Roadmap. The Implementation details are created to help scope and document the stories needed for implementation activities. Note: These sections will be discussed for future planning as the SACM components are further planned for all of the following sections in this topic. 7.11.1.1 Phase 1 ServiceNow Asset Management Launch – Trustworthy Data Phase 1 of the ServiceNow IT Asset Management Launch within PL will focus on baseline configurations with data accuracy. A baseline configuration utilizes OOTB data elements and capabilities of ServiceNow, which allows for a rapid start to implementation efforts. 7.11.1.1.1Scope The recommended Scope of Phase 1 includes a primary focus on Trustworthy Data with the following activities:  Asset Repository build  Core CMDB build (including integration to 3rd party discovery tools) 7.11.1.1.2ServiceNow Plugin Activation (For Stories) Pending detailed requirements discussions, the following plugins are recommended in support of Phase 1:  Extended CMDB  Field Normalization 7.11.1.1.3ServiceNow Configurations (For Stories) In support of a rapid implementation, ServiceNow recommends the use of default configurations for IT Asset Management including OOTB data attributes. After the launch of Phase 1 and the resulting trust in the provided asset data then activities may begin to optimize the ServiceNow environment as desired. The following configurations are recommended within Phase 1:  Manufacturer Data Normalization  Hardware/Software Model Name Data Normalization  Data Certification on critical Asset data element such as “Assigned To”  Class & Model Category Mapping  Status 7.11.1.1.4Data Mapping Detailed data mappings within ServiceNow from PL will be discuss at a future date. These mappings will be created with the input and guidance of PL during the onsite implementation workshop and subsequent discussions.
  • 78.
    Process Guide Page78 of 120 7.11.1.1.5PL Activity The following areas have been identified as key requirements for PL and require a critical focus on trustworthy data in Phase 1. It will be imperative to assemble appropriate asset details prior to and during launch activity. The use of discovery technology as a primary source of truth for Asset data will expedite data onboarding and improve data accuracy. The following are recommended Data Activities:  Rationalize discovery data – review asset discovery sources and consolidate where possible. Data overlap can create data integrity issues when multiple sources of truth are creating/updating Asset records.  Gather/Validate Critical Data Elements – Implementation of IT Asset Management will need information related to Locations, Users, Departments, Cost Centers, Company, Manufacturers, and Vendors. If these details are part of data integration efforts then a data sampling will be needed to validate prior to integration completion. For Software Asset Management data will be required related to base/starter Software License purchase record details.  MID Server Implementation – A MID Server is required for many integrations.  Class Mapping - Final mapping of Class structure for Model Categories.  Model Data Onboarding – With so many IT Asset Management elements reliant on Model Data it will be crucial to have this data organized at kickoff so implementation can occur shortly after.  Field Normalization – may be performed with Model Data Onboarding as normalization often begins with Manufacturer and Model normalization.  Integration Activity – After Model Data Onboarding is complete then integration to discovery (sources of truth) may be performed. Rationalization should be completed prior to implementation activities. Integration may create asset records that are not already seen within the ServiceNow environment. Allowing discovery/integration technology to create records facilitates a quicker phase launch as well as utilizing a source of truth.  Hardware Data Onboarding – After integration Activity is complete then additional, non discoverable, data elements can be loaded for each Asset/CI  Data Certification – After hardware data is fully loaded then Data Certification configuration can occur.  Process Testing & Validation – After hardware data is fully loaded then process testing may begin. 7.11.1.1.6Integrations Activity (For Stories) PL will integrate ServiceNow Asset Management with multiple points. Two types of integrations are listed:
  • 79.
    Process Guide Page79 of 120  Base systemintegrations use ServiceNow plugins and include CMDB, Change Management, Incident Management, Problem Management, Single Sign-on, and User Administration.  Custom integrations are implemented through your ServiceNow Professional Services Consultant 7.11.1.1.7Required Foundation Data Elements (For Stories) The following Foundation Data Elements are required in the management of Asset Data within ServiceNow including Status, Cost Center, Company, and Location: Model Categories – ServiceNow recommends utilizing the detailed Product Category mappings provided by ServiceNow and embedded in section 6.5. Update the table below as needed during the planning stages for implementation SN Product Category Asset CI SN Notes Accessory alm_hardware cmdb_ci_acc Business Service cmdb_ci_service Circuit cmdb_ci_circuit Communication Device alm_hardware cmdb_ci_comm Communications Device - currently being used for Telecom Network Devices Communication Device alm_hardware cmdb_ci_comm Computer Peripheral alm_hardware cmdb_ci_peripheral review sub categories and rationalize ESX Server alm_hardware cmdb_ci_esx_server Generator alm_hardware u_generator Group with DataCenter, Consider table name that aligns with standard (u_cmdb_ci_) IP Router alm_hardware cmdb_ci_ip_router IP Switch alm_hardware cmdb_ci_ip_switch Linux Server alm_hardware cmdb_ci_linux_server Panel alm_hardware u_panel Consider tablename that aligns with standard (u_cmdb_ci_) PDU alm_hardware cmdb_ci_pdu Personal Computer alm_hardware cmdb_ci_pc_hardware change to Personal Computer Printer alm_hardware cmdb_ci_printer Rack alm_hardware cmdb_ci_rack Server Chassis alm_hardware cmdb_ci_chassis_server UPS alm_hardware cmdb_ci_ups Asset State & Sub-State – ServiceNow recommends utilizing the Asset Lifecycle States provided by ServiceNow and documented below.
  • 80.
    Process Guide Page80 of 120 State Available Substates Notes On order None Asset has been ordered but not received. In stock Available,Reserved, Defective, Pending repair,Pending install,Pendingdisposal, Pending transfer,Pre-allocated Asset is stored in a stockroom. Substate indicates if it is possibleor recommended to put the assetinto use. In transit Available,Reserved, Defective, Pending install,Pendingdisposal, Pre-allocated In use None Availableonly for non-consumables. Consumed None Availableonly for consumables. In maintenance None Asset is being repaired or undergoing maintenance. Retired Disposed,Sold,Donated, Vendor credit Setting an assetto a Retired state is recommended for assetend of life.Only delete assetrecords that were created erroneously. Missing Lost, Stolen CI Status – ServiceNow recommends utilizing the CI Lifecycle Status OOTB as documented below. CI-Install status Available CI SubStatus In Stock Available In Stock Reserved Pending Repair blank Pending install blank In Stock blank Pending Repair Repairable Pending install Reserved In Stock Disposable In Stock Pre-allocated Installed In use In maintenance blank Retired blank Retired Scrapped Retired Sold Retired Donated Retired Credit Absent blank Absent Lost Stolen blank Cost Center – Cost Center will be utilized as the primary Cost Center attribute. Final validated data is needed from PL for the population of the Cost Center table within ServiceNow. The following is recommended for implementation: SN Attribute SN Notes Name Populate names of Cost Centers (currently just codes) Code Cost Center Code PL to provide Cost Center Data during implementation project
  • 81.
    Process Guide Page81 of 120 Company & Department – Identifying the organizational structure through the use of the Company & Department attributes is critical for IT Asset Management. ServiceNow recommends a hierarchy to identify the institutional structure with the associated BU’s. PL to provide Company Hierarchy Data during implementation project Location – Location data is critical for accurately identifying the physical location of assets. This data is needed to for both ITAM and ITSM. Unlike HR related data that identifies location for People, Asset needs to identify locations of IT Assets including those found in Data Centers, IT Closets, Stockrooms, and etc. The following is recommended for implementation: Validate all the non-user related locations (current locations based on facilities records) PL to provide Location Hierarchy Data during implementation project 7.11.1.1.8Roles and Activities PL will need to identify who will be responsible for IT Asset Management and related activities. As stated in Section 5.1.2, it is recommended that an Asset Center of Excellence teambe created for the management and oversight of Enterprise Asset Activities with localization of enterprise processes. The following Activities should be validated and mapped to Asset Management Roles within PL. Activities ProcessPlanning and Request Produce AssetManagementPlan Define what'sinscope (Models. etc.) Determine selectionguidelines PerformAudit Baseline AssetandCMDB Procurement Manage Vendors Add/Remove newvendors Add/Remove newModels Evaluate appropriate attributes Stockroom / Receiving Receive newasset InputassetTag onto newhardware Create assetsinthe AssetRepository Validate AssetAttributes Assignappropriate statusin the AssetRepository
  • 82.
    Process Guide Page82 of 120 Validate financialsonassetrecord Deploy/ Financials Activate Licenses,Contractsand/orEntitlement3 s Validate assetattributes(Location,financials...etc.) Validate assetStatus Assignassetstousers Update the AssetRepository Manage / Move, Add,Change (MAC) Ensure approvedChange Request Modifyassetattributesin the AssetRepository Planand organize routine Maintenance Execute assetaudits Determine correctiveaction Initiate corrective action execute corrective action Track asset history Transferassetsto newlocations/storerooms Retire / Dispose Retire ordispose asset Update assetto Disposed/Retire in the AssetRepository Generate Disposal report 7.11.1.1.9Reporting (for Stories) The following reports were identified as desired for PL:  Reporting to support annual software vendor contract true-up  True cost of ownership of a service/ sub-service  Hardware refresh schedule for each direct report of any given manager  End-of-life dates for all hardware components that my team manages  Monthly metrics report with data relevant to the CIO report  List of contracts with upcoming contract renewal dates  Exception report listing all unknown and unidentified assets 7.11.1.2 Phase 2 ServiceNow Practical Management – SAM and Expanded Hardware Asset Management Phase 2 of the ServiceNow IT Asset Management Launch within PL will focus on Practical Management of the activities performed during Phase 1. Activities identified in Phase 1 but unable to be implemented will be brought into Phase 2.
  • 83.
    Process Guide Page83 of 120 Note: ServiceNow does not assume an immediate rolling release from Phase 1 to Phase 2. PL may delay Phase 2 efforts while managing the organizational changes related to Phase 1. Alternatively, PL may combine Phase 1 and Phase 2 efforts or elements thereof. 7.11.1.2.1Scope The recommended Scope of Phase 2 includes a primary focus on Practical Management with the following activities:  Holdover – Any efforts discovered from Phase 1  Full IT Asset Management  Software Asset Management 7.11.1.3 Phase 3 ServiceNow Operational Integration – Service Catalog Phase 3 of the ServiceNow IT Asset Management Launch within PL will focus on Operational Integration. Operational Integration is the focus on efficiency with the IT Asset Management services. 7.11.1.3.1Scope The recommended Scope of Phase 3 includes a primary focus on Practical Management with the following activities:  Integrated Service Catalog  Model lifecycle management 7.11.1.4 Phase 4 ServiceNow Strategic Conformance Phase 4 of the ServiceNow IT Asset Management Launch within PL will focus on Strategic Conformance. Strategic Conformance is the focus on Financial Optimization. 7.11.1.4.1Scope The recommended Scope of Phase 4 includes a primary focus on Practical Management with the following activities:  Total Cost of Ownership  Business Services level cost allocation
  • 84.
    Process Guide Page84 of 120 Appendix A: Document Conventions Symbol Description Processstart / endpoint: Representsthe startingandendingpointof the process. ProcessActivity/Task: Presentsanactivityortask that needstobe accomplishedto produce aspecificoutcome. Predefinedexternal processororganization: Indicatedacontributionfrom an external processororganization. Decision:Indicatesthata questionneedstobe answeredinorderto determine the inordertoidentifythe followingActivity/taskinthe process. The answersare indicatedonthe differentconnectorsattachedtothe decisionbox.EveryanswerislinkedtoanassociatedActivity/task. SystemAction or Function: Indicatesthatan action isbeingperformedinthe systemasan outputof the previousactivityandaninputto the next. Off-page reference:Indicatesareference toanotherdiagramwithinthe same process.The numberof the referenceddiagramisindicatedinthe shape. On-page reference:Indicatesalinktoanotheractivitywithinthe same diagram. Association:Representedbyadotedor dashedline,it indicatesan associationora relationbetweenthe connected,processes,tasksoractivities. Sequence flow:Isrepresentedwithasolidlineandarrowhead,andshowsin whichorderthe activitiesare performed.
  • 85.
    Process Guide Page85 of 120 Appendix B: Glossary of Terms and Acronyms Term Acronym Definition Alert A notificationthatathresholdhasbeenreached,somethinghas changed,or a failure hasoccurred.Alertsare oftencreatedand managedbysystemmanagementtoolsandare managedbythe eventmanagementprocess. Assessment Inspectionandanalysistocheckwhetherastandardor setof guidelinesisbeingfollowed,thatrecordsare accurate,or that efficiencyandeffectiveness requirements are beingmet. Asset Anyresource or capability.The assetsof aservice providerinclude anythingthatcouldcontribute tothe deliveryof aservice.Assetscan be one of the followingtypes:management,organization,process, knowledge,people,information,applications,infrastructure or financial capital. Attribute A piece of informationaboutaconfigurationitem.Examplesare name,location,versionnumber,andcost.Attributesof CIsare recordedinthe configurationmanagementdatabase (CMDB). Back-out An activitythatrestoresaservice or otherconfigurationitem toa previousbaseline.Back-outisusedasa formof remediationwhena change or release isnotsuccessful. Baseline (ITILContinualService Improvement) (ITILServiceTransition) A snapshotthatis usedas a reference point.Manysnapshotsmaybe takenand recordedovertime butonlysome will be usedas baselines.Forexample: ▪ An ITSMbaseline canbe usedasa startingpointtomeasure the effectof a service improvementplan ▪ A performance baselinecanbe usedto measure changesin performance overthe lifetimeof anIT service ▪ A configurationbaselinecanbe usedas part of a back-out planto enable the ITinfrastructure tobe restoredto a knownconfigurationif achange or release fails. Business Services An IT Service thatdirectlysupportsaBusinessProcess,asopposedto an Infrastructure Service,which isusedinternallybythe ITService Providerandisnot usuallyvisibletothe Business.The termBusiness Service isalsousedtomeana Service that isdeliveredtoBusiness CustomersbyBusinessUnits. Category A namedgroupof thingsthathave somethingincommon. Categoriesare usedtogroup similarthingstogether. Change The addition,modification,orremoval of anythingthatcouldhave an effectonIT services.
  • 86.
    Process Guide Page86 of 120 Term Acronym Definition Change Advisory Board CAB A groupof people whosupportthe assessment,prioritization, authorization,andschedulingof changes.A change advisoryboardis usuallymade upof representativesfromall areaswithinthe IT service provider,the business,andthirdpartiessuchassuppliers. Change Management CHG The processresponsibleforcontrollingthe life cycle of all changes, enablingbeneficial changestobe made withminimumdisruptionto IT services. Change Record A record containingthe detailsof achange.Each change record documentsthe life cycle of asingle change.A change recordis createdfor everyrequestforchange. Change Request See RequestforChange. Configuration Record CI Record A recordcontainingthe detailsof aconfigurationitem.Each configurationrecorddocumentsthe lifecycle of asingle configurationitem.Configurationrecordsare storedina configurationmanagementdatabase andmaintainedaspartof a configurationmanagementsystem. Configuration Type CI Type A categorythat isusedto classifyconfigurationitems.The CItype identifiesthe requiredattributesandrelationshipsfora configurationrecord.CommonCItypesincludehardware, document,anduser. Classification The act of assigninga categoryto something.Classificationisusedto ensure consistentmanagementandreporting.CIs,incidents, problems,andchangesare usuallyclassified. Closed The final statusin the life cycle of anincident,problem, orchange. Whenthe status isclosed,nofurtheractionistaken. Closure The act of changingthe statusof an incident,problem,orchange to closed. Configuration Item CI Anycomponentorotherservice assetthatneedstobe managedin orderto deliveranIT service. Informationabouteachconfiguration itemisrecordedina configurationrecordwithinthe configuration managementsystemandismaintainedthroughoutitslife cycle by service assetandconfigurationmanagement. Configuration Management Database CMDB A database usedtostore configurationrecordsthroughouttheirlife cycle.The configurationmanagementsystemmaintainsone ormore CMDBs. Each CMDB storesattributesof CIsand relationshipswith otherCIs. Configuration Management System CMS A setof tools,data,and informationthatisusedtosupportservice assetand configurationmanagement.The CMSis part of an overall service knowledgemanagementandincludestoolsforcollecting,
  • 87.
    Process Guide Page87 of 120 Term Acronym Definition storing,managing,updating,analyzing,andpresentingdataaboutall configurationitemsandtheirrelationships.The CMSalsoincludes informationaboutincidents,problems,knownerrors,changes,and releases.Itmaycontaindata aboutemployees,suppliers,locations, businessunits,customers,andusers.The CMSis maintainedby service assetandconfigurationmanagementandisusedbyall IT service managementprocesses. Configuration Record A recordcontainingthe detailsof aconfigurationitem.Each configurationrecorddocumentsthe life cycle of asingle configurationitem. Continual Service Improvement CSI Ensuresthat servicesare alignedwithchangingbusinessneedsby identifyingandimplementingimprovementstoITservicesthat supportbusinessprocesses.The performance of the ITservice provideriscontinuallymeasuredandimprovementsare made to processes,ITservices,andITinfrastructure inordertoincrease efficiency,effectiveness,andcosteffectiveness. Customer Someone whobuysgoodsorservices.The customerof an IT service provideristhe personorgroup whodefinesandagreestothe service level.The termisalsosometimesusedinformallytomean user,forexample,‘Thisisacustomer-focusedorganization.’ Diagnosis A stage inthe incidentandproblemlife cycles.The purpose of diagnosisistoidentifyaworkaroundforanincidentorthe root cause of a problem. Effectiveness A measure of whetherthe objectivesof aprocess,service,oractivity have beenachieved.Aneffectiveprocessoractivityisone that achievesitsagreedobjectives. Seealso KeyPerformance Indicator. Efficiency A measure of whetherthe rightamount of resource hasbeenused to deliveraprocess,service,oractivity. Emergency Change A change that mustbe introducedassoonas possible,forexample to resolve amajorincidentorimplementasecuritypatch.The change managementprocessnormallyhas aspecificprocedure for handlingemergencychanges. Employee Self Service ESS A module inServiceNow thatallowsuserstomake requests,view articles,logincidents,andsearchthe knowledgebase througha user-friendlywebsite calledthe EmployeeSelf-Service Portal (ESS Portal). Entitlement(s) Numberof rightsto be grantedby a software license Event A change of state that hassignificance forthe managementof anIT service orotherconfigurationitem.The termisalsousedtomeanan alertor notificationcreatedbyanyITservice,configurationitem, or
  • 88.
    Process Guide Page88 of 120 Term Acronym Definition monitoringtool. Impact A measure of the effectof anincident,problem,orchange on businessprocesses.Impactisoftenbasedonhow service levelswill be affected.Impactandurgencyare usedto assignpriority. Incident An unplannedinterruptiontoanIT service orreductioninthe quality of an IT service.Failureof aconfigurationitemthathasnot yet affectedservice isalsoanincident. IT Asset Repository The IT AssetRepositoryprovidesasingle,centralizeddatabase that storesand tracks organizational assetsphysicallyandfinancially Key Performance Indicator KPI A metricthat isusedto helpmanage anIT service,process,plan, project,or otheractivity.Manymetricsmaybe measured,butonly the most importantof these are definedaskeyperformance indicatorsandusedto activelymanage andreportonthe process,IT service,oractivity.Theyshouldbe selectedtoensure thatefficiency, effectiveness,andcosteffectiveness isall managed. Known Error KE A problemthathasa documentedrootcause anda workaround. Knownerrorsare createdandmanagedthroughouttheirlife cycle by problemmanagement.Developmentgroupsorsuppliersmayalso identifyknownerrors. Major Incident The highestcategoryof impactfor an incident.A majorincident resultsin significantdisruptiontothe business. Metric Somethingthatismeasuredandreportedtohelpmanage aprocess, IT service,oractivity. Policy Formallydocumentedmanagementexpectationsandintentions. Policiesare usedtodirectdecisionsandto ensure consistent developmentandimplementationof processes,standards,roles, activities,ITinfrastructure,andsoon. Post- implementation Review PIR A reviewthattakesplace aftera change or a projecthas been implemented.Itdeterminesif the change orprojectwassuccessful and identifiesopportunitiesforimprovement. Priority A categoryusedto identifythe relative importance of anincident, problem,orchange.Priorityisbasedonimpactand urgency,andis usedto identifyrequiredtimesforactionstobe taken.Forexample, the SLA may state that priority2 incidentsmustbe resolvedwithin 12 hours. Problem A cause of one or more incidents.The cause isnotusuallyknownat the time a problemrecordiscreated.The problemmanagement processisresponsibleforfurtherinvestigation. RACI RACI A model usedtohelpdefinerolesandresponsibilities.RACIstands
  • 89.
    Process Guide Page89 of 120 Term Acronym Definition for responsible,accountable,consulted,andinformed. Release One or more changesto in IT service thatare built, tested,and deployedtogether.A singlerelease mayinclude changesto hardware,software,documentation,process,andother components. Requestfor Change RFC A formal detailedproposal forachange to be made.The termis oftenmisusedtomeanchange recordor the change itself. Restore Takingactionto return an IT service tothe usersafterrepairand recoveryfroman incident.Thisisthe primaryobjective of incident management. Risk A possible eventthatcouldcause harmor lossor affectthe abilityto achieve objectives.A riskismeasuredbythe probabilityof athreat, the vulnerabilityof the assettothatthreat,and the impact itwould have if it occurred. Role A setof responsibilities,activities,andauthoritiesassignedtoa person or team.A role isdefinedinaprocessor function.One personor teammay have multiple roles.Forexample,asingle personmaycarry outthe role of configurationmanagerandchange manager. Root Cause The underlyingororiginal cause of anincident orproblem. Root Cause Analysis RCA An activitythatidentifiesthe rootcause of an incidentorproblem. Root cause analysistypicallyconcentratesonITinfrastructure failures. Service A meansof deliveringvalue tocustomersbyfacilitatingthe outcomescustomerswanttoachieve withoutthe ownershipof specificcostsandrisks. Service Desk The single pointof contact betweenthe service providerandthe users.A typical service deskmanagesincidentsandservice requests, and alsohandlescommunicationwiththe users. Service Level Measuredand reportedachievementagainstone ormore service level requirements. Service Level Agreement SLA An agreementbetweenanITservice providerandacustomer.A service levelagreementdescribesthe ITservice; documentsservice level requirements,andspecify the responsibilitiesof the ITservice providerandthe customer. Service Management A service-orientedapproachtomanage applications,infrastructure, and processes. Service Manages the lifecycleof one ormore IT services, providesleadership
  • 90.
    Process Guide Page90 of 120 Term Acronym Definition Manager by developingBusinessCases,product linestrategiesandschedules, performsservice cost managementactivities,andmanagesvarious and perhapsconflictingobjectives. Service Request A formal requestfromauser forsomethingtobe provided,for example,arequestforinformationoradvice;toreseta password;or to install aworkstationfora new user. Software License Entitlements Definingthe people ormachinestowhichaspecificpurchased software licenseisassigned.Assetmanagersallocate alicense to entitle auseror machine touse the license Stakeholder A personwhohasan interestinanorganization,project,orIT service.Stakeholdersmaybe interestedinthe activities, resources, or deliverables.Stakeholdersmayincludecustomers,partners, employees,shareholders,owners,orothers. User A personwhousesthe IT service ona day-to-daybasis.Usersare distinctfromcustomers,assome customersdonot use the IT service directly. Workaround Reducingoreliminatingthe impactof an incidentorproblemfor whicha full resolutionisnotyetavailable,forexample,by restarting a failedconfigurationitem.Workaroundsforproblemsare documentedinknownerrorrecords.Workaroundsforincidentsthat do nothave associatedproblemrecordsare documentedinthe incidentrecord.
  • 91.
    Process Guide Page91 of 120 Appendix C: ISO/IEC 19770-2 Software Asset Tagging Adobe wasthe firstmajorsoftware publisherthathasimplementedasoftware identificationtag. Adobe implementeditssoftware tagpriortothe finalizationof the ISO/IEC19770-2 standard,and therefore does not conformto it.However,Adobe'staggingdoesprovide the abilityfororganizationstoaccurately identifyinstalledAdobe software.Adobe introduceditssoftware taggingwiththe CS4productline. Advocates for software tagging Adobe,CA,Microsoft,ModusLink, Symantec,EMC,IBM Software Publishers and Software Microsoft- Basic tags(Product,Version,Tag Creator,Publisher,Licensor,UniqueID,EntitlementRequired)  Win8, WinServer2012  Office 2013, SQL Server2012, Visual Studio2012  Lookingat addingpatchesforoldersupported/active software Symantec- Certified tags(everything thing in basic tag but is normalized,consistent,digitally signed,and used acrossany toolsand any organization and any reporting systems. Also includessecurity requirements - manifestforinstall files and runtimefiles)  Enterprise tools - Control Compliancesuite,EndpointProtection,Netbackup,OpsCenter,etc. Adobe - Non-normalized tags(Adobeimplemented itssoftwaretag priorto the finalization of theISO/IEC 19770-2 standard and thereforedoesnotconformto it)  Creative suite productsfromCS4 AnypublishersusingInstallShield2012 install scripts - varies Physical Platforms supported Windows,Macintosh,Linux,andUnix Who is using the ISO/IEC 19770-2 standard? TagVault.org- http://tagvault.org/ - TagVault.orgisthe registrationauthorityforinternationalstandard ISO/IEC19770-2 software identificationtags(SWIDtags). WG21/TG 21 - http://www.19770.org/ - WorkingGroup(WG) 21 is the ISOworkinggroupresponsiblefor SAMstandardsdevelopment. Technical Group(TG) 21 isa mirrorof WG 21 and is part of the US standardsreviewandcreationorganization DMTF - http://dmtf.org/ - DesktopManagementTaskForce (DMTF) enableseffective managementof IT environments.The organizationiscomprisedof industry-leadingmembercompaniesthatcollaborate on the development,validationandpromotionof infrastructure managementstandards.
  • 92.
    Process Guide Page92 of 120 Appendix D: Asset Management Process Overview The following Process Overviews are provided as best practice baselines for general IT Asset Management processes in line with ITIL’s view of IT Asset Service Management. 1 Asset Management Process Activity Overview (Best Practice Level Stack)
  • 93.
    Process Guide Page93 of 120 2 Asset Management Planning and Design (Best Practice Level Stack)
  • 94.
    Process Guide Page94 of 120 3 Procure Asset Activity (Best Practice Level Stack)
  • 95.
  • 96.
    Process Guide Page96 of 120 4 Receive Asset Activity (Best Practice Level Stack)
  • 97.
    Process Guide Page97 of 120 5 Manage Asset Activity (Best Practice Level Stack)
  • 98.
    Process Guide Page98 of 120 6 Dispose Asset Activity (Best Practice Level Stack)
  • 99.
    Process Guide Page99 of 120 Appendix E: Roles Associated with ServiceNow Implementations The following is a guide to the various roles and responsibilities commonly used during the implementation of ServiceNow. These are only meant as a guide and not as an absolute. 1 Customer Resources The following are details related to customer resources: Customer Resources Responsibilities PROJECTSPONSOR Senior Manager who has overall responsibility for the project success.The Project Sponsor sets the vision. SENIOR STAKEHOLDERS Executive Management who take partin Steering Committee meetings and provide adviceto the project team. PROJECTMANAGER Individual responsiblefor all projectmanagement activities including communicatingprogress and mitigatingissues and risks.This person is also thekey point of contactfor Customer project team, and coordinates with the ServiceNow Engagement Manager. On average, the Project Manager dedicates between 40% and 75% of their time to the project. PROCESS OWNERS Individualswho have decision-makingauthority for process definition and tool requirements definition and approval for each of the processes implemented within the ServiceNow product. On average the time commitment of the Process Owners varies between 10% and 25% of their time for the duration of the project. TECHNICAL RESOURCES Customer will supply required technical resource(s) with ITIL, web services xml and JavaScriptexpertiseto accommodate the scope of the Project and to supportthe configuration of any in-scopeintegrations,includingbutnot limited to the following:  Role: Active directory administrator,Activities:Assistancewith LDAP integration  Role: Email administrator,Activities:Assistancewith in-bound / outbound email configuration  Role: Network engineer, Activities:Assistancewith firewall and network configuration"  Role: Server hostingadministrator,Activities:Assistancewith Mid Server configuration  Role DB/System Administrator/Owner,Activities:SME Assistancewith each of the required data sources outlined in Section 2 - Integration Scope  Role: Integration architects,Activities Resource(s) with ITIL and JavaScript expertise to accommodate the scope of servicepurchased and to provide supportfor the agreed integration with Web Services and XML experience.
  • 100.
    Process Guide Page100 of 120 The Technical resources areresponsiblefor the completion of integrations (Consume/Publish) from the 3rd party tools with guidanceprovided by ServiceNow’s Architect and/or Integration Consultant(s). On average the time commitment of the Technical Resources varies between 25% and 40% of their time for the duration of the project. SYSTEM ADMINISTRATOR Customer will supply certified ServiceNow system administrators to accommodate the scope of the Projectand to take an active rolein supportingServiceNow in the configuration of the ServiceNow tool with guidance provided by ServiceNow’s Architect and/or Sr. Consultant(s). On average the time commitment of the System Administrators varies between 75% and 100% of their time for the duration of the project. 2 ServiceNow Resources The following are details related to ServiceNow resources: ServiceNow Resources Responsibilities PRACTICE MANAGER The ServiceNow Executive Sponsor (PracticeManager) will providesupportfor the Engagement Manager, assistwith major issues/escalations,remove obstacles, participatein planningthe scope, assess any scopechanges, review major deliverables,and participatein the project gate reviews and steering committee events. The ServiceNow Executive sponsor will work with the Customer Executive Sponsor and Project team to govern overall projectrisk,recommend opportunities to optimize cost/benefits and focus on the realization of benefits for the overall project. ENGAGEMENT MANAGER ServiceNow Engagement Manager will facilitateprojectplanning,provide implementation expertise, confirmthe Statement Of Work is being adhered to, allocateappropriateresources fromServiceNow, manage escalations,and actas a singlepointof contact for the duration of the Project. The ServiceNow engagement manager will facilitateatminimum a weekly status or update call to ensure the Project is progressingappropriately. TECHNICAL CONSULTANTS ServiceNow will providetechnical consultant(s) to help with application configuration and assistwith knowledge transfer to Customer resource(s). INTEGRATION EXPERT ServiceNow will providean integration expert to assistwith integrations defined above. BUSINESS PROCESS CONSULTANT The business process consultantwill driveprocess definition,re-engineering, improvement and gap analysisof current and future processes together with Customer process owners, key Customer sponsors and stakeholders.
  • 101.
    Process Guide Page101 of 120 Appendix F: Configuration Management Process Overview The concepts described in this guide are aligned with ITIL 2011 and may reference capabilities that are dependentuponotherServiceNow applications.These referenceswill be notedby blueitalicized font. This document assumes that the ServiceNow Discovery product is available and that the Enterprise CMDB plugin has beenactivated. 1.1 Overview A process is defined as a set of linked activities that transform specified inputs into specified outputs, aimed at accomplishing an agreed-upon objective in a measurable manner. The configuration management process definition laid out in this document further breaks down these activities into actions and the role(s) responsible fortheirexecution. This document also describes how ServiceNow supports the configuration management process to identify, record, audit and verify assets and configuration items including their versions, baselines, components,attributesandrelationships. There are strong inter-process relationships between configuration management and the other IT service management processes. Configuration management and the CMDB are the foundation to integrated ITSM processes, and should be considered at the very beginning of any IT service management transformationeffort. 1.2 Process Description A configuration item (CI) is any component or other service asset that needs to be managed in order to provide an IT service. Information about each CI is stored in a configuration record within the configuration management database (CMDB). The configuration management process is responsible for managingthe life cycle of all configurationitemsandtheirrelationshipswithone another. 1.3 Process Goal The primary goal of the configuration management process is to support efficient and effective service management processes by providing accurate information about configuration items. This enables users of that information to make better decisions, and more effectively support the objectives and requirementsof the business. 1.4 Process Objectives The objectivesof the configurationmanagementprocessare to:  Ensure that IT managedassetsare identified,controlledandproperlycaredthroughouttheir lifecycle.  Identify,control,record,report,auditandverifyservicesandotherCIs,includingversions, baselines,constituentcomponents,theirattributesandrelationships.
  • 102.
    Process Guide Page102 of 120  Accountfor, manage andprotect the integrityof CIs,throughthe service lifecycle byworkingwith change managementtoensure thatonlyauthorizedcomponentsare usedandonlyauthorized changesare made.  Ensure the integrityof CIsand configurationsrequiredtocontrol the servicesbyestablishingand maintaininganaccurate and complete CMDB.  Maintainaccurate configurationinformationonthe historical,plannedandcurrentstate of servicesandCIs.  Supportefficientandeffectiveservicemanagementprocessesbyprovidingaccurate configuration informationfordecision-makingpurposes. 1.5 Relationship with Other Processes Process Relation Description Input Output Incident Management The CMDB containsdetailsof the infrastructure vital to efficientincidentclassification,initial support,investigation and diagnosis. X WhenCI recordsare identifiedasinaccurate,incidentrecords are createdandassignedtoconfiguration managementfor correction. X Problem Management CI detailsandrelationshipinformationaidsinrootcause analysis,impactevaluation,andsolutiondevelopment. X Problemrecordsare linkedtorelevantCIrecord(s). X Change Management The CMDB provides change management with the necessary information for the assessment of the risk and impact of proposedchanges. X New,changedordisposedconfigurationitems. Change managementensuresthatthe informationrelatedto impactedCIsisupdatedproperlyfollowingthe implementationof achange. X
  • 103.
    Process Guide Page103 of 120 1.6 Principles and Basic Concepts Policies Configuration management policies are needed to establish the objectives, scope and principles that govern the process and should be considered with the change management and release and deployment managementpoliciesbecause theyare socloselyrelated. Configuration Management policies will be very dependent upon the organization’s business drivers, contractual requirements, and on compliance to applicable laws, regulations and standards. Areas that are typicallyaddressedbypoliciesare:  The need to comply with governance requirements, such as Sarbanes-Oxley, ISO/IEC 20000, or COBIT  The need to deliver the capability, resources and warranties as defined by service level agreements and contracts.  The level of control andrequirementsneededfortraceabilityandauditability.  The requirement to maintain adequate configuration information for internal and external stakeholders.  Level of automationtoreduce errorsand costs. Security Considerations Data securityisa crucial aspectof configurationmanagementandthe CMDB. In additiontobeing effective,securitycontrolsshouldbe easilymaintainedandscalable. The ServiceNow platformprovidesa numberof methodsforsecuringdataincludinguser accesscontrol listrules,datapolicies,contextual security,anddomainseparation. See SecurityBestPractices inthe ServiceNow Wikiforadetailed descriptionof the variousdatasecurityfeaturesavailable tosupportthe configurationmanagement process. Process Roles Each role is assigned to perform specific tasks within the process. Within a specific process, there can be more than one individual associated with a specific role. Additionally, a single individual can assume more than one role within the process although typically not at the same time. Depending on the structure and maturityof a process,all rolesdescribedmaynotexistineveryorganization. The followingdescribesthe typical rolesdefinedforserviceassetandconfigurationmanagement. Role Description Process Owner A Senior Manager with the ability and authority to ensure the process is rolled outand used by the entire IT organization. Responsible and Accountable for:
  • 104.
    Process Guide Page104 of 120  Definingthe overall mission of the process.  Establishingand communicatingthe process mission,goals and objectives to all stakeholders.  Resolvingany cross-functional (departmental) issues.  Ensuringconsistentexecution of the process across theorganization.  Reporting on the effectiveness of the process to senior management.  Initiatingany process improvement initiatives. Configuration Manager Responsible for:  Managingthe day-to-day activities of the process.  Gathering and reporting on process metrics.  Trackingcomplianceto the process.  Agreeing and definingthe serviceassets thatwill be treated as configuration items.  Definingthe structure of the configuration management system, includingCI types, namingconventions, attributes and relationships.  Ensuringthe integrity of the configuration management system, includingthe CI data model and relationships.  Definingand coordinatingConfiguration Analystactivities and responsibilities.  Planningand managingsupportfor Configuration Management tools and processes. Configuration Analyst This rolesupports (and takes direction from) the Configuration Manager as the primary ‘representative’ for a specific CI category. Responsible for:  Contributes to definingthe structure of the configuration management system, includingCI types,naming conventions,required and optional attributes and relationships.  Records and maintains CIs (within scope) in the CMDB.  Trainingstaff in configuration management principles,processes and procedures.  Performing configuration audits. CI Owner The CI Owner is responsiblefor the supporting,maintaining,controllingand updatingof a specific CI or CIs.The CI owner is accountablefor all activities thatdirectly affectthe actual CI. This roleis also responsiblefor all ITSMprocess activities associated with the maintenance and support of the CI. Stakeholder All persons who have an interest in the information contained in the CMDB. Stakeholders may includeemployees, customers, partners, CI owners, and others. Change Management  Ensure that a change request is used for any change to an existingCI attribute or when a CI is added to the CMDB.  Ensure that information in Requests for Change (RFC) are accurate.  MatchingRFCs againstaffected CIs.  Validatingall scheduled changes occur.
  • 105.
    Process Guide Page105 of 120  Notifying configuration management that changes are complete. RACI Matrix Rolesandresponsibilitiesare assignedtospecificprocessactivities. ID Activities ChangeManagement CIOwner Stakeholders ConfigurationAnalyst ConfigurationManager ProcessOwner CFG Process Planning and Design CFG P.1 Produce Configuration Management Plan C C R A/R CFG P.2 Define CMDB Structure C C R A/R CFG P.4 Determine CI Selection Guidelines C C R A/R CFG P.3 Populate CMDB C A/R CFG P.4 Perform Initial Audit C R A/R C CFG P.5 BaselineCMDB I I A/R I CFG 1.0 Configuration Identification CFG 1.1 Evaluate New CI Type to be Created C R A/R CFG 1.2 Assign Unique Identifier R A/R CFG 1.3 Specify Relevant Attributes C R A/R CFG 1.4 Specify AppropriateRelationship(s) C R A/R CFG 1.5 Publish New CI Type I R A/R I CFG 2.0 Configuration Control CFG 2.1 ValidateUpdate Request C A/R CFG 2.2 ValidateCI Attributes I A/R CFG 2.3 Review Invalid Attributes A/R C CFG 2.4 Update CMDB I A/R CFG 3.0 Status Accounting and Reporting CFG 3.1 Authorize or Reject Report Request I R A/R CFG 3.2 Create or Update Configuration Management Report R A/R CFG 3.3 Generate Configuration Management Report R A/R CFG 3.4 DistributeConfiguration Management Report I R A/R CFG 4.0 Verification and Audit CFG 4.1 Approve Verification & Audit Request A/R CFG 4.2 Execute Audit A/R C CFG 4.3 Reconcilewith CMDB A/R CFG 4.4 Determine Corrective Action A/R I CFG 4.5 InitiateCorrectiveCMDB Action A/R CFG 4.6 Execute Corrective Action I A/R R: Responsible, A: Accountable C: Consulted, I: Informed
  • 106.
  • 107.
    Process Guide Configuration ManagementActivity Description 1.7 Process Overview Figure 1: Process Overview
  • 108.
    Process Guide Process OverviewActivity Description ID Activity Description CFG P Process Planning and Design The configuration management team and key stakeholders decide what level of configuration management is required to support the services delivered by the organization and how this level will be achieved and document this in a configuration management plan. While this activity is usually performed once (when the process is first being implemented), it is good practice to periodically review the configuration management plan to ensure that the process remains relevant to the support needs of the organization. CFG 1.0 Configuration Identification This activity determines the scope and criteria of CIs to be included in the CMDB. This includes the modeling of the infrastructure to determine what CIs will look like and how they are related to each other. It also includes establishing naming conventions, enterprise taxonomy and CI selection criteria. CFG 2.0 Configuration Control Configuration control is the activity responsible for ensuring that only authorized and identifiable CIs are in the infrastructure and that there is a corresponding accurate and complete CI record representing the CI in the CMDB. Updates to the CMDB are governed by Configuration Control activities. Unauthorized changes are forwarded to change management for instructions on how to proceed. Discrepancies and errors in the CI configuration are forwarded to the CI Owner for resolution. CFG 3.0 Status Accounting and Reporting This is the production of reports on the current, past and future status of the infrastructureand the CIs under the control of configuration management. CFG 4.0 Verification & Audit This activity involves the review and verification of the physical existence of CIs to check that they are correctly recorded in the CMDB. When discrepancies are found, configuration management consults change management for instructions on what corrective action to execute. There are two possible actions, update the CMDB to reflect what is actually in theinfrastructureor change the CI to match the CMDB. CFG C Continuous Service Improvement Ongoing activities to regularly measureand monitor the efficiency and effectiveness of the process and identify, plan and implement improvements.
  • 109.
    Process Guide 1.8 ProcessPlanning and Design Figure 2: Process Planning and Design In order for configuration Management to reflect enterprise goals and objectives, it is important that a set of stakeholders be identified from a representative cross section of the organization. This stakeholder group should include members with both a good appreciation for the business needs, as well as some knowledge of the technical aspects of managing the configurations of the IT infrastructure. Process Planning and Design Activity Description ID Tasks Description CFG P.1 Produce Configuration Management Plan A configuration management plan will be unique to each organization and is based on the level of detail needed to support the services it provides. Following is an example of content that can be included in a configuration management plan: Scope  Applicableservices  Environments and infrastructure  Geographical locations Requirements  Link to policy,strategy  Link to business,servicemanagement and contractual requirements  Summarize requirements for accountability,traceability,auditability Policies
  • 110.
    Process Guide  Industrystandards,e.g. ISO/IEC 20000  Internal standards,e.g. hardwarestandards,desktop standards Organization  Roles and responsibilities  Change advisory board  Authorization for establishingbaseline,changes and releases Processes and Procedures  Configuration identification  Version management  Establishmentand maintenance of configuration baselines  Procurement and retirement of CIs  Reference implementation plan (data migration and loading, training and knowledge transfer, etc.)  Relationships and interfaces with other processes and groups (fixed asset management, projects, suppliers and sub-contractors,etc.)  Baselineand auditcriteria and procedures CIs  Naming Conventions  Categorization  Attributes  Relationships CFG P.2 Define CMDB Structure  Defining the CMDB structure is a key activity that contributes in making the CMDB a powerful decision support tool. It is important that the appropriate level of CI information be properly defined and agreed upon by the various stakeholders in each organization. See Appendix C for a representation of the defined CMDB structure.  The CMDB structure will contain the various CI classes and their relationship to one another in the delivery of a service. These relationships are used within ServiceNow to create Business Service Management (BSM) maps that can be used to analyze the impact of a change or an incident, evaluate the risk associated to a proposed change, and to build a logical model of the infrastructure. See Figure 3 below for an example of a BSM map. Also see Defining CI Relationships in the ServiceNow Wiki for a recommended approach to definingCI relationships. CFG P.3 Determine CI Selection Guidelines The selection of CIs and level to which they are defined and controlled are very important decisions to be made in the design of the CMDB. CIs can be selected by applying a top- down approach, considering whether it is sensible to break down a CI into component CIs or not. Configuration information that is collected at too granular a level, or in too much detail, may cost more to collect and maintain that the value it provides. CI information is valuable only if it facilitates the management of change, the control of incidents and problems, or the control of assets that can be independently moved, copied or changed. CFG P.4 Populate CMDB  This activity involves the creation of CI records in the CMDB for each CI that has previously been identified as part of the initial CMDB build. Consult the following ServiceNow Wiki articles to evaluatethe different ways for importingdata in the CMDB:  Getting Started with Agentless Discovery in the ServiceNow Wiki describes how the Discovery plugin can collect information on network-connected hardware, the different applications and software that runs on that hardware and the relationshipsbetween all of the items found.  Importing Data Using Import Sets in the ServiceNow Wiki provides information on how to integrate data with existingexternal CMDBs or by simply usinga CSV file.
  • 111.
    Process Guide CFG P.5 Perform Initial Audit Toensure the accuracy of the imported data in the CMDB, perform an initial auditbased on samplingcriteriaas outlined in theconfiguration management plan. Examples of samplingcriteria could be:  A predefined percentage of each CI category and their attributes to be captured  Only certain CI types or classes  Integrity of the relationshipsbetween CIs related to predefined service(s) The results of the auditshould be compiled and a report on the accuracy of the initial CMDB data should be submitted to all identified stakeholders for review. CFG P.6 Baseline CMDB To facilitatethe trackingof the different changes that will bemade in the CMDB, itis recommended that a baselineof the audited CIs be made before moving the initial data into the ‘production’instance. Consultthe BaselineCMDB articlein the ServiceNow Wiki for more details and instructions.
  • 112.
    Process Guide Figure 3:Business Service Management Map example
  • 113.
    Process Guide 1.9 ConfigurationIdentification Figure 4: Configuration Identification Configuration Identification Activity Description ID Tasks Procedure Primary Role Input Output CFG 1.1 Create New CI Evaluate the request and determine the new CI type to be created based on the CI selection guidelines documented in the configuration management plan. Configuration Manager/ Coordinator Change request Configuration management plan New CI type identified CFG 1.2 Assign Unique Identifier  Assign a unique identifier to the new CI type identified. Configuration Manager/ Coordinator New CI type identified New CI type with assigned unique identifier
  • 114.
    Process Guide ID TasksProcedure Primary Role Input Output CFG 1.3  Specify Relevant Attributes Identify the necessary attributes for the new CI type. Consultthe Reference Fields articlein the ServiceNow Wiki for more information on creatingreference fields on a table record. Configuration Manager/ Coordinator New CI type with assigned unique identifier Defined attributes for new CI type CFG 1.4 Specify Appropriate Relationships Specify the appropriate relationshipsrequired for the new CI type. Configuration Manager/ Coordinator Defined attributes for new CI type New CI type associated with appropriate relationships CFG 1.5 Publish New CI Type Publish thenew CI type in the production CMDB. Configuration Manager/ Coordinator New CI type associated with appropriate relationships New CI type published
  • 115.
    Process Guide 1.10 ConfigurationControl Figure 5: Configuration Control Configuration Control Activity Description ID Tasks Procedure Primary Role Input Output CFG 2.1 Validate Update Request The configuration manager receives a request to enter a new CI record or update an existingCI record. Authorized requests are prioritized and forwarded to a configuration management analystfor further processing. Rejected requests are returned to the requestor with an explanation of the rejection. In the caseof new CIs identified by Discovery,verify that an authorized request exists to justify the presence of the discovered CIs. Configuration Manager Assigned task from a request for change (RFC) New CI identified by Discovery Valid request ready to be processed Or Rejected request CFG Validate CI For new CI requests, validate Configuration Valid request ready New CI
  • 116.
    Process Guide ID TasksProcedure Primary Role Input Output 2.2 Attributes that the proposed CI attributes meet the requirements of configuration management as defined in the configuration management plan. If all the proposed CI attributes meet the criteria,the request is approved for updatingthe CMDB. For CI attributes that fail to meet the configuration management plan criteria,rejectthe request and inform the CI owner with proper instructions. Analyst to be processed ready to be created in the CMDB Or CI with invalid attributes identified CFG 2.3 Review Invalid Attributes  Review the submitted instructions for definingproper CI attributes and submit a new request. CI Owner CI with invalid attributes identified Revised attributes CFG 2.4 Update CMDB  Publish thevalid and authorized CI data into the CMDB. New CI ready to be created in the CMDB New CI published in the CMDB 1.11 Status Accounting and Reporting Figure 6: Status Accounting and Reporting Status Accounting and Reporting Activity Description ID Tasks Procedure Primary Role Input Output CFG 3.1 Authorize or Reject Report Request Review the submitted report request and validateif the request is for an existingreport or gauge. Requester New configuration management report request Valid or invalid report request CFG 3.2 Create or Update Configuration Management Report For valid requests,create new configuration report or gauge as requested. Configuration Manager/ Coordinator Valid report request New configuration management
  • 117.
    Process Guide ID TasksProcedure Primary Role Input Output See the CreatingReport ServiceNow Wiki article for more information and detailed procedures. report or gauge CFG 3.3 Publish Configuration Management Report  Publish thecreated report or gauge and send the provided link to the requester. Configuration Manager/ Coordinator New configuration management report or gauge Published report or gauge accessibleby requester 1.12 Verification and Audit Figure 7: Verification and Audit Verification and Audit Activity Description ID Tasks Procedure Primary Role Input Output CFG 4.1 Authorize or Reject Verification Request A request for verification & audit is reviewed and approved or rejected by the Configuration Manager. Rejected requests are returned to the requester with an explanation. Configuration Manager Request for verification & audit Authorized verification & audit request Or Rejection
  • 118.
    Process Guide ID TasksProcedure Primary Role Input Output information sent to requester CFG 4.2 Execute Audit Depending on the scope of the verification or auditrequest, the Configuration Analystperforms an auditvia physical inspection or Discovery. ServiceNow also employs several mechanisms by which data in the CMDB may be certified. See Appendix D for a discussion of these techniques. Configuration Analyst Authorized verification & auditrequest Documented results from verification & audit CFG 4.3 Reconcile with CMDB  Review the compiled results from the auditand compare with CI record information found in the production CMDB. Configuration Analyst Documented results from verification & audit Reconciliation with production CMDB results CFG 4.4  Determine Corrective Action  If discrepancies existbetween the information contained in the CMDB and the actual CI(s),there are two possibleactions to take:  Update the CMDB to reflect what was verified in the infrastructure  Change the CI to match the information in the CMDB The task of correction is passed to the CI Owner. Configuration Analyst Reconciliation with production CMDB results CMDB information to be corrected Or CI to be modified to reflect information in CMDB CFG 4.5  Initiate Corrective CMDB Action  Update the CMDB so that the CI record matches the ‘as is’CI configuration in the infrastructure. Configuration Analyst CMDB information to be corrected Corrected CMDB discrepancies CFG 4.6  Execute Corrective Action  Change the configuration of the actual CI so that it matches the CMDB CI record. CI Owner CI to be modified to reflect information in CMDB CI matching information in CMDB CI record Process Control Process controls are the policies and principles that provide direction over the operation of processes and define constraintsorboundarieswithinwhichthe processmustoperate. Name Description Audits The frequency of configuration audits
  • 119.
    Process Guide Name Description Policies Policiesand criteria for the inclusion of a component and its attributes in the CMS. Security Policies Security policiesgoverningaccess to the CMS. Data Exchange Policies Policy and criteria for the exchange of data between the CMDB and other configuration management repositories. Scope The scope of the configuration management process.Includes identification of what is included in and what is excluded from the Configuration Management process. Change Management Policies Change Management Policies and procedures. Management Reports The frequency and distribution for regularly produced management reports. DatabaseBackups Frequency of CMS, CMDB and DSL housekeeping activities (i.e.,backup,archive) Systems Management Architecture The architectureprovidingdirection on how Systems Management tools and processes areto be selected, designed and integrated 1.13 KPIs KPIsare bestrepresentedastrendlinesandtrackedovertime. Theyprovide informationonthe effectiveness of the processandthe impactof continuousimprovementefforts. KPI/Metric Purpose Quality and accuracy of configuration information Measure of how well an accurateand complete configuration management system is established and maintained. Increasein re-use and redistribution of under- utilized resources and assets Accounting for, managingand protecting the integrity of CIs throughout the servicelifecycle Reduced number of exceptions reported during configuration audits Accounting for, managingand protecting the integrity of CIs throughout the servicelifecycle Number of RFCs without correspondingCI updated in CMDB Measure of how well an accurateand complete configuration management system is established and maintained. 1.14 Reports & Homepage Gauges There are numerous default reports available in ServiceNow that can be used to generate charts, publish to a URL, or schedule to be run and distributed at regular intervals. Users can also create custom reports. See CreatingReports inthe Wiki formore detail onthiscapability. In addition to reports, each user can create a personal homepage and add gauges containing up-to-the-minute information about the current status of records that exist in ServiceNow tables. See Customizing Homepages inthe Wiki fordetails.
  • 120.
    Process Guide Appendix G:Data Certification and Verification There are multipleapproachesthatcanbe takentohelpensure thatdata inthe CMDB is accurate. These methodscanbe appliedtodatamanagedby Discovery,if internalcontrolsrequire it,butare usuallyappliedto undiscoverable datasuchas special relationships,CIownership,oranyotherpeople-relatedinformation.  Data Certification - Datacertificationmanagesscheduledandon-demandvalidationsof CIdatathat has beenaddedtothe CMDB by the ServiceNow Discoverytool,byimportingfromthird-partytools,or manually.Forregulatoryorprocedural reasons,informationinthe CMDBneedstobe checkedforaccuracy and certified.The personorteamresponsibleforcertificationcandefinewhatinformationshouldbe verifiedaswell asthe verificationschedule.The schedulethengeneratesachecklistof tasksforverifying the data. Individualsassignedtocertificationtasksansweraseriesof questionstoverifythe data. For example,acertificationcanbe setup to validate keyinformationfields,suchas OperatingSystem andCPU Count,on all WindowsserverslocatedinChicagoandassignthe taskstothe appropriate teammember automatically. Data Certificationmanagesthe tasksassignedtospecificindividualswhoare responsible forphysically verifyingthe datainquestion. Datacertificationcanalsobe performedagainstspecificfieldsonnon-CMDB CI tables.  Compliance - Complianceisasetof toolsthat enable administratorstocertifyServiceNow dataforvalidity and correct anydiscrepanciesfound.Compliance offers theseoptionstosuitan organization’ssizeand requirements: o DesiredState – Thisapplicationconductsscheduledoron-demandauditsof CMDBdata to determine whichconfigurationitems(CI) matchadesiredstate.The certificationprocesscan meancheckingserverstoensure thattheirphysical resources,suchasCPUspeedor memory, complywithcertainstandards,orensuringthatall critical businessserviceshave amanager, supportgroup,and approval group. The administratorresponsibleforcompliance creates template definitionsof desiredstatesandthenschedulesanaudittocheck CIsagainstthe definition.The auditresultsidentifyCIsthatpasscertificationanditemize the discrepanciesof those that fail.ServiceNow thenautomaticallygeneratesfollow-ontaskstotrack the process of adjustingthe CIstothe desiredstate. o Architecture Compliance –Thisapplicationmanagesscheduledoron-demandreviewsof CMDB data to determinewhichCIsmatchexpectedattributes.The compliance auditscheck serverstoensure thattheirphysical resources,suchasCPU speedormemory,complywith certainstandards. The administratorresponsibleforcompliance createstemplatedefinitionsof expected attributesandthenschedulesanaudittocheckCIs for compliance.The auditresultsidentify CIs thatpass certificationanditemize the discrepanciesof those thatfail.ServiceNow automaticallygeneratesandassignsfollow-ontaskstotrackthe processof gettingthe CIs back intocompliance.