SACM Workshop Best Practice and Road Map Implementation Process Guide - PL Corp Dec 2015

SERVICE, ASSET & CONFIGURATION WORKSHOP GUIDEFOR

PROTECTIVE LIFE PL CORPORATION

VERSION: 1.3

IT Asset Management

Revision History

Version Date of Issue Nature of Changes Author (s)

1.1 December 28, 2015 Initial Doc– Internal – PT (Linium) & DS (SN) Philip Tishberg - Linium1.2 January 15, 2016 Final Notes / Recommendations Completed Philip Tishberg - Linium1.3 January 15, 2016 Final Deliverable Content Dino Sammarco

SACM Process Guide v1.3 Page 2 of 120

IT Asset Management

Table of Contents

1 EXECUTIVE SUMMARY.....................................................................................................................61.1 Scope............................................................................................................................................................................... 61.2 Process Description.................................................................................................................................................. 61.3 Critical Findings........................................................................................................................................................ 61.4 Critical Recommendations.................................................................................................................................... 81.5 Next Steps..................................................................................................................................................................... 9

2 ASSET WORKSHOP OVERVIEW.......................................................................................................112.1 Scope............................................................................................................................................................................ 122.2 Process Description............................................................................................................................................... 122.3 Process Goal.............................................................................................................................................................. 132.4 Process Objectives.................................................................................................................................................. 142.5 Best Practice Relationship with other processes......................................................................................142.6 Best Practice Asset Management.................................................................................................................... 14

3 PROCESS ROLES.............................................................................................................................163.1 Best Practice RACI Matrix.................................................................................................................................. 183.2 Protective LifePL Process Roles........................................................................................................................ 19

4 ASSET MANAGEMENT LIFECYCLE PROCESS OVERVIEW...................................................................204.1 Best Practices – Asset Management Lifecycle Process Overview.......................................................204.2 Best Practices – Asset Management Lifecycle Process Overview (phases 1-4)............................204.3 Best Practices – Asset Management Lifecycle Process Overview (phases 5-7)............................244.4 Best Practices – Asset Management Lifecycle Process Overview (phases 8-10).........................274.5 Protective LifePL – Asset Management Lifecycle Processes / Business Use Cases.....................29

5 ASSET MANAGEMENT PROCESS GUIDE..........................................................................................305.1 Governance............................................................................................................................................................... 315.1.1 Policy Management........................................................................................................................................... 315.1.2 Processes................................................................................................................................................................ 325.2 Fulfillment................................................................................................................................................................. 375.3 Auditing...................................................................................................................................................................... 415.4 Active Asset Management................................................................................................................................... 455.5 Disposition................................................................................................................................................................. 495.6 IT Financial Management.................................................................................................................................. 52

6 SERVICENOW CONFIGURATION REQUIREMENTS...........................................................................586.1 ServiceNow Plugins............................................................................................................................................... 586.2 Model / Class (Product Catalog)...................................................................................................................... 586.3 Models......................................................................................................................................................................... 596.4 Asset Class.................................................................................................................................................................. 606.5 Configuration Item Class (Model Category)...............................................................................................606.6 Asset and Configuration Item Status............................................................................................................. 616.7 Asset States (install_status)............................................................................................................................... 616.8 CI Statuses (install_status)................................................................................................................................. 626.9 Asset & CI State/Status Synchronization..................................................................................................... 636.10 Naming Conventions & Data Normalization...........................................................................................636.11 Naming Conventions.......................................................................................................................................... 646.12 Data Normalization............................................................................................................................................ 64


IT Asset Management

6.13 Integrations............................................................................................................................................................ 656.14 MID Server.............................................................................................................................................................. 656.15 Web Services.......................................................................................................................................................... 65

7 SERVICENOW IMPLEMENTATION...................................................................................................677.1 Implementation Methodology.......................................................................................................................... 677.2 Protective LifePL Current Capability Summary........................................................................................707.3 Tier 0 Governance Capability............................................................................................................................ 707.4 Tier 1 Trustworthy Data..................................................................................................................................... 707.5 Tier 2 Practical Management........................................................................................................................... 717.6 Tier 3 Operational Integration......................................................................................................................... 717.7 Tier 4 Strategic Conformance........................................................................................................................... 727.8 Implementation Roadmap................................................................................................................................. 737.9 Roadmap Overview................................................................................................................................................ 737.10 Process Roadmap................................................................................................................................................. 737.11 Technology Roadmap........................................................................................................................................ 74

APPENDIX A: DOCUMENT CONVENTIONS...........................................................................................84

APPENDIX B: GLOSSARY OF TERMS AND ACRONYMS.........................................................................85

APPENDIX C: ISO/IEC 19770-2 SOFTWARE ASSET TAGGING................................................................91

APPENDIX D: ASSET MANAGEMENT PROCESS OVERVIEW..................................................................921 ASSET MANAGEMENT PROCESS ACTIVITY OVERVIEW (BEST PRACTICE LEVEL STACK).....................................922 ASSET MANAGEMENT PLANNING AND DESIGN (BEST PRACTICE LEVEL STACK)..................................................933 PROCURE ASSET ACTIVITY (BEST PRACTICE LEVEL STACK).....................................................................................944 RECEIVE ASSET ACTIVITY (BEST PRACTICE LEVEL STACK)......................................................................................965 MANAGE ASSET ACTIVITY (BEST PRACTICE LEVEL STACK)......................................................................................976 DISPOSE ASSET ACTIVITY (BEST PRACTICE LEVEL STACK).......................................................................................98

APPENDIX E: ROLES ASSOCIATED WITH SERVICENOW IMPLEMENTATIONS........................................991 CUSTOMER RESOURCES..................................................................................................................................................... 992 SERVICENOW RESOURCES..............................................................................................................................................100

APPENDIX F: CONFIGURATION MANAGEMENT PROCESS OVERVIEW................................................1011.1 OVERVIEW.................................................................................................................................................................. 1011.2 PROCESS DESCRIPTION............................................................................................................................................ 1011.3 PROCESS GOAL...........................................................................................................................................................1011.4 PROCESS OBJECTIVES............................................................................................................................................... 1011.5 RELATIONSHIP WITH OTHER PROCESSES.............................................................................................................1021.6 PRINCIPLES AND BASIC CONCEPTS........................................................................................................................1031.7 PROCESS OVERVIEW.................................................................................................................................................1071.8 PROCESS PLANNING AND DESIGN..........................................................................................................................109

Process Planning and Design Activity Description...........................................................................................1091.9 CONFIGURATION IDENTIFICATION.........................................................................................................................113

Configuration Identification Activity Description.............................................................................................1131.10 CONFIGURATION CONTROL...................................................................................................................................115

Configuration Control Activity Description.........................................................................................................1151.11 STATUS ACCOUNTING AND REPORTING.............................................................................................................116

Status Accounting and Reporting Activity Description..................................................................................1161.12 VERIFICATION AND AUDIT....................................................................................................................................117


IT Asset Management

Verification and Audit Activity Description.........................................................................................................1171.13 KPIS.......................................................................................................................................................................... 1191.14 REPORTS & HOMEPAGE GAUGES.........................................................................................................................119

APPENDIX G: DATA CERTIFICATION AND VERIFICATION....................................................................120


IT Asset Management

1 Executive Summary1.1 ScopeThe following Service Asset & Configuration Management (SACM) Guide was created in support of an Asset & Configuration Management Workshop between Protective LifePL Corporation and ServiceNow (SN). The results of the Asset & Configuration Management Workshop are provided within this report.

The Asset & Configuration Management Workshop (Service, Asset & Configuration Workshop) was held at Protective LifePL’s Corporate Headquarters in Birmingham, Alabama. Stakeholders from Protective LifePL were present to provide details related to Service Asset & Configuration Management within Protective LifePL.

1.2 Process DescriptionThis report identifies the facts discovered during onsite efforts with Protective LifePL and any follow-up efforts that may have occurred or planned for at the time of this document. These facts serve as baseline information that is used to both assess the current ITAM environment and recommend roadmap activities. Any details provided by Protective LifePL are both referenced and embedded within this document unless otherwise noted. ServiceNow recognizes the importance of IT Asset Management for mitigating risks, reducing costs, and optimizing services supported by technology. The ability to effectively perform IT Asset Management is based on several factors identified as the Asset Lifecycle. The ServiceNow IT Asset Management Methodology focuses on enabling efficient management of IT Assets based on industry standards and real-world experience. The following are summary elements that identify critical findings and recommended next steps.

1.3 Critical FindingsProtective LifePL is beginning a new effort related to IT Asset Management. This effort currently lacks the following elements for long-term success.

1. Protective currently does not have a single central repository of asset records across the company. Instead a variety of disconnected tracking tools are used to store segments of information: SCCM is relied on for asset discovery data. SCCM reports only discoverable attributes

of discoverable assets thereby missing cost and assignment information for all assets and missing the In Stock, In Maintenance, and Retired assets entirely

Protective has a “project allocation” method for their financial system that is used to track asset purchases, however these are not organized in a single easy to access data store, and are only tied to specific assets, especially those that are not capitalized

Spreadsheets are used to track pieces of information, however there are no whole asset records with inventory. The cost and contractual data is being tracked through the Finance/Procurement Group (Laura)


IT Asset Management

2. There is currently no policy-driven, end-to-end Asset Lifecycle Management process in place across the organization and asset types to manage and track assets from the time they are acquired to the time they are disposed. The front (beginning) of the Asset Lifecycle is better understood, managed and tracked. The predicament question of “Where is the asset?” after it arrives is what is underlining this Critical Finding. Specifically: Each IT Services team has their own set of procedures that they follow to complete

their tasks There are no documented process policies or procedures across Protective There is no process automation to enable efficient reportable process compliance There is no tracking of process updates to asset records, such as when and where it

was returned to stock

3. The third key observation is that there is currently no formal IT Asset & Configuration Management organization with defined roles and responsibilities and users and groups assigned to the roles. The IT Services teams perform designated services related to the assets they manage, however their guardianship over the asset record is not defined or documented. There is no formal program management office (PMO) for SACM There is no governance for SACM There are no documented roles and responsibilities for SACM There is no continuous end-to-end ALM process governing the complete asset

lifecycle - Procurement, Stockroom Management, Request Management, Move / Add / Change (MAC), Support, and Disposition

There are no targets or metrics to report their progress for asset management related tasks such as creating or updating asset records in a timely manner following an introduction or modification of an asset

There is no formal audit procedure in place to measure the accuracy of asset and configuration data

4. There is currently no real synergy between asset and configuration management and the business and IT services they support. ServiceNow is not being used yet as the CMDB with raw discovery data being relied

on referentially when evaluating incidents and planning upcoming changes No formal integration or synchronization of processes or data between the key

process areas of SACM – Financial, Contract, and Physical asset management No formal synchronicity at either the process or data level with the IT Services that

rely on trustworthy SACM data: Incident, Problem, Change, Release & Deployment, Disaster Readiness, Continuity and Availability management services

No comprehensive CMDB with consistent standard based configuration item records, attributes and relationships to support the IT services


IT Asset Management

[5.] There is currently no business services map identifying the Protective LifePL critical business services and the relationships of the IT assets and configuration items that support them. No CI relationships among CIs No ability to gauge impact of a proposed change based on CI relationships No ability to report total cost of ownership of assets at the Asset Level, It is there for

the business service level due to the Financial “Service Allocation Method” employed.

Protective LifePL current ITAM Capability Assessment score is 1.8 out of a total 4.0. This assessment is based on the International Standards Organization (ISO) tiered Asset Implementation recommendation. A score of less than 3.0 shows a need to focus on Governance and Trustworthy Data (See Section 7.2)

Tier / Activity ScoreTier 0 – Governance 0.4Tier 1 – Trustworthy Data 0.5Tier 2 – Practical Management 0.5Tier 3 – Operational Integration 0.5Tier 4 – Strategic Conformance 0.5

Total Capability Score (out of 4.0) 1.8

1.4 Critical Recommendations

Based on best practices from our customers and experts, the following critical recommendations have been made.

Protective LifePL has some pieces in place that will be needed for a successful SACM program. What is lacking is the stitching together of these pieces. The following key recommendations will form the basis of the Protective LifePL Foundational SACM framework.

R1. Establish a common data model for the use of asset and configuration item data elements in the ServiceNow platform

Foundational data including users, departments, entities, locations, and stockrooms

Model management data including vendors, models, and maintenance contracts Asset identification data including model, asset tag, and serial number Asset assignment data including assigned user, department, location, entity,

stockroom, host computer, cluster, rack, rack unit, and operating environment


IT Asset Management

R2. Establish a SACM organization of defined roles and responsibilities with data stewards assigned for each asset type

SACM Process Owner Hardware asset managers – Microsystems (Desktop, Unix, Virtual) & Other (e.g.,

Headsets) and IT Services Software asset managers – Microsystems and IT Services (same as above, esp.

figure out non-persistent DT tracking if the value is for license & is the only effected determinant for the data tracking)

Configuration manager SACM data analyst SACM tools administrator

R3. Establish a common end-to-end policy driven and metric monitored Asset Lifecycle Management (ALM) processes for all asset types and management scopes covered by Protective IT Services

Request fulfillment - Deployment Acquisition – Purchase tracking and Receive Mass moves – Departments, Data centers, etc. Reclaim / restock of unused assets Retirement and disposal of assets at end of life

R4. Establish the ServiceNow CMDB Define the data model – configuration items and attributes desired for the CMDB Configure SCCM to capture desired data elements Import the SCCM discovery data (Compare for cleaning against the BDNA data

for a more accurate inventory prior to migrating into Production for use) Update configuration items with non-discoverable attributes (Wyse Terminals?)

R5. Establish a Business Services Maps using ServiceWatch that can be used for impact analysis when managing incidents, changes, and unplanned events

Identify core services where continuity, availability, and capacity are key Identify the entry points to these services, such as a URL Let ServiceWatch build and update the Business Service Map

1.5 Next StepsAn implementation plan has been provided (See Section 7) that suggests a phased approach for SACM at Protective LifePL using ServiceNow. This phased implementation will need to include the time to build the requirements (stories) needed to begin a technical implementation of Phase 1.

It is recommended to focus on any Process recommendations while implementing the technical requirements.


IT Asset Management

ServiceNow is available to assist in any enablement and implementation efforts in support of Protective LifePL. The details of this report may be easily turned into an implementation Statement of Work upon your request.


IT Asset Management

2 ASSET WORKSHOP OVERVIEW

ServiceNow has assembled the following Service, Asset & Configuration Management (SACM) Workshop Guide that will assist Protective LifePL in optimizing the implementation and operation of IT Asset and Configuration Management within ServiceNow.

The guide includes a review of the existing processes, roles & responsibilities, best practice recommendations, and ongoing asset & configuration management guidance.

In addition to the SACM Process review, the Asset Management Workshop Guide provides an Action Plan for the implementation of IT Asset Management within ServiceNow. This action plan identifies Protective LifePL specific configuration requirements that can be used to build Stories for implementation. A roadmap is provided to assist Protective LifePL in the planning of activities related to initial and ongoing implementation of IT Asset Management within ServiceNow.

A Service, Asset & Configuration Workshop was held at Protective LifePL in Birmingham, Alabama during the week of December 16-17, 2015. ServiceNow representatives included

ROLE ATTENDEEEngagement Manager Dino Sammarco (SN)Process/Business Lead Philip Tishberg (Linium)Technical Consultant Roderick Godfrey (SN)

The following Protective LifePL representatives participated in the workshop.

ROLE / O R G A N I Z A T I O N ATTENDEERisk Analysis Ron W.Business Service Level Costing/Allocation Ken W.Network Analysis – Workflow Automation Jeff B.Network Analysis – Workflow Automation Ajay B.Quality and Process Management Gerry I.SACM Owner Chris B.Enterprise Architecture Jeremy P.ServiceNow Jon S./Eric R.ServiceNow & Billing Manager Kim P.Finance Laura T.Service Operations Steve M./Derek S.Facilities, Data Center Rich U./Sam P.Enterprise Messaging Joe S.

This document assumes that the Asset Management Workshop has been completed and that one or more of the Asset Management applications have been, or will be, activated. The


IT Asset Management

applications are as follows: Asset Management, Software Asset Management, and Contract Management. Protective LifePL also plans to test the Procurement module in parallel with use of their current procurement system for feasibility and use with the other components mentioned.

2.1 ScopeThe attendees shared at the beginning of the workshop some of the goals that they personally wanted to get out of the workshop and the future use for SACM in SN. In no particular order as above the following are the goals mentioned individually and collectively shown:

• Implementation project roadmap and scope• Maturing current asset processes• Hardware life cycle refresh• Impact of changes on configuration items, cascading up to business services• Data Analytics/BSM/BI/ITSM –Workflow automation • Vendor Management, Contract Management, Risk Analysis, Coordination with Business

Team• Desktop procurement• Inventory of server assets, physical, virtual, non-discoverable items• Single Source of record for IT assets• Leverage CMDB for monitoring• Life cycle management. Ability to coordinate Application owners for schedules &

maintenance window notifications• Lifecycle of desktop hardware• Maintenance renewals on hardware/software/license purchases• Making asset tracking, software compliance, and allocations simpler• Impact of changes throughout the ecosystem. Mapping assets all the way through

business process/service• Workflow automation. How do we leverage the tools we have to become more

efficient?• Business service level costing and allocation: “how much does it cost us to run

Application X?”• Risk Analysis, Coordination with Business Team

2.2 Process DescriptionThe enclosed process models are compliant with the concepts depicted in the ITIL framework. Additional elements related to industry best practices are offered in a manner to facilitate best-in-class performance related to IT Asset Management.

ITAM is the process responsible for tracking accurate and complete financial, contractual, and operational information about hardware and software assets. Asset Management is not Configuration Management.


IT Asset Management

Asset Management is one of the lifecycle processes in ITIL and is one of the foundations of IT Service Management.

2.3 Process GoalIT Asset Management (ITAM) is a core business discipline that integrates financial, contractual and inventory processes, controls and technologies, enabling strategic decision making for the IT environment.

ITAM business practices have a common set of goals: Uncover savings through process improvement and support for strategic

decision making Establish governance and control processes over hardware and software asset

inventory Reduce total cost of ownership (TCO) through transparency in all costs

associated to assets and how it supports critical business services related to budgeting, allocation, accounting, and service valuation

Increase accountability to ensure compliance Enhance performance of assets and life-cycle management Reduce impacts to assets caused by changes


Configuration Management:Focuses on operational usage and logical relations

IT Asset Management

2.4 Process ObjectivesITAM Process objectives describe material outcomes that are produced or achieved by the process. The following is a list of objectives for this process:

Challenge the Status Quo Identify data needs Identify opportunities for automation How to build a Roadmap for proceeding further is tabled but outlined until

further discussion around requirements occurs.2.5 Best Practice Relationship with other processes

This is a graphic depicting not only ITIL best practice, but a clear functional map for Service Now workflows and the design that those tasks enable the tool to leverage for the processes.

2.6 Best Practice Asset Management

Process Relation Description Input Output

Service The IT Asset Repository contains details of the infrastructure X


IT Asset Management


Request / Incident Management

vital to efficient incident classification, initial support, investigation and diagnosis.

When Asset records are identified as inaccurate, incident records are created and assigned to Asset management for correction.

X

Change Management

The CMDB provides change management with the necessary information for the assessment of the risk and impact of proposed changes.

X

New, modified or disposed assets. Change management ensures that the information related to assets is updated properly following the implementation of a change.

X


IT Asset Management

3 PROCESS ROLES

Each role is assigned to perform specific tasks within the process. Within a specific process, there can be more than one individual associated with a specific role. Additionally, a single individual can assume more than one role within the process although typically not at the same time. Depending on the structure and maturity of a process, all roles described may not exist in every organization.

The following describes the typical roles defined for service asset management, and the identified personnel that will be undertaking that role:

Role Description Designee

Process Owner

A Senior Manager with the ability and authority to ensure the process is rolled out and used by the entire IT organization.

Responsible and Accountable for: Defining the overall mission of the process Sponsorship, design, and continual improvement of the process

and its metrics Establishing and communicating the process mission, goals, and

objectives to all stakeholders Ensuring consistent execution of the process across the

organization Reporting on the effectiveness of the process to senior

management Initiating any process improvements Resolving any cross-functional (departmental) issues

Chris B.

Asset Manager

Responsible for: Managing the day to day activities of the process Maintaining data continuity within the IT Asset Repository,

including Asset Models Tracking and governing compliance of the process within their

team Gathering and reporting on process metrics Escalating any issues with the process to the Process Owner

Kim P/Laura T./Jeff B./Jeremy P.

Asset Analyst

Responsible for: Assets defined within the scope of their area Recording and maintaining assets within the Repository Monitoring the repository for accuracy & consistency Analyzing data and creating reports Assisting the Asset Manager with audits and report generation Collecting and retaining asset data for risk and cost assessment

Gerry I/Rich E./Ajay B.

Asset Responsible for: Laura T. /


IT Asset Management

Owner

Supporting, maintaining, controlling and updating of a specific asset or assets

All activities that directly affect the actual asset or assets Collaborating with Process Owner on process

changes/continual improvement

Chris B.

Stakeholder All persons who have an interest in the information contained

in the CMDB. Stakeholders may include employees, customers, partners, CI owners, and others

Can be anyone


IT Asset Management3.1 Best Practice RACI MatrixAn example of a RACI is noted below. The Roles and responsibilities are assigned to specific process activities.

ID Activities Proc

ess O

wne

r

Asse

t Man

ager

Asse

t Ana

lyst

Asse

t Ow

ner

Process Planning and RequestProduce asset management plan A R I CDefine what's in scope (models...etc.) R C I ADetermine selection guidelines R C I APerform audit I A R CBaseline CMDB I A/R R CProcurementManage vendors I A/R R IAdd/Remove new vendors I A/R R IAdd/Remove new models I A/R R IEvaluate appropriate attributes I A/R R IStockroom/ReceivingReceive new asset A R IProof of Entitlement A R IInput asset tag onto new hardware A R ICreate assets in the CMDB A R IValidate asset attributes A R IAssign appropriate status in CMDB A R IValidate financials on asset record A R IDeploy/FinancialsActivate licenses, contracts and/or entitlements A R IValidate asset attributes (location, financials…etc.) A R IValidate asset status A R IAssign assets to users A R IUpdate the CMDB A R IManage/Move, Add, Change (MAC)Ensure approved change request A R IModify asset attributes in CMDB A R IPlan and organize routine maintenance A R CExecute asset audits A R CDetermine corrective action A R CInitiate corrective action A R IExecute corrective action A R ITrack asset history A R ITransfer assets to new locations/stockrooms A R IRetire/Dispose


IT Asset ManagementRetire or dispose asset A R CUpdate asset to disposed/retire in CMDB A R CHarvest/Reclaim software entitlements A R IGenerate disposal report A R IR: Responsible, A: Accountable, C: Consulted, I: Informed

A spreadsheet is provided for your ongoing use/modification:

[3.2] Protective LifePL Process RolesIt is expected that Protective LifePL will confirm the personnel names for each Process Role prior to implementation phase.


IT Asset Management4 ASSET MANAGEMENT LIFECYCLE PROCESS OVERVIEWSection 4 contains Best Practices found within the industry. Section 4.5 includes practices related to Protective LifePL gathered during the workshop.

4.1 Best Practices – Asset Management Lifecycle Process Overview

ID Activity Phase Description1 Request Where the request for an asset is initiated2 Buy/Build/Stock Where the Buy / Build / Stock decision is performed3 Acquisition Where acquisition activities are performed4 Receive Where the receive activities are performed5 Deploy Where the deploy activities are performed6 Move/Add/Change Where move / add / change activities are performed7 Validation Where data validation activities are performed8 Harvest Where harvest activities are performed9 Decommission Where the decommission activities are performed

10 Disposition Where the disposition activities are performedTools These identify the various categories of tools involvement in Asset

Management processes. They include: Policies & Process Documentation Standards Lists Request System(s) Purchase System(s) Financial System(s) Asset Management System(s) Software Deployment System(s) Discovery System(s) Contract Management System(s)

Each of these activity phases are further detailed below:4.2 Best Practices – Asset Management Lifecycle Process Overview (phases 1-4)


IT Asset Management

1 - Request Phase Where the asset request starts and it includes approvalsTriggers include: User needs a Software or Hardware asset

Supply Point inventory reorder

ID Activity Task Description1.1 Request New Asset This task initiates the request for the asset1.2 Approve Asset Request This task is where the asset request is approved or disapproved.

- if request is disapproved, Requestor is notified1.3 Approve Architecture This task is where the approved asset request is reviewed for Architectural

approval.- if request is disapproved, Requestor is notified

Tools/Data for activity include: Policies & Process Documentation – to support the activities Request Systems – to support Request inputs, approvals and workflow Standards List – to provide organizational standards information

2 - Buy / Build / Stock Phase Where the Buy / Build / Stock decision is performedTriggers include: An approved Asset Request


IT Asset Management

ID Activity Task Description2.1 Determining Sourcing This task determined how to fulfill the Asset Request – choices include:

Buy or Build or Stock2.2 Asset in Stock? This task is where the determination if requested asset is in stock.

- if Yes, proceed to task 2.3- if No, then proceed to task 3.1

2.3 Secure from stock / inventory

This task is where the requested asset is collected from stock/inventory

2.4 Update Asset Repository This task is where the asset repository is updated- this task connects to Phase 5

Tools/Data for activity include: Policies & Process Documentation – to support the activities Request Systems – to support Request inputs, approvals and workflow Standards List – to provide organizational standards information Asset Management System(s) – to support inventory information

3 - Acquisition Phase Where acquisition activities are performedTriggers include: An Acquisition Request

ID Activity Task Description3.1 Create Acquisition Order This task determined how to fulfill the request for the asset – choices

include: Buy or Build or Stock3.2 Approve Acquisition

OrderThis task is where the determination of whether the asset is to be ordered.

- if asset is to be ordered, then proceed to task 3.1- if asset is to come from stock/inventory, proceed to task 2.3

Tools/Data for activity include: Policies & Process Documentation – to support the activities Request Systems – to support Request inputs, approvals and workflow Standards List – to provide organizational standards information Acquisition System(s) – to support the acquisition process (creation

and approvals)

4 - Receive Phase Where receive activities are performedTriggers include: Asset arrives (hardware or software)

ID Activity Task Description4.1 Receive Asset This task is where the asset is received into AIG4.2 Update Asset Repository This task is where the asset repository is updated4.3 Approve Payment? This task is where the determination if the receipt requires a payment

approval to be completed- if Yes, the go to Task 4.4


IT Asset Management- if No, go to Phase 5

4.4 Approve Payment This task is where the payment approval activities is performed- this task connects to Phase 5

Tools/Data for activity include: Policies & Process Documentation – to support the activities Request System(s) – to support Request workflow Acquisition System(s) – to support the acquisition process (receiving) Financial System(s) – to support Fixed Asset, if required


IT Asset Management4.3 Best Practices – Asset Management Lifecycle Process Overview (phases 5-7)


IT Asset Management5 - Deploy Phase Where the deploy activities are performedTriggers include: Input from Phase 2 (asset in stock/inventory)

Input from Phase 4 (asset received)

ID Activity Task Description5.1 Request Deploy This task is where the Request to deploy an asset is received5.2 Perform Build/Configure

Asset StepsThis task is where the asset is built / configured and readied for deployment

5.3 Perform Deploy Asset Steps

This task is where the asset is actually deployed

5.4 Update Asset Repository This task is where the asset repository is updated based on the actionsTools/Data for activity include: Policies & Process Documentation – to support the activities

Request Systems – to support Request inputs, approvals and workflow Standards List – to provide organizational standards information Asset

Management System(s) – to support inventory information Software Deployment System(s) – to support the build/configure and

deployment activities

6 – Move / Add / Change Phase Where the Move/Add/Change activities are performedTriggers include: MAC request (hardware or software)

ID Activity Task Description6.1 Request MAC This task is where the MAC activity is requested6.2 Approval Required? This task is where the determination if any approvals are required for the

MAC activity- if Yes, then proceed to task 6.3- if No, proceed to task 6.4

6.3 Approve MAC Request This task is where the approval for MAC activity is approved6.4 Perform MAC Steps This task is where the actually MAC activities are performed6.5 Update Asset Repository This task is where the asset repository is updated based on the actionsTools/Data for activity include: Policies & Process Documentation – to support the activities

Request Systems – to support Request inputs, approvals and workflow Standards List – to provide organizational standards information Asset

Management System(s) – to support inventory information Software Deployment System(s) – to support the build/configure and

deployment activities


IT Asset Management7 – Validation Phase Where the validation activities are performedTriggers include: Validation Request

Audit Request – external Review Request – internal

ID Activity Task Description7.1 Request Validation This task is where the Validation activity is requested7.2 Approvals Required? This task is where the determination if any approvals are required for the

Validation activity- if Yes, then proceed to task 7.3- if No, proceed to task 7.4

7.3 Approve Validation Request

This task is where the approval for Validation activity is approved

7.4 Review & Validate Asset Repository

This task is where the Asset Repository data is reviewed and validated

7.5 Perform Reconciliation Steps

This task is where the reconciliation (entitlements to deployments) activity is performed

7.6 Document & Report Results

This task is where the results of the reconciliation is documented and reported

Tools/Data for activity include: Policies & Process Documentation – to support the activities Request Systems – to support Request inputs, approvals and workflow Standards List – to provide organizational standards information Asset

Management System(s) – to support inventory information Discovery System(s) – to support the inventory activities


IT Asset Management4.4 Best Practices – Asset Management Lifecycle Process Overview (phases 8-10)

8 – Harvest Phase Where the asset harvesting/reclaiming is performedTriggers include: Harvest (MAC) Request

ID Activity Task Description8.1 Request Harvest This task is where the Harvest (MAC) activity is requested8.2 Determine Harvest

CandidatesThis task is where the determination if which assets are candidates for harvest

8.3 Perform Harvest/Reclaim Steps

This task is where the harvesting/reclaiming activities are performed


Request Systems – to support Request inputs, approvals and workflow Standards List – to provide organizational standards information Asset Management System(s) – to support inventory information Discovery System(s) – to support the inventory activities Software Deployment System(s) – to support software harvesting


IT Asset Management

9 – Decommission Phase Where asset decommission activities are performedTriggers include: Decommission (MAC) request

ID Activity Task Description9.1 Request Decommission This task is where the Decommission (MAC) activity is requested9.2 Determine

Decommission Candidates

This task is where the determination which assets are candidates for decommissioning

9.3 Approval Required? This task is to determine if approvals are required for Decommission activities

9.4 Approval Decommission This task is where the decommissioning of assets is performed9.5 Perform Decommission

StepsThis task is where the decommissioning activities are performed


Request Systems – to support Request inputs, approvals and workflow Standards List – to provide organizational standards information Asset Management System(s) – to support inventory information Discovery System(s) – to support the inventory activities Software Deployment System(s) – to support software harvesting

10 – Disposition Phase Where disposition activities are performedTriggers include: Disposal (MAC) request

ID Activity Task Description10.1 Request Disposal This task is where the Disposition (MAC) activity is requested10.2 Determine Disposition

CandidatesThis task is where the determination if which assets are candidates for disposition

10.3 Fixed Asset? This task is to determination if the asset is part of Fixed Assets?- if Yes, proceed to task 10.4- if No, proceed to task 10.5

10.4 Approve Fixed Asset Disposition

This task is where the disposition of a Fixed Asset is approved.

10.5 Perform Disposal Steps This task is where the disposition activities are performed10.6 Update Asset Repository This task is where the asset repository is updated based on the action10.7 File Disposition

DocumentationThis task is where the Disposition Documentation get filed – including the certification of destruction

Tools/Data for activity include: Policies & Process Documentation – to support the activities Request Systems – to support Request inputs, approvals and workflow Standards List – to provide organizational standards information Asset

Management System(s) – to support inventory information Discovery System(s) – to support the inventory activities Software Deployment System(s) – to support software harvesting Financial System(s) – to support Fixed Assets


IT Asset Management

[4.5] Protective LifePL – Asset Management Lifecycle Processes / Business Use CasesUse Case #1: As the Financial Operations, Server Admin, and Desktop Admin teams, I want to have and produce accurate data for annual software vendor contract true-ups, so the organization remains in compliance with each vendor. Use Case #2: As a system administrator and Financial Operations team member, I want confirmation that system changes don’t adversely impact existing license compliance with any vendor, so the organization remains in compliance with each vendor.Use Case #3: As an Infrastructure or Applications team member, I want to see the relationships between configuration items, so the organization can assess the risk and impact of any event or change upstream and downstream through technology platforms.Use Case #4: As a Financial Operations team member, I want to be able to allocate the cost of technology services to business organizations so I can assess and report the true cost of ownership of a service/ sub-service.Use Case #5: As a Business manager, I want to see the refresh schedule for the hardware assigned to each of my direct reports, so I can plan my resources around the change.Use Case #6: As an Infrastructure Admin manager, I want to report on end-of-life dates for all relevant hardware components that my team manages, so I can plan, disposition, warrant, and refresh the hardware on an appropriate schedule.Use Case #7: As an Infrastructure Admin team member, I want to see the details of each extended warranty contract so I can assess the accuracy of the number of devices on the extended warranty invoices. (Note: During the implementation, we’ll initially focus on reconciling HP invoices, but the process should be the same for all vendors)Use Case #8: As an Infrastructure Admin manager, I want to produce a monthly metrics report with data relevant to the CIO report, so I can easily produce my component of this report. (Note: The initial implementation to include only the metrics for the CIO report)Use Case #9: As a Server admin, I want to see the relationship between servers and the monitoring system, so I can confirm which servers are being monitored. Use Case #10: As a Financial Operations team member, I want a drillable report on the contracts with upcoming contract renewal dates, and be notified once per contract, so I can proactively act & renew the contracts where needed.Use Case #11: As an Infrastructure admin, I want to see the location and owner for each asset, so I can manage any operational activities required for that asset.Use Case #12: As an Infrastructure admin, I want to see an exception report listing all unknown and unidentified assets, so I can investigate each to determine its details and use.Use Case #13: As an Infrastructure admin, I want to define a process to investigate and reconcile each unknown and unidentified asset, so I am clear on how to disposition each asset (i.e., cover any licensing impacts from the asset change).Use Case #14: As a Loading Dock user, I want to receive and dispose assets via barcode scanner so I can quickly input the data into the system and control these processes appropriately.Use Case #15: As an Infrastructure or Financial Operations user, I want to define a process for managing assets through their lifecycle, so assets can be accounted for at all times.


IT Asset Management5 ASSET MANAGEMENT PROCESS GUIDE

ServiceNow has assembled the following review of IT Asset Management related processes as part of the ServiceNow Asset Management methodology and process integration overview. The Process Guide is based on the full lifecycle management of IT assets. This lifecycle is identified within 6 Asset Towers: Governance, Fulfillment, Auditing, Active Asset Management, Disposition, and IT Financial Management. Below is a diagram that depicts the asset management towers and their associated components.

Various topics are contained within each Asset tower; these topics create the individual tower. For example, the Governance Tower contains topics related to Policy Management, Education & Training, Reporting, and Security. The procedures that shape an organization’s IT Asset Management capability are identified within each topic and are referred to as “Components.”

The Process Guide will focus on these Topics and Components as they are organized by Asset Tower. Each Topic is defined with additional details related to onsite observations and related ServiceNow technology. Where available a readiness assessment is provided based on ServiceNow implementation (ISO Tiered Implementation) recommendations.

The primary objectives of the Process Guide are to rationalize and reduce IT costs, reallocate underutilized IT resources, and streamline IT business processes.

ServiceNow completed an onsite Asset Workshop to validate Protective LifePL’s strategic goals, processes, workflows, and organizational capabilities. Using the workshop information an analysis is


Governance

Policy Management

Processes

Education & Training

Reporting

Security

Fulfillment

Purchasing

Receiving

Contract Management

Lease/Warranties Maintenance

Vendor Management

Auditing

Scanning / Discovery

Inventory Management

Data Delta Management

Internal / External Auditing

Compliance

Active Asset Management

IMAC (Install Move Add Change)

Break Fix

Model Management

Usage Management

Asset Optimization

Disposition

Harvest / Cascade

End of Life / Disposal

Regulatory Management

Data Security

Validation

IT Financial Management

Total Cost of Ownership

Business Service Costing

Budgeting / Forecasting

Depreciation

Cost Allocation / Chargeback

IT Asset Managementcompleted to determine the Infrastructure design, technology configuration; data capture, and process requirements to help maintain the asset lifecycle. This information captured here in the ITAM Process Guide has the following goals:

Help technicians become more effective and efficient by giving them accurate, complete IT asset management information

Help manage procurement, and budgeting more effectively Proactively manage compliance efforts Maximize the use of IT resources by identifying and redeploying underutilized assets Help to control IT costs and more accurately plan for future IT needs

5.1 GovernanceThe Governance Tower within the ServiceNow Asset Lifecycle Management methodology accounts for the impact IT Asset Management has on the business.

Organizations make decisions, allocate resources/returns, execute responsibilities and undertake risk management, whether financial or otherwise, with an objective of protecting and promoting the interest of the shareholders, management, board of directors and the employees.

An effective IT Asset Lifecycle management program executes on these objectives with technology that supports the transparent and efficient use of information. The following Topics are critical to the success of an effective ITAM Governance effort and foundational to both short and long-term success.

The ServiceNow Governance Tower is broken into 5 Topics: Policy Management, Processes, Education & Training, Reporting, and Security. Below are details of each topic area as discovered during onsite efforts with ServiceNow.

5.1.1 Policy ManagementDefinition: Policy Management as it relates to IT Asset Lifecycle is the foundation and first step in efforts of performing IT Asset Management. A Use Policy should include language that clearly identifies responsibilities, personal use of company assets, unauthorized hardware/software, optimization, retirement, and internal control rights.

Effective policy language includes identification of responsibilities, and approval requirements. Internal personnel should be able to reference the asset request fulfillment and life-cycle management policies and all other Asset Management developed policies at their convenience. After an acceptable policy is created it should function for several months before revisiting the process to determine whether or not the policy is working. Establish a process by which the review continues over time. The first review should be conducted four months after initial implementation. If the policy requires adjustment, do so, and then re-evaluate again in six months after the adjustment. If the policy or procedure does not require adjustment, permit it to operate for six to twelve months, and then conduct the second review. Revisit and update policies (if necessary) as necessary.


IT Asset Management

The following steps provided by the International Association of IT Asset Managers (IAITAM) support the development of polices that are relevant, enforceable and understandable.

Educate Establish that there is a general issue that affects everyone, though it can affect some employees more directly than others. Do some research and include information on how the issue impacts all the employees’ day-to-day job functions. Next, explain why the issue is important and how establishing a policy is a prudent step to decrease unnecessary exposure in the workplace. Relating this background information helps employees who are not directly involved understand the issue better.

Develop The next step is to create a functional, practical and useful policy. Open dialog between opposing viewpoints should be encouraged. A committee should be formed to discuss any issues and develop the appropriate policy for the organization. Policies from industry leaders can be used as a template and altered to fit the organizations particular need.

Implement Once a need is determined for a particular policy and it has been developed, the next step is implementation. Rollout of the policy requires transition time. There will be some adjustment for employees, which is why it is very important that employees understand the reasons/need for the particular policy.

Evaluate Once implemented, policies should always be reviewed periodically to monitor their effectiveness and relevance. Having a policy in place without follow up is not sufficient.Policies will always need fine-tuning. Have in place a procedure for periodic review.Create a Policy Review Board/Team.

ServiceNow Support: The ServiceNow platform can support policies by providing transparency into the effectiveness of said policies and reporting on discrepancies related to internal service level agreements.

5.1.1.1 Observations: A policy has been drafted internally at Protective LifePL and is considered work in process.

5.1.1.2 Recommendations:Continue work on the policy, incorporating the recommendations above and the information referenced in the “Educate”, “Develop”, “Implement”, “Evaluate” framework defined above.

5.1.2 ProcessesDefinition: IT Asset Management business practices are process-driven and matured through iterative and focused improvements. Most successful IT Asset Management programs are integrated throughout the organization, involving everyone at some level, such as end users (educating on compliance), budget managers (redeployment as a choice), IT service departments (providing information on warranties), and finance (invoice reconciliation, updates for fixed asset inventories).

The Gartner Group identifies a successful IT Asset Management program as 80% Process and 20% Technology. The best technology will fail without successful process.


IT Asset ManagementAn effective IT Asset Management process includes all stakeholders in their definition while the supporting technology utilizes automation where available to support the goals of the said process. Manual procedures lead to breakdown in the effectiveness of efforts and the trustworthiness of related data.

IT Asset Management related processes should include all efforts of lifecycle management for all in-scope assets. Such lifecycle management efforts include the following:

Product Model Management Request Management Procurement Contract Management Inventory Management Deployment Management Compliance Management Disposal Management Financial Management

Each process should identify related roles and have regular reviews (minimum review annually). These processes should have a centralized repository that supports global training and the knowledge of said processes. Additionally, the format of these processes should be consistent throughout the organization and follow as closely as possible the PMCI standard.

ServiceNow Support: The ServiceNow platform provides for the management of any type of asset and includes modules for the support of all lifecycle efforts from Product Model Management through Disposal Management.

5.1.2.1 Observations: A maturity assessment has been completed and – came in at “repeatable”. Processes are not generally written down, but more driven by institutional knowledge. Target process maturity for all processes is agreed to be a 3: written down, trainable, repeatable. Protective wants to bring data sources into ServiceNow.

5.1.2.2 Recommendations:

Create a steering/governance committee to drive standards for how ITAM is performed.

Establish an IT Asset Center of Excellence (COE) Team with responsibilities for overseeing the management of the IT Asset Lifecycle Processes throughout Protective LifePL as well as across the entire organization. Additional activities would include, but not limited to, those associated with Software Asset Management (SAM), Financial Management (ITFM), Infrastructure Management, and PC Management.


IT Asset Management

a. The COE should oversee global training of said processes in a manner that provides consistency of process throughout the organization.

b. Create KPI’s that support the use of said processes.c. Identify key metrics that identifies the continued value of said processesd. The COE should have the responsibility to validate localized/distributed efforts to ensure

activities conform to established policies and processes. [e.] Utilize the best practice processes provided in this document (Section 4) as a framework for

the creation of a full Asset Lifecycle Management process within Protective LifePL.e.[f.] Utilize the Roles & Responsibilities with related Activities found in the RACI provided in this

document (Section 3).[g.] Establish a central Asset Management Team that reports to the COE and tasked with

performing the activities outlined by the COE as part of the RACI (Section 3). This team should consist of a minimum of 4 FTEs for an organization the size and maturity of Protective LifePL.

Empower the COE to establish a global process for IT hardware and software asset management. a. Enable the ability to localize the global IT hardware and software asset processes by creating

and documenting local procedures based on the global processes. These processes and procedures should support the business unit needs but they should also be shared with all BU’s and the COE so all areas can benefit standardized processes.

b. The COE should have the responsibility to validate localized efforts to ensure activities conform to established policies and processes.

Identify a centralized location or focal point where these ITAM processes and localizations are maintained and accessible to the organization. Communicate/publish this location to the organization.

a. A Best Practice is to have an internal ITAM website where their processes are identified and links to them are available to individuals within the organization.


Center of Excellenc

e ITAM Team

Infrastructure Management

PC/LaptopManagement

Software Asset Management Finance

Security

Support Vendors

IT Asset Management

Review the established processes and update/revise them to take the integration of ServiceNow into account.

Empower the various business units to modify these processes to take into account specific requirements they may have, but make sure they are documented and controlled.

Communicating and making these Software Asset Management processes readily available is a must have in order to have all within Protective LifePL be aware they need to be followed.

5.1.3 Education & TrainingDefinition: An effective asset management environment includes an understanding of the risk and value associated with the management of IT assets. This understanding must be communicated openly and effectively to all levels of the organization. Such effort begins with executive support and permeates the entire staff. A best practice occurs when staff at all levels is informed, understood and proactive in the optimization of IT assets.

ServiceNow Support: The ServiceNow organization provides training resources for topics including System Administration, Asset Management, Configuration Management, and more. Publicly available Wiki and Community websites provide documentation and peer support. Regional in-person gatherings of user groups called SNUGs (ServiceNow User Groups) occur on a regular basis with the goal of knowledge transfer.

Additionally, the ServiceNow Knowledge annual meeting of ServiceNow users and engineers provides resources for training and knowledge transfer.

Within the ServiceNow platform there are multiple capabilities to manage and associate knowledge to activities and assets.

5.1.3.1 Observations: This was the lowest score on the maturity assessment. Need to formalize training activities as part of the implementation of the Asset Management module, including training all levels of the IT organization (down to Techs) as to the work they’ll do in the system.

5.1.3.2 Recommendations:Formalize and document the processes before starting to build training plans.

5.1.4 ReportingDefinition: Effective Asset Management technology consists of value based reporting through filtered lists and dashboards. Asset reporting requirements drive the data discovery and retention requirements of IT Asset Management. Understanding the needs of stakeholders helps in developing the critical data elements of an IT Asset Repository.


IT Asset Management

Often the data found in an IT Asset Repository is based on “what can be done” rather than “what should be done”. Reporting requirements from stakeholders identify “what should be done” within an effective IT Asset Management repository. That said reporting requirements become a critical aspect of IT Asset technology implementation and ongoing evaluation.

As stated in the Process definition above, “Most successful IT Asset Management programs are integrated throughout the organization, involving everyone at some level integration with stakeholders.” It is imperative that reporting needs of all stakeholders are identified and understood both in the creation and sustainability of the IT Asset Lifecycle

ServiceNow Support: The ServiceNow platform has the ability to present, filter, configure and export any list of assets and/or configuration items within the default display.

In ServiceNow, a report can be a list, chart, or calendar-based view of data in a particular table. Use reports on homepages to display key information to different users. You can also publish reports to a URL that can be sent out through email. ServiceNow also offers a range of predefined reports that pertain to applications and features like incident management and service catalog requests. If none of these meet your needs, you can create your own reports at any time.

Additional details can be found on the ServiceNow wiki at ServiceNow Creating Reports.

5.1.4.1 Observations: A considerable amount of manual reporting currently exists.

5.1.4.2 Recommendations:With the implementation of Asset Management in ServiceNow, the goal is to help automate these well-defined, but manual, reporting processes.

5.1.5 SecurityDefinition: Security is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. IT Asset Management has the ability to support Security efforts due to effective processes and the mass amount of discovery data available.

Access to ITAM data for subject matter experts (SME’s) is critical. Yet control of said access is just as critical. It is important to consider the controls to Asset and Configuration Item data in a manner that helps keep data fresh, accurate, and useful. Utilize automation to populate data where available thus eliminating manual data intervention. Additionally, ensure said data is editable by appropriate SME’s. It is not best practice to let Network Infrastructure SME’s create/edit Database CI’s. Thus an effective management of security through roles within the various data elements is critical to long-term data accuracy.


http://wiki.servicenow.com/index.php?title=Creating_Reports

IT Asset ManagementServiceNow Support: The ServiceNow platform fully supports ACLs in the managed of individual tables and table attributes. These ACL’s provide for the secure management of data.

5.1.5.1 Observations: Without specific action to prevent it, all of IT is going to see all information for all Assets.

5.1.5.2 Recommendations:Specific work will be required during the implementation project to define requirements by asset type and who has access to that data.

One note: IT cannot see Networking assets, only Networking Team and Laura/Kim

5.2 FulfillmentThe Fulfillment Tower within the ServiceNow Asset Lifecycle Management methodology accounts for the processes from request through delivery of IT Assets including Vendor Management.

With a focus on the asset supply chain and the management of said supply chain an effective IT Asset Fulfillment program identifies the right asset for the right purpose within the organization while maintaining standards throughout vendor management. Ineffective supply-chain efforts lead to rogue asset activity that can increase organizations financial risks.

5.2.1 ProcurementDefinition: IT procurement is the series of activities and procedures necessary to acquire information technology (IT) products and services.

IT procurement involves both strategic and administrative responsibilities. Day-to-day tasks may include conducting market research, negotiating pricing, establishing terms and conditions for services, resolving invoice discrepancies and communicating the status of purchases with internal customers.

An IT procurement process, formal or informal, exists in every organization that acquires information technology. As users of information systems increasingly find themselves in roles as customers of multiple technology vendors, this IT procurement process assumes greater management significance. In addition to hardware, operating system software, and telecommunications equipment and services - information resources traditionally acquired in the marketplace - organizations now turn to outside providers for many components of their application systems, application development and integration, and a broad variety of system management services.

ServiceNow Support: ServiceNow has specific capability to manage the asset procurement process including the following:

Request Management Procurement Financial Management


IT Asset Management

5.2.1.1 Observations: Current state process is “we buy when the closet goes down” - what is bought is not tied into user provisioning today.

5.2.1.2 Recommendations:Develop a notice/trigger for incremental purchases based on when the inventory levels hit a set minimum.Create an organizational mandate prohibiting off-the-shelf purchasing. This provides for a process that is controlled and standard.

5.2.2 ReceivingDefinition: The legal responsibility of an asset often begins upon the receipt of said assets. In today’s business assets can be physical and/or digital making the receiving and documenting activities more complex.

An efficient environment is able to receive new assets against a specific purchase and relate said asset to both the original purchase and the new asset record within the organizational repository. The old world of receiving assets at “the dock” is not lost but electronic and real-time requirements have complicated receiving activities.

Planning for receiving – what will arrive and when it will arrive – is as critical as recording details. The recorded details must be accurate and without manual errors.

ServiceNow Support: Within the ServiceNow Platform, Assets can be received and added to the system when they are delivered to a stockroom.

Stockrooms are places where physical assets are received and assigned. When stock is low on a particular asset, stock rules can either notify an asset/procurement manager or automatically transfer inventory from one stockroom to another. Stockrooms are separate, standalone entities in the Asset Management application.

ServiceNow can integrate with barcode scanners for efficient input of receiving efforts (data) eliminating the risk of manual errors.

5.2.2.1 Observations: Today, John counts all inbound product, which requires considerable manual back-and-forth conversations.

5.2.2.2 Recommendations:As part of the ServiceNow Asset Management implementation, many of the currently manual steps can be automated. It is also recommended that Protective develop and implement exception processes as part of the Asset Management implementation. Finally, the closer aligned that the


IT Asset Managementreceiving processes are between organizations/asset classes, the easier it will be to implement. Consider some business process redesign to that effect.

5.2.3 Contract ManagementDefinition: A contract is a written or oral legally binding agreement between the parties identified in the agreement to fulfill the terms and conditions outlined in the agreement. A prerequisite requirement for the enforcement of a contract, amongst other things, is the condition that the parties to the contract accept the terms of the claimed contract. Historically, this was most commonly achieved through signature or performance, but in many jurisdictions - especially with the advance of electronic commerce - the forms of acceptance have expanded to include various forms of electronic signature.

IT Contracts can be of many types, e.g. service contracts, software licenses, maintenance, warranties, lease, insurance, and more.

Identifying and relating contracts to assets and configuration items allows for the simplification of efforts such as warranty management, lease management, and software license management.

ServiceNow Support: Within the ServiceNow platform is the ability to manage Contracts. A contract is a binding agreement between two parties. Contracts contain detailed information such as contract number, start date, active status, terms and conditions, renewal information, and financial terms. Contract Management in ServiceNow is active by default.

Contract Management integrates with Cost Management module within ServiceNow to associate contracts with costs and determine the total cost of ownership.

5.2.3.1 Observations: Protective LifePL will focus contract management in ServiceNow on maintenance agreements, not for MSAs, etc.

5.2.3.2 Recommendations:Aim for simplicity – providing only the contract information needed within the IT organization. In this case, that means bringing in the information Financial Operations needs for maintenance agreements and the operational details IT users require.

5.2.4 Lease/Warranties MaintenanceDefinition: Lease and Warranty maintenance is based on contracts between two parties with defined term and conditions.

In particular to lease management an organization can obtain access to technology assets with little upfront cost. Asset managers need to be able to track leased items and relate them to specific contracts with specific terms and conditions concerning the lease.


IT Asset ManagementAdditionally, any dates needed related to the lease or warranty need to be tracked with associated contacts both internally and externally to the organization. Notifications are needed with regards to the associated dates.

ServiceNow Support: The ServiceNow platform can manage the full lease/warranty contract lifecycle including dates and related asset/CIs.

5.2.4.1 Observations: John currently goes to the HP site to confirm whether a device is under warranty, and end-of-life status.

5.2.4.2 Recommendations:A device’s warranty and end-of-life status should be captured in ServiceNow, which is available out of the box. For several different classes/types of hardware, there is a nice to have request to screen scrape the vendor’s website to gather warranty end dates (SmartNet for Cisco, HP, etc). This can be considered as a custom integration as part of the implementation project, or as a phase 2 type request.

5.2.5 Vendor ManagementDefinition: Vendor Management relates to the active and ongoing evaluation of the business relationship between a customer and all publishers, resellers, vendors and distributors detailed in a contract management repository.Vendor Selection, Vendor Performance Evaluation & Tracking, and Vendor Development are the widely recognized pillars of a successful Vendor Management PolicyEffective Vendor Management enables organizations to optimally develop, manage and control vendor contracts, relationships and performance for the efficient delivery of contracted products and services. This can help clients meet business objectives, minimize potential business disruption, avoid deal and delivery failure, and ensure more-sustainable multi-sourcing, while driving the most value from their vendors.

ServiceNow Support: The ServiceNow platform provides tools for defining and monitoring these vendor contracts.

Additionally, if the vendor management team has negotiated underpinning contracts attached to service level agreements, these can be defined and automated using the Service Level Agreements (SLA) Plugin. Underpinning contracts define and monitors the guarantees. Within ServiceNow, these are fully integrated into the Service Level Management system.

5.2.5.1 Observations: As with the Contracts tower, the contractual relationships captured within ServiceNow will be focused only on maintenance agreements.


IT Asset Management5.2.5.2 Recommendations:

IT Vendors should be maintained in ServiceNow so that relationships with assets and other objects in ServiceNow can contain the vendor information.

5.3 AuditingAn information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a software audit, internal audit, or other form of attestation engagement.

IT Asset Management (ITAM) auditing allows for organizations to understand the “what” and “where” of IT Assets. A proactive effort with supported processes reduces the cost of 3 rd party audits by as much as 700%.

5.3.1 Scanning and DiscoveryDefinition: An inventory control system is a set of hardware and software based tools that automate the process of tracking inventory. The kinds of inventory tracked with an inventory control system can include almost any type of quantifiable technology good, including software, database instances, computers, networking equipment, and any other item that organizations may purchase and utilize.

Modern inventory control systems are almost exclusively based on barcode technology for scanning and agent/agentless software for network-enabled discovery. Though barcodes were initially developed to automate the process of grocery store checkout, their ability to encode a wide variety of alphabetic and numeric symbols makes them ideal for encoding technology assets. Inventory control systems work in real-time using wired and/or wireless technology to transmit information to a central computer system that serves as a discovered repository.

Though agent-based solutions are often considered “Discovery” tools, the fact is these solutions can only inventory known machines for which the agent is installed. By definition, discovery occurs from outside a known environment. The fact that an agent-based solution does not “discover” a new asset outside of its installation eliminates it as discovery tool. The value of agent-based solutions is in the recording of data such as usage information unavailable to agent-less solutions.

Additionally, the use of the ISO/IEC 19770-21 Software Identification (SWID) Tag can be utilized in the discovery process, and some major vendors are already using them within their software applications. These SWID Tags are XML files that contain details related to the specific software application that is installed.

Other areas where these SWID tags are beneficial include: Platform Stability - Determining the variety of software installed within the environment,

including the number of versions of particular software, is particularly important if your

1 See Appendix C for more regarding ISO/IEC 19770-2 software asset tagging


IT Asset Managementorganization is required to test new critical applications against all known applications within the environment. Interoperability and sociability testing answers questions such as: Do multiple VPN clients cause any issues? Do multiple versions of Internet Explorer cause issues? Are there rogue installs of an application happening?

Security Decision-Making Based On Risk Assessment - Accurate software inventory enables you to determine if there is software with known security risks installed within your environment. It answers questions such as: Do all Windows XP installations have all the critical patches installed? Are there unauthorized (or unwanted) software applications such as peer-to- peer file sharing or hacking tools installed anywhere on the network? Armed with accurate information, you can make better decisions, and ensure that your security policies are enforced.

Disaster Recovery/Business Continuity Planning and Operations - An accurate software inventory allows you to determine the locations of business-critical software installations. In turn you can ensure their data is being fully backed up, and ensure that both the software and the data are available in a disaster situation or crisis.

ServiceNow Support: The ServiceNow Discovery application finds computers and other devices connected to an enterprise's network. When Discovery finds a computer or device, it explores the device's configuration, provisioning, and current status and updates the CMDB accordingly. On computer systems, Discovery also identifies the software that is running and any TCP connections between computer systems. Discovery creates all the relationships between computer systems (such as an application on one server that uses a database on another server).

ServiceNow can integrate with barcode scanners for efficient input of receiving efforts (data) eliminating the risk of manual errors.

ServiceNow supports the ISO/EIC 19770 Software Asset Management standards including the discovery and retention of the ISO xml file details.

5.3.1.1 Observations: No process for defining unknown and unidentified assets currently exists. Switches/routers will likely be manually discovered even after the implementation project; Rich’s spreadsheet will be used to upload these devices.

5.3.1.2 Recommendations:Consider implementing integration to SCCM and vCenter for more streamlined discovery processes.

5.3.2 Inventory ManagementDefinition: Inventory Management is a system for tracking IT inventory levels, orders, and deliveries. Companies often use inventory management software to reduce their carrying costs. The software is used to track products and parts as they are transported from a vendor to a warehouse, between


IT Asset Managementwarehouses, and finally to a retail location or directly to a customer. Inventory management software is used for a variety of purposes, including:

Maintaining a balance between too much and too little inventory. Tracking inventory as it is transported between locations. Receiving items into a warehouse or other location. Picking, packing and shipping items from a warehouse. Keeping track of product sales and inventory levels.

ServiceNow Support: Within the ServiceNow Platform, Assets can be received and added to the system when they are delivered to a stockroom.

Stockrooms are places where physical assets are received and assigned. When stock is low on a particular asset, stock rules can either notify an asset/procurement manager or automatically transfer inventory from one stockroom to another. Stockrooms are separate, standalone entities in the Asset Management application.

5.3.2.1 Observations: Life cycle management for physical assets is not a clean process and different across different asset classes.

5.3.2.2 Recommendations:Standardize life cycle management processes prior to the ServiceNow implementation (or, agree to a standardized model during ServiceNow Requirements/Discovery Workshops) so that a single process can be implemented with the Asset Management Go-Live.

5.3.3 Data Delta ManagementDefinition: Data Delta Management, or Data Validation, is an Asset Management activity out of necessity vs. choice. Many organizations spend up to 75% of IT Asset FTE effort on validating the accuracy of IT Asset data.

Organizations need a process and supporting technology that can increase data accuracy while reducing the manual effort of data validation. Said validation should focus on critical non-discoverable elements of an asset record such as Owner/User, Location, Status, and etc.

ServiceNow Support: The Data Certification plugin within ServiceNow manages scheduled or on-demand validations of CMDB data. Information is added to the CMDB by Discovery, by importing from third-party tools, or manually. For regulatory or procedural reasons, information in the CMDB needs to be checked for accuracy and certified. The person or team responsible for certification can define what information should be verified and the verification schedule. The schedule then generates a checklist for verifying the data. Individuals assigned to certification tasks answer a series of questions to verify the data.


IT Asset ManagementData certification can be performed against specific fields on specific tables. Based on the certification schedule, certification tasks are automatically created and assigned. For example, a certification can be set up to validate key information fields (such as Operating System and CPU count) on all Windows servers located in Chicago and automatically be assigned to the appropriate team member.

5.3.3.1 Observations: BDNA data validation is being considered as an option to normalize asset data.

5.3.3.2 Recommendations:Define rules for each asset state to assess whether assets in that state need to be discovered.Define a process to disposition unknown and unidentified assets.

5.3.4 Internal / External AuditingDefinition: An IT Asset audit is a comprehensive review of an organization’s adherence to regulatory or contractual guidelines.

What, precisely, is examined in an IT Asset audit will vary depending upon whether an organization is a public or private company, what kind of data it handles and if it transmits or stores sensitive financial data. For instance, SOX requirements mean that assets must be cataloged. Healthcare providers that store or transmit e-health records, like personal health information, are subject to HIPPA requirements. Companies that transmit credit card data are subject to PCI requirements. In each case, the organization must be able to demonstrate compliance by producing an audit trail.GRC (governance, risk management, and compliance) enables CIOs to quickly show auditors that the organization is in compliance and will not be subject to costly fines or sanctions.

ServiceNow Support: The ServiceNow Platform can provide the needed audit details from supporting manual or automated sources.

5.3.4.1 Observations: An SOP appears to be in place now, but based on manual processes.

5.3.4.2 Recommendations:Once ServiceNow Asset Management has gone live, use ServiceNow as the base data source to begin to automate the existing processes.

5.3.5 ComplianceDefinition: Software Asset Management (SAM) is the business practice of using people, processes, and technology to systematically track, evaluate, and manage software licenses and software usage. A strong SAM program can help an organization:

Reduce costs: reduce the amount of money your organization spends on software. Improve compliance: be audit ready with your most used vendors. Control inventory: identify what you own and maintain an accurate database. Remove unused software: delete old and unused versions of software.


IT Asset Management Simplify software requests: develop a process for employees to request software. Reduce vendor list: logically reduce and consolidate the number of software vendors used. Identify needs: create an accurate list of the software your organization requires.

ServiceNow Support: Software Asset Management is a full-featured application for tracking and controlling software licenses. Features include:

Overview page showing key compliance information in graphs. A variety of license types for software models. Ability to manage software suites. Ability to manage upgrade and downgrade software licenses. Ability to manage unallocated/unused software licenses. Software counters for reconciliation. Software discovery models for normalization. Software License Entitlement2 feature to assign a license to a person

or machine.

5.3.5.1 Observations: Inbound software asset names are not clean and include redundancies. Reporting is not streamlined and very difficult to create.

5.3.5.2 Recommendations:Consider a data normalization service (BDNA was mentioned previously for this purpose).Consider including capabilities in compliance reporting that takes into account two versions of the same software installed on the same machine

5.4 Active Asset ManagementActive Asset Management represents those activities traditionally performed within IT Service Management.

When Asset Management has visibility into the ITSM activities then optimization of the asset lifecycle may occur. The cost associated with the service management activities of an asset can be up to 70% of the total cost of said assets. Thus the value in Active Asset Management can be the visibility into the total cost of ownership and subsequent optimization activities to mitigate costs.

5.4.1 IMAC (Install, Move, Add, Change)Definition: IMAC covers all day-to-day activities associated with the scheduling and installation of hardware and software, changes to configuration, de-installation and relocation of equipment, including connectivity testing, data transfer and user orientation.

The objectives of this process are to install equipment with a minimum disturbance of the day-to-day operation and to provide the end-users on-the-spot familiarization with the equipment. Activities

2 Not to be confused with Protective LifePL PO Software Entitlement. Refer to Glossary Appendix B


IT Asset Managementconcerning hardware relocation or de-installation, and changes to configurations should be performed as scheduled and to the agreed standards, with minimum loss of end-users’ productivity time.

ServiceNow Support: The ServiceNow platform supports the performance of IMACs through the standard IT Service Management capabilities. All efforts can be tracked to a configuration item (CI) that is then related to an Asset. All efforts, when related to a CI are reportable in mass based on the CI, Asset, Product Model, and any related attribute (data element).

5.4.1.1 Observations: Server:Want to provide better impact analysis and reporting of the change, but no process change required.

Desktop: Gerry gets a spreadsheet from Facilities with a person’s old and new locations and executes IT components of the move from that. Desktop moves are not part of IT CAB; instead they are managed via a weekly facilities meeting. Weekly move sessions planned and executed on a scheduled basis.

Consumables:Handsets and headsets are tracked with equipment IDs, but once they are deployed, hard to manage location (when an employee moves or offboards)

5.4.1.2 Recommendations:Document the existing IMAC processes prior to Asset Management implementation.

5.4.2 Break FixDefinition: An ITSM process whereby technical support for computers, servers, networks, software, etc. are performed. There may or may not be a written contract for the charges, however all parties have agreed to the terms. This can be the most expensive form of technical support.

Asset Managers can track the associated costs related to the inventory of parts, frequency of break-fix activity per product model, and cost of resources. As activities related to break-fix are performed, they are associated to Incident and/or Problem tasks.

The aggregation of related details helps identify the 70% post purchase costs traditionally associated with Assets.

ServiceNow Support: The ServiceNow platform supports the creation and management of Incident and Problem records through the standard IT Service Management capabilities. All efforts can be tracked to a configuration item (CI) that is then related to an Asset. All efforts, when related to a CI


IT Asset Managementare reportable in mass based on the CI, Asset, Product Model, and any related attribute (data element).

5.4.2.1 Observations: Protective has an open issue around relating a CI to an incident for break-fix purposes

5.4.2.2 Recommendations:Report break/fix performance against asset and supplier, as an input to vendor performance reporting.

5.4.3 Model ManagementDefinition: Models are specific versions or various configurations of an asset (hardware and software), for example, a MacBook Pro 17" or Adobe Acrobat Pro 9.

The management of models refers to the activity of identifying and certifying standards associated to the products supported within an organization. The following are Model Management activities that IT Asset Management may perform or participate in:

Certification – Testing hardware and/or software within the environment to determine its feasibility, usefulness, and/or capability

Product Standards – List of those hardware and/or software models that are supported within the organization. An asset not on the supported list may or may not incur extra effort/fees related to support

Consolidation – The support of many product models has a direct cost to an organization. Visibility of the product models and subsequent management can reduce related costs.

ServiceNow Support: The ServiceNow platform contains a dedicated environment for the management of models as “Products” within the Product Catalog. The product catalog is a set of information about individual models. Models are specific versions or various configurations of an asset. Models published to the product catalog are automatically published to the service catalog. The service catalog includes information about goods (models) and services. A model may be listed more than once if the model is available from multiple vendors.

Asset managers use the product catalog as a centralized repository for model information. A detailed and well-maintained product catalog can coordinate with service catalog, asset, procurement, request, contract, and vendor information.

Model categories within ServiceNow are defined groups of assets, consumables, product bundles, and configuration items. Using the categories, you can control what each category creates when a model associated with the category is selected.


IT Asset Management5.4.3.1 Observations:

Currently no way to onboard and offboard an entire model category at once.

5.4.3.2 Recommendations:Build a link between CI Category and Model Category to enable Discovery to capture asset information.Define a process to determine standard models to purchase; similarly, define a process to end of life a standard model.

5.4.4 Usage ManagementDefinition: Usage management and monitoring relates to the status of a network's hardware and software assets. Desired Status includes last use, historical use, and current use.

An IT Asset Manager utilizes Usage Management to determine waste. Said waste can relate to hardware and software while identifying opportunities for optimization. Understanding how an asset is utilized and to what extent can help qualify need and alternative resources.

Additional value from Usage Management is in support of harvesting and/or cascading of IT Assets; identifying when an asset is underutilized and helps to reassign the asset to a more appropriate need.

ServiceNow Support: The ServiceNow Platform can integrate with discovery technology to load and report on asset use. After relating use to existing asset and business service records reports can be run to identify opportunities for optimization.

5.4.4.1 Observations: Employee offboarding process does not current facilitate harvesting of that employee’s licensed software.

5.4.4.2 Recommendations:Define a process to harvest software during employee offboarding.

5.4.5 Asset OptimizationDefinition: Asset optimization is the strategy of obtaining the most optimal use of the organization’s hardware and software assets. However, asset optimization strategies must also take into account other organizational requirements such as security, access control, etc. where those concerns may out weight the benefits of asset optimization options. Examples of asset optimization strategies include:

• The practice of consolidating database instances on a certain server to reduce the number of required licenses


IT Asset Management• Determining the breakeven point of licensing an application by Client Access License (CAL)

verses by processor, and when the advantage of the chosen license type changes, adjust the deployment of licenses to provide greater advantage to the organization

• Determining where and when shared resources provide the organization the better option – VM’s, Clustering, etc.

• Co-locating software on certain servers to reduce the licensing of access points to outside the organization

• Licensing software at the parent organization level so sub-organizations can take advantage of pooled licenses

ServiceNow Support: The ServiceNow Platform has plug-ins for license compliance and within the SAM plug-in, license counts and over- & under-licensing counts can be reported on by software model and by vendor across the models that are licensed for within the firm’s contracts. After relating use to existing asset and business service records reports can be run to identify opportunities for optimization.

5.4.5.1 Observations: The topic of asset optimization in Protective’s environment, with high use of application virtualized and non-persistent desktops, will require more conversation during the implementation project.

5.4.5.2 Recommendations:Consider automatically uninstalling software that is not used within a configurable time threshold.

5.5 DispositionDisposition is the process of maximizing the value of unused or end of life assets through effective reuse or divestment. Both large and small organizations practice asset disposition at some level with the end goal of obtaining the greatest possible return from the asset.

Asset Disposition is also used to describe the process of liquidating excess inventory of healthy companies, refurbished items and equipment returned at the end of a lease.

Asset Disposition can also refer to the task of recovery of assets that have been wrongfully taken stolen, fraudulently misappropriated or otherwise disposed of to remove them from their rightful owner.

5.5.1 Harvest / CascadeDefinition: Harvesting and Cascading refer to the reuse of IT Assets.

Harvesting refers to the recovering of a software license from a computer where the software is completely removed and the software license is returned to a pool of available licenses.

Cascading refers to the recovery of hardware and reassignment of said hardware to a new user/function.


IT Asset Management

ServiceNow Support: The ServiceNow platform supports the identification of underutilized assets through the integration of discovery mechanisms. Reports can be performed that can identify last use and other valuable details needed to identify assets for Harvesting and Cascading.

Additional ServiceNow capabilities include Orchestration where triggers can initiate a workflow to install/uninstall software.

5.5.1.1 Observations: Harvesting appears to be a manual opportunistic process today. Does not appear to be strong processes in place to confirm that all available licenses that are not being used, are centrally known and available for another user.

5.5.1.2 Recommendations:Define a process to harvest an employee’s software upon offboardingConsider automatically uninstalling software that is not used within a configurable time threshold.

5.5.2 End of Life / DisposalDefinition: End of Life / Disposal occurs when assets eventually the end of their useful lives. Assets then need to be retired and disposed of in a secure, economic and environmentally responsible manner.There are many types of disposal including donation, internal employee sale, recycle, external sale, and etc. Regardless of the disposal type there are many disposal companies that can assist with end of life activities. The key to best practice disposal includes the following

Work with certified disposal agencies Receive disposal documentation that confirms disposal activities Wipe/erase hard-drives prior to disposal Validate disposal activities (don’t just trust agencies – see for yourself)

ServiceNow Support: The ServiceNow platform identifies Disposal details on each asset record. Base elements of disposal include Disposal Reason, Scheduled Retirement, Retired Date, Beneficiary, and Resale Price. Additional elements may be added as needed.

5.5.2.1 Observations: Protective uses US Micro as the disposal company. There is one process for both server and desktop disposal.


IT Asset Management5.5.2.2 Recommendations:

Consider integration to US Micro’s systems so Protective can reconcile what you think is disposed, is actually disposed. Regardless of the decision around whether or not to integrate with US Micro, the process of disposal should be documented.

5.5.3 Regulatory ManagementDefinition: Regulatory management refers to the understanding and implementation of regulatory requirements, either internal and external, associated to organization’s hardware and software assets within the disposition phase. Integration between IT, Legal, security, human resources and other teams within the organization is essential to identifying the associated regulatory requirements. It is critical for the organization to be able to provide documented evidence for fulfilling required regulatory actions.

ServiceNow Support: The ServiceNow platform has a legal hold process and can be integrated into the SAM process for industry specific regulatory requirements. Additional elements may be added as needed.

5.5.3.1 Observations: A legal hold process exists today, both for current employees, and for off-boarded employees.

5.5.3.2 Recommendations:Consider custom ServiceNow integration to more tightly integrate the legal hold process in ServiceNow into Asset Management to enable seamless legal hold functionality.

5.5.4 Data SecurityDefinition: Data security refers to the practice of ensuring the data on organization’s hardware assets within the disposition phase is properly protected. This includes protection of the data through: encryption and/or access control methodologies; certified removal of the data from asset storage devices and/or components (especially hard drives and memory); and even removal of the asset storage devices and/or components (mainly hard drives and memory). Examples of data security best practices include:

• Ensuring all laptops have their hard drives encrypted• Ensuring all assets identified for disposal have they internal hard drives and/or other storage

media properly erased or removed prior to disposal – this includes computers, printers, multi-functional and mobile devices

• Ensuring mobile devices with access to organization information (including email and data) are capable of remote erasing if lost, stolen or otherwise no longer required access to the information.


IT Asset ManagementServiceNow Support: The ServiceNow platform identifies Disposal details on each asset record. Base elements of disposal include Disposal Reason, Scheduled Retirement, Retired Date, Beneficiary, and Resale Price. Additional elements may be added as needed.

5.5.4.1 Observations: Security processes are robust today. Drives are encrypted as per normal organizational process.

5.5.4.2 Recommendations:Document the current data security processes. Consider building or enhancing remote erase capabilities if they don’t exist today, as this piece of the topic was not discussed in the workshop.

5.5.5 ValidationDefinition: Validation is the final step within the disposition phase. This is a critical element – you cannot just trust – you need to validate what was intended to happen actually happened. This includes: ensuring the accuracy of data (status, location and other details) related to the assets within the disposition phase was accordingly updated; ensuring any data on these assets was properly secured (data has been properly removed from hard drives and/or storage devices or those devices destroyed; have been wiped or destroyed. Any activity from a 3rd party related to Disposition should include a Certificate of Disposition (COD) for each and every disposed asset. Vendors should be certified with US Government & ISO Standards of Disposition.Validation also includes the random visit/checks of disposal vendors to ensure the activities promised are the activities performed.

ServiceNow Support: The ServiceNow platform identifies Disposal details on each asset record. Base elements of disposal include Disposal Reason, Scheduled Retirement, Retired Date, Beneficiary, and Resale Price. Additional elements may be added as needed.

5.5.5.1 Observations: Destruction is done on site.

5.5.5.2 Recommendations:Document the current policy/process. One open discussion should be held before progressing into the implementation project: Will Protective need to store certificates in ServiceNow?

5.6 IT Financial ManagementFinancial Management is the process of planning, analyzing, directing, and controlling costs. The goal is to have an accurate account of what an organization is spending in order to maximize resources and control spending.


IT Asset ManagementFinancial Management for IT is one of five components in the ITIL Service Delivery area. It determines the costs of services and provides financial accounting support to ensure expenditures fall within approved plans and those funds are well spent.

The role of Financial Management varies depending upon the view of IT within the company. Some companies view IT as an expense center, some as a profit center, and some as a cost-recovery center. However, in all cases, Financial Management supports the "business" of IT.

Financial Management activities include: Providing oversight of all IT expenditures Ensuring funds are available for planned events Providing detailed financial information for proposed initiatives Influencing the use of IT assets to maximize the return on IT investments through chargeback

systems Tracking current expenditures against the budget

5.6.1 Total Cost of OwnershipDefinition: Total Cost of Ownership, or TCO, is the purchase price of an asset plus the costs of operation. When choosing among alternatives in a purchasing decision, buyers should look not just at an item's short-term price, which is its purchase price, but also at its long-term price, which is its total cost of ownership. The item with the lower total cost of ownership will be the better value in the long run.

The post purchase cost of assets can reach 70% of the Total Cost of an Asset. Understanding these costs is critical to business decision-making.

ServiceNow Support: The ServiceNow Platform contains the Cost Management capability. Cost management tracks configuration item costs. The costs can be allocated to business units and used in reports. Specifically, cost management enables these features:

Using rate cards. Defining configuration item (CI) costs. Tracking one-time costs for CIs. Processing recurring CI costs to generate expense lines. Distributing bulk costs to multiple expense line sources. Tracking costs related to tasks and projects. Aggregating configuration item costs and charging the total cost to a business service or

application Allocating expense lines to business units with flexible allocation rules. Tracking planned and actual budget costs by cost center.

5.6.1.1 Observations: TCO management is handled elsewhere and is out of scope of ServiceNow. The only component required is allocating asset costs from within ServiceNow, to the organizations that use them.


IT Asset Management

5.6.1.2 Recommendations:None noted – asset cost allocation is a clear organizational imperative around this project, and will be a major driver of value for Protective.

5.6.2 Business Service CostingDefinition: The goal of Financial Management is the understanding of costs as they relate to the Business Services provided by the organization.

When tasked with the decision to maintain and/or migrate services, it is critical to understand the true cost of said services. Business Service Costing pulls all of the TCO related to individual assets and relates them to the services the organization provides.

Such activities help organizations plan and optimize for the future.

ServiceNow Support: The ServiceNow platform contains the Service Portfolio Management capability. Service Portfolio Management addresses three core business needs:

The plugin can be used to document the various business services offered using a standardized, structured format. This list of offerings can be offered to the user base in a consumer-friendly catalog.

Once services are defined, the system will start automatically tracking performance against defined availability commitments. If outages are reported, the platform handles availability tracking.

Once service offerings are documented and performance is being tracked, the information can be relayed in real-time performance gauges available to end-users.

When implemented with the Cost Management capability ServiceNow can track Business Service costs with their related configuration items.

ServiceNow supports a related hierarchy to identify the complete view of a business service and its related components such as applications, application instances, databases, servers, virtual servers, and etc. A typical hierarchy may appear as follows:


IT Asset Management

5.6.2.1 Observations: Currently, the linkage of business services to major software pieces that have cost is not defined for Protective.

5.6.2.2 Recommendations:The definition of Business Services can be tricky/non-obvious for some organizations. We recommend a rationalization effort to confirm if any business services overlap or are no longer required, given Protective has so many (~500 in Production) due to corporate acquisitions.Fully implement CMDB and CI relationships, to the business service level, to provide full end-to-end visibility into the components that support each business service.

5.6.3 Budgeting / ForecastingDefinition: Budgeting enables an organization to plan future IT expenditure, thus reducing the risk of over-spending and ensuring the revenues are available to cover the predicted spend. Additionally it allows an organization to compare actual costs with previously predicted costs in order to improve the reliability of budgeting predictions.



application Allocating expense lines to business units with flexible allocation rules.


IT Asset Management Tracking planned and actual budget costs by cost center.

5.6.3.1 Observations: ServiceNow will simply enable the budgeting process, but this will largely take place in another system.

5.6.3.2 Recommendations:During the implementation project, focus on building reporting that is clean and minimizes the amount of work required to prepare, so the overall Budgeting process can be as clean as possible as well.

5.6.4 DepreciationDefinition: For accounting purposes, depreciation indicates how much of an asset's value has been used up. For tax purposes, businesses can deduct the cost of the tangible assets they purchase as business expenses; however, businesses must depreciate these assets in accordance with IRS rules about how and when the deduction may be taken based on what the asset is and how long it will last.

ServiceNow Support: The ServiceNow Platform can identify and manage depreciation in support of IT Finance.

The base instance includes the Financial Management application menu with several modules including Depreciation, Fixed Assets, Expense Lines, and Cost Centers.

ServiceNow can calculate depreciation for a fixed asset using a choice of depreciation schedules. This can help IT coordinate with the corporate fixed asset system to report correct valuation and book value

5.6.4.1 Observations: Not in scope of the implementation, as this function will continue to occur in another system even after Asset Management is implemented

5.6.4.2 Recommendations:None noted – out of scope.

5.6.5 Cost Allocation / ChargebackDefinition: Understanding how and why IT customers use services is critical to service planning as well as effectively managing costs and optimizing resources for business needs. IT managers are responsible for costly and complex assets of the company; they need to know how IT resources are


IT Asset Managementutilized. They increasingly need to be able to provide reports to non-technical managers, to continually align IT resources with business activity.

It is essential to have an understanding of IT resource usage when allocating scarce IT resources and talking too managers and internal users. Using IT chargeback is the best way to change end user behavior.

In addition to being perceived as fair and accurate, a chargeback system also helps optimize IT investment utilization. An analogy is the electricity company that charges more during peak usage in order to spread the load more evenly during the day, thus utilizing the electrical grid system better.



application Allocating expense lines to business units with flexible allocation rules. Tracking planned and actual budget costs by cost center.

Expenses can be allocated to a business entity that is responsible for the expense. This is not considered charge-back or billing but could be used as a source for billing. The primary purpose of expense allocation is to represent the consumer of the process that has incurred some expense. This can be accomplished by defining expense allocation rules.

5.6.5.1 Observations: Desktop and phone allocated by userOthers are allocated via used by business service

5.6.5.2 Recommendations:Continue to drive cost allocation as the organizational imperative it appears to be. No other recommendations noted.


IT Asset Management6 ServiceNow Configuration RequirementsThe following identifies foundational configuration elements for the implementation of IT Asset Management within ServiceNow.

6.1 ServiceNow PluginsPlugins provide additional optional functionality that administrators can activate within a ServiceNow instance. Refer to this URL for additional plugins available and more in-depth information about each plugin https://wiki.servicenow.com/index.php?title=List_of_Plugins

The following Plugins are recommended for consideration within the Protective LifePL instance of ServiceNow in support of IT Asset Management:

Name DescriptionExtended CMDB Adds additional 144 tables (including Personal Computer) for

use within the CMDB.Field Normalization Adds capability to normalize field values.My Assets My Assets plugin provides users with self-service access to

their own assets, contracts, and requests.Procurement Procurement managers can use the Procurement application

to create purchase orders and to obtain items for fulfilling service catalog requests. Procurement offers the ability to:

• Track service catalog requests• Create and manage purchase orders• Create and manage transfer orders• Receive assets

Software Asset Management Provides the capability to do software asset management, includes reconciliation of entitlements to license including those for named users, workstation, and enterprise software agreements.NOTE: this plugin should be reinstalled after a change to or addition of a discovery tool.

6.2 Model / Class (Product Catalog)The ServiceNow Product Catalog is critical to the implementation of Asset Management and related lifecycle elements within the ServiceNow platform.

The product catalog is a set of information about individual Models. Models are specific versions or various configurations of an asset. Models published to the product catalog are automatically published to the service catalog. The service catalog includes information about goods (models) and services. A model may be listed more than once if the model is available from multiple vendors.

Keep the following in mind when working with product catalog: A product catalog item can be linked to multiple vendor catalog items or a single model. A model can only have one product catalog item. A vendor catalog item can only have a single product catalog item.


https://wiki.servicenow.com/index.php?title=List_of_Plugins

IT Asset ManagementAsset managers use the product catalog as a centralized repository for model information. A detailed and well-maintained product catalog can coordinate with service catalog, asset, procurement, request, contract, and vendor information.

The following depicts the basic ServiceNow model-class-asset relationships:

6.3 ModelsModels are specific versions or various configurations of an asset. Models are used for managing and tracking assets through various ServiceNow asset applications, including Product Catalog, Asset Management, Software Asset Management, CMDB, and Procurement. Model definitions can be based on vendor-provided criteria (for example, the manufacturer name Apple MacBook Pro) or a custom abstraction (for example, Graphic Designer Workstation).

A model can be in one or more model categories. For example, a laptop can be a computer and a server. Model definitions specify whether the model creates an asset, a configuration item, or both. On a hardware model record, compatible hardware models can be added.


IT Asset ManagementFor details on creating a new Model please visit the ServiceNow Wiki at Creating New ServiceNow Models.

The Display Name of a model is a combination of data attributes; Manufacturer and Model Name. Thus for the creation of a Model these two data elements should be required for consistency in the naming convention.

Consumables are assets that are not tracked individually, but as a group of the same model with one or more of the following traits:

Same location Same state Consumed by the same asset (typically as accessories or parts) Common consumable assets are computer mice and computer keyboards.

Consumables follow a slightly different life cycle than other assets.

6.4 Asset ClassThe default asset classes are Hardware, Software License, and Consumable. These general classes can be used to manage a variety of assets. If the general classes are not appropriate for a specific group of assets, consider creating a new asset class. For example, a fleet of cars could be tracked in a custom asset class named Vehicle. Before creating new asset classes, analyze business needs to see if the general classes can be used. A large number of asset classes can be difficult to maintain.

Built-in functionality allows you to use asset classes: for financial tracking in a model bundle as a pre-allocated asset

It is recommended that Protective LifePL utilize the default asset classes within ServiceNow.

6.5 Configuration Item Class (Model Category)

Model categories are defined groups of assets, consumables, product bundles, and configuration items. For example, create separate model categories for printers, servers, software, and computers. Using the categories, you can control what each category creates when a model associated with the category is selected. The categories also define the relationship between a CI class and an asset class. A model category can be related to many models and a model can be related to many model categories. For example, a specific model of a computer can be a computer and a server.

Protective LifePL will need to compare existing Categories with recommendations noted below

SN Product Category Asset CI SN NotesAccessory alm_hardware cmdb_ci_acc Please Review


http://wiki.servicenow.com/index.php?title=Creating_New_Models

http://wiki.servicenow.com/index.php?title=Creating_New_Models

IT Asset ManagementBusiness Service cmdb_ci_serviceCircuit cmdb_ci_circuit

Communication Device alm_hardware cmdb_ci_commCommunications Device - currently being used for Telecom Network Devices

Communication Device alm_hardware cmdb_ci_commComputer Peripheral alm_hardware cmdb_ci_peripheral review sub categories and rationalizeESX Server alm_hardware cmdb_ci_esx_server

Generator alm_hardware u_generator

Group with Datacenter, Consider table name that aligns with standard (u_cmdb_ci_)

IP Router alm_hardware cmdb_ci_ip_routerIP Switch alm_hardware cmdb_ci_ip_switchLinux Server alm_hardware cmdb_ci_linux_server

Panel alm_hardware u_panelConsider table name that aligns with standard (u_cmdb_ci_)

PDU alm_hardware cmdb_ci_pduPersonal Computer alm_hardware cmdb_ci_pc_hardware change to Personal ComputerPrinter alm_hardware cmdb_ci_printerRack alm_hardware cmdb_ci_rackServer Chassis alm_hardware cmdb_ci_chassis_serverUPS alm_hardware cmdb_ci_ups

6.6 Asset and Configuration Item StatusServiceNow tracks the Lifecycle State and Configuration Status of Assets. An Asset record will display an Asset State where a Configuration Item (CI) will display a Status.

Asset states and corresponding substates can be used to accurately track assets at a detailed level. Good asset information helps with reporting, controlling assets, and lowering costs. For example, accurately recording missing items using the Missing state and the Lost and Stolen substates enable you to run reports and analyze the information in order to lower costs.

The Status fields on the two forms, asset and configuration item, are synchronized so that status changes made on one form trigger the same status update on the corresponding form, ensuring consistent reporting. (As a best practice, ServiceNow, Inc. recommends updating status on the asset form.) All state fields are synchronized as well. State fields are mapped to their most logical counterpart on the other table. For example, for a hardware asset set to state In Stock - Pending disposal, the corresponding CI is set to In Disposition with no substate.

6.7 Asset States (install_status)The following states and substates are default for ServiceNow. It is recommended that Protective LifePL utilizes these default states and substates and merges their existing states and substates to align with the defaults as best as possible.


IT Asset Management

State Available Substates Notes

On order None Asset has been ordered but not received.

In stock Available, Reserved, Defective, Pending repair, Pending install, Pending disposal, Pending transfer, Pre-allocated

Asset is stored in a stockroom. Substate indicates if it is possible or recommended to put the asset into use.

In transit Available, Reserved, Defective, Pending install, Pending disposal, Pre-allocated

In use None Available only for non-consumables.

Consumed None Available only for consumables.

In maintenance None Asset is being repaired or undergoing maintenance.

Retired Disposed, Sold, Donated, Vendor credit

Setting an asset to a Retired state is recommended for asset end of life. Only delete asset records that were created erroneously.

Missing Lost, Stolen

6.8 CI Statuses (install_status)The following status and substatus are default for ServiceNow. It is recommended that Protective LifePL utilizes these default statuses and substatuses and merges their existing status and substatuses to align with the defaults as best as possible.

CI-Install status Available CI SubStatusIn Stock AvailableIn Stock ReservedPending Repair blankPending install blankIn Stock blankPending Repair RepairablePending install ReservedIn Stock Disposable


IT Asset ManagementIn Stock Pre-allocatedInstalled In useIn maintenance blankRetired blankRetired ScrappedRetired SoldRetired DonatedRetired CreditAbsent blankAbsent LostStolen blank

6.9 Asset & CI State/Status SynchronizationThe Status fields on the two forms (Asset and CI) are synchronized so that status changes made on one form trigger the same status update on the corresponding form, ensuring consistent reporting. (As a best practice, ServiceNow, Inc. recommends updating status on the asset form.) All state fields are synchronized as well. State fields are mapped to their most logical counterpart on the other table. For example, for a hardware asset set to state In Stock - Pending disposal, the corresponding CI is set to In Stock with no substate.

Below are the synchronization mappings from Asset to CI State/Status:

Asset State Asset substateCI-Install status

On order NoneIn Stock Available In StockIn Stock Reserved In StockIn Stock Defective Pending RepairIn Stock Pending repair Pending RepairIn Stock Pending install Pending installIn Stock Pending disposal In StockIn Stock Pending transfer In StockIn Stock Pre-allocated In StockIn transit None In StockIn transit Available In StockIn transit Reserved In StockIn transit Defective Pending RepairIn transit Pending install Pending installIn transit Pending disposal In StockIn transit Pre-allocated In StockIn use None InstalledIn maintenance None In maintenanceRetired None RetiredRetired Disposed RetiredRetired Sold RetiredRetired Donated RetiredRetired Vendor Credit RetiredMissing None AbsentMissing Lost AbsentMissing Stolen Stolen


IT Asset Management6.10 Naming Conventions & Data NormalizationNaming conventions are important for the normalization of data within the ServiceNow platform. Often naming conventions are not enough and additional assistance is needed to help normalize data. The following are best practices and recommendations for the normalization of data and naming conventions.

6.11 Naming ConventionsThe following are best practices as they relate to naming conventions related to IT Asset Management in ServiceNow.

Protective LifePL will need to compare existing naming conventions with best practices noted below

Hardware Models:Hardware Model Display Name is a combination of the Manufacturer Name and the Model Name. For example if a Model has a manufacturer of Dell and a Model Name of Optiplex 760 then the Display Name for the Hardware Model record will be Dell Optiplex 760.

ServiceNow, by default, will utilize the Hardware Model Display Name when referencing Assets, CI’s, Catalog Items, and Contracts. Thus retention of the ServiceNow naming convention for Hardware Models is important.

Software Models:Software Model Display Name is a combination of the Manufacturer Name, Model Name, and Version. For example if a Model has a manufacturer of Adobe, a Model Name of Acrobat Pro, and a Version of 9 then the Display Name for the Software Model record will be “Adobe Acrobat Pro 9”.

ServiceNow, by default, will utilize the Software Model Display Name when referencing Software Licenses, Software Counters, Catalog Items, and Contracts. Thus retention of the ServiceNow naming convention for Software Models is important.

Asset Record:Asset records Display Name is a combination of the Asset Tag and the Model ID (Display Name). For example if an Asset record had an Asset Tag of C67893 and a Model ID (Display Name) of Dell Inc. XPS 14z then the Asset record Display Name would be “C67893 - Dell Inc. XPS 14z”.

6.12 Data Normalization

Field Normalization includes two features: normalization and transformation.

Normalization forces the ServiceNow platform to convert different forms of the same field value to a single, accepted value automatically. By forcing a field to use a simple, recognizable description for multiple variations of the same thing, normalization can eliminate duplicate records and make searches easier. In addition to reconciling different forms of the same value in fields, normalization can be configured to adjust queries automatically to return normalized results.


IT Asset Management

Transformation enables an administrator to transform raw field input into standardized values that are more meaningful to an organization. An example of a standardized value might be to round RAM size in configuration items to a whole number, such as 4000 MB instead of 4112 MB. Transformations are controlled by parameters and conditions and can be configured to return transformed values in queries.

6.13 IntegrationsServiceNow integrates with many third party applications and data sources. Two types of integrations are listed:

Base system integrations use ServiceNow plugins and include CMDB, Change Management, Incident Management, Problem Management, Single Sign-on, and User Administration.

Custom integrations are implemented through your ServiceNow Professional Services Consultant

The ServiceNow platform is based on service-oriented architecture (SOA), in which all data objects can use web services to access bi-directional data-level integration. The interface is also direct and dynamic because all modifications to existing objects and all new objects are automatically published as a Direct Web Service. A more indirect web service creation and usage can be achieved through Mapped Web Service where a transform map is used to gather incoming web service data into the final tables. Finally, an advanced Scripted Web Service technique is available for defining process-based web services, where data is irrelevant, but serves more as a trigger for a process or a composite of actions that execute at the server.

Additionally the platform offers a rich interface for loading external data using import sets. Using this feature, you can load from various data sources such as HTTPS, FTPS, and SCP using file formats such as XML, CSV, and Microsoft Excel XLS files. Information can also be pulled from a data source using a direct JDBC connection, provided the network connectivity allows.

Information can be pulled from the platform to an external platform using an ODBC Driver.Forms, lists, and reports on the platform can be accessed directly using a URL, which facilitates integration on the UI level between two or more web applications.

6.14 MID ServerProtective LifePL may require a MID Server for Asset data integrations. The Management, Instrumentation, and Discovery (MID) Server is a Java server that runs as a Windows service or UNIX daemon. The MID Server facilitates communication and movement of data between the ServiceNow platform and external applications, data sources, and services.

6.15 Web ServicesHTTP-based Web Services allow diverse applications to talk to each other. ServiceNow supports both inbound (provider) and outbound web service consumer services. Protective LifePL will utilize Web Services to communicate with some integration points.


IT Asset Management

Web Service Data Format Types - The following standard data format types are supported by ServiceNow via the HTTP protocol:

SOAP - http://en.wikipedia.org/wiki/SOAP JSON - http://json.org/ CSV - http://en.wikipedia.org/wiki/Comma-separated_values EXCEL - http://en.wikipedia.org/wiki/Microsoft_Excel_file_format#File_formats XML - http://en.wikipedia.org/wiki/XML PDF - http://en.wikipedia.org/wiki/Portable_Document_Format


IT Asset Management7 SERVICENOW IMPLEMENTATION

ServiceNow recognizes the complex nature of IT Asset Management and the need for a successful implementation of technology in support of ITAM processes. Based on industry standards, best practices, and real-world experience the Implementation of ServiceNow follows a methodology that combines organizational goals with practical reality.

7.1 Implementation MethodologyServiceNow follows the International Standards Organization (ISO) recommendations for tiered implementation of best-in-class IT Asset and Software Asset Management environments.

Tier 1Good data is a prerequisite for good ITAM & SAM. A common management observation that applies here is that “you cannot manage what you do not know”. This tier also provides the basis for demonstrating inventory management and license compliance, which is typically a high priority management objective.

Tier 2In practice, practical management begins after the organization has recognized the issues resulting from not having trustworthy data. The organization recognizes the extent of the risks it faces as well as opportunities for improvement and savings. This tier includes targeting and delivering “quick wins” made obvious by tier 1.

Tier 3Building on the foundation of the previous two tiers, this tier drives the integration of ITAM & SAM into operational ITSM processes. The result is improved efficiency and effectiveness.

Tier 4This tier addresses the more advanced and demanding aspects of full ITAM & SAM, including its full integration into strategic planning for the organization including but not limited to Business Service Management and Financial Management.


IT Asset Management

Implementation Tier with The ServiceNow Asset Management Methodology

The ISO Implementation tiers relate to the Towers within the ServiceNow Asset Management Best Practices Methodology. Based on the Asset Management activities being performed and/or implemented within an organization a current capability and an implementation roadmap may be identified.

Tier 0 Governance:Before implementation of Asset Management activities, organizations should address best practices related to Governance as outlined in the ServiceNow Asset Management Methodology. The critical foundational elements include Policy with Roles & Responsibilities, Processes, and Education/Training.

Tier 1 Trustworthy Data:Good data is a prerequisite for good ITAM & SAM. A common management observation that applies here is that “you cannot manage what you do not know”. This tier also provides the basis for demonstrating inventory management, reporting, and license compliance. Technology requirements include an Asset Repository with effective and usable data (Models, Assets, Configuration items) that can be readily transformed into knowledge.

Tier 2 Practical Management:The focus of Tier 2 efforts within the ServiceNow Asset Methodology is specific to Fulfillment and Auditing. An organization should have Discovery, Contract Management, and Software Compliance. Technology requirements include hardware/software discovery, software purchase record repository, contract terms & conditions repository, and warranty/maintenance attributes.


IT Asset ManagementTier 3 Operational Integration:The integration of the ITAM Lifecycle throughout the organization including ITSM is critical for efficiency and effectiveness. Identifying and managing the “use” of assets in the field helps to locate opportunities for optimization. Technology requirements include Service Catalog, Procurement, and Vendor Management.

This tier also provides the bases for demonstrating Financial Management within Tier 4.

Tier 4 Strategic Conformance:Tier 4 addresses the more advanced and demanding aspects of full ITAM. Elements of Tier 4 include full integration into strategic planning for the organization including but not limited to Business Service Management and Financial Management. Technology requirements include Financial Management, Costing (rate cards), Contract Financials, and CMDB Relationships.

Planning for Implementation:The Tiered approach is best implemented using the following phased activities:

Note: While each Phase builds on one another, the prior Phase does not have to be completed before the next Phase begins.


IT Asset Management[7.2] Protective LifePL Current Capability SummaryThe following is a summary of finding related to an appraisal of current capability in the performance of IT Asset Management. This assessment is based on 2 days of onsite effort and a review of best practices with the Protective LifePL team. Specific observations can be found in Section 5 of this document.

Capability Score: The total capability scoring for Protective LifePL is a 1.8 out of 4 (24/50). This score is a bit under 50% due to some key Activity items in Tier 0 and Tier 1 that must be accomplished and therefore more weighted. Overall, impressive for the organization as a whole and on the right path for future successes.

The following are Capability recommendations for Protective LifePL:

I made an attempt to be fair in the scoring. While it is true that you have control over the processes that underlay the data for analysis, by not having documented procedures and an automated way for various ITIL staff to be able to gather that data in a coherent and expedited manner, the scores were skewed in a way that great efforts should be made to review ALL of the activities for not only improvements but integrations where the work has already been done in definition but needs publishing and adherence to compliance for the organization.

7.2[7.3] Tier 0 Governance Capability

Unperformed (4/10) - The Protective LifePL organization has performed 4 of 10 activities within Tier 0 Governance. It is recommended that Protective LifePL establish and assign Roles & Responsibilities for ITAM activities. The assignment of roles and responsibility will enable Protective LifePL to move forward with recommended best practices.

Tier 0 Activity PerformedCentralized Asset Use Policies YesShared Asset Processes YesShared Asset Procedures NoProcesses Reviewed for Intended Outcome YesStandard Process/Procedure Format NoIndustry Training in ITAM NoLocal User Group Participation YesEnd User Training on Asset Policies & Procedures NoEstablished KPI's for IT Asset Lifecycle Management NoRoles & Responsibilities identified for ITAM Activities No

7.3[7.4] Tier 1 Trustworthy Data


IT Asset ManagementUnperformed (5/10) - The Protective LifePL organization has performed 5 of 10 activities within Tier 1 Trustworthy Data. It is recommended that Protective LifePL establish an enterprise wide capability for discovering and validating IT Assets in a manner that ensures visibility throughout the Enterprise.

Tier 1 Activity PerformedCentralized Repository for Assets (including financial/contractual data) NoStandardized Hardware & Software Models YesCentralized Inventory Management YesCentralized ITAM Reporting NoInternal Enterprise-wide Discovery YesVisibility of all Asset Across the Organization NoAcquisition Details of All Assets YesStatus/State of All Assets NoEstablished KPI's for Data Accuracy NoAutomation of Data Population Yes

7.4[7.5] Tier 2 Practical Management

Unperformed (5/10) - The Protective LifePL organization has performed 5 of 10 activities within Tier 2 Practical Management. It is recommended that Protective LifePL focus on Software Asset Management capabilities through automation and compliance views.

Tier 2 Activity PerformedValidated Discovery of PC Software Throughout the Enterprise NoValidated Discovery of Datacenter Software Throughout the Enterprise YesSoftware Catalog NoContract Repository YesContract Terms & Conditions Repository YesContract Lease/Warranty/Services Dates Recorded YesContracts Related to Assets and/or Configuration Items NoCentralized Software Purchase Record Repository (Entitlements) YesCentralized Software Compliance View NoEstablished KPI's for Software Compliance No

7.5[7.6] Tier 3 Operational Integration

Unperformed (5/10) - The Protective LifePL organization has performed 5 of 10 activities within Tier 3 Operational Integration. It is recommended that Protective LifePL establish integration between the Asset Repository and Lifecycle Management Elements – Catalog, Purchasing, and CMDB.

Tier 3 Activity PerformedCMDB No


IT Asset ManagementCI to CI Relationships NoIncident/Problem Reporting for Vendor Management YesCentralized Service Catalog YesCentralized Purchasing YesIntegrated Service Catalog to Purchasing NoIntegrated Service Catalog to Asset Repository NoIntegrated Purchasing and Asset Repository YesIntegrated Asset Repository and CMDB NoEstablished KPI's for Asset Purchasing Yes

7.6[7.7] Tier 4 Strategic Conformance

Unperformed (5/10) - The Protective LifePL organization has performed 5 of 10 activities within Tier 4 Strategic Conformance. It is recommended that Protective LifePL establish Tiers 0-2 before full implementation efforts related to Tier 4.

Tier 4 Activity PerformedBusiness Service Mapping in CMDB NoFinancial Costing for Configurations YesRate Cards for Services YesRate Cards for Contracts YesRate Cards for Activities YesIntegrated Total Cost of Ownership Reporting NoIntegrated Budgeting/Forecasting Reporting YesDepreciation Management NoChargeback/Showback NoEstablished KPI's for Financial Management of Assets No


IT Asset Management

7.7[7.8] Implementation RoadmapThe following implementation roadmap has been assembled for the successful implementation of Asset Management Processes and Technology. This roadmap is provided based on the current capability of Protective LifePL (Section 7.2) as well as the goals of the organization. This roadmap is a practical implementation recommendation based on best practices and experiences.

7.8[7.9] Roadmap OverviewThe primary goal of the Asset Workshop was to identify opportunities to establish and utilize best practices for Asset Management. ServiceNow utilizes the workshop to identify the current capability of Protective LifePL in support of recommendations for implementation.

The effort of implementing Asset Management with any organization carries a delicate balance between process and technology. The industry identifies that a successful Asset Management capability is based on 80% Process and 20% Technology.

7.9[7.10] Process RoadmapThe Process Roadmap is assembled based on the Best Practices of Asset Management (Section 4) and the Capability Summary (Section 7.2).


Process Technology

Capacity Management

Demand Management

Software Asset Management

Hardware Asset Management

Policies

Shared Processes & Procedures

Education & Training

Roles & Responsibilities

IT Asset ManagementProcess Elements - The following elements are needed for the performance of IT Asset Lifecycle Management as they are related to the ISO Implementation Tiers.

o Governanceo Active Asset Managemento Fulfillment

o Auditingo Dispositiono Financial Management

Capability - The Capability results (Section 6.2) for Protective LifePL are as follows:

Tier / Activity ScoreTier 0 – Governance 0.4Tier 1 – Trustworthy Data 0.5Tier 2 – Practical Management 0.5Tier 3 – Operational Integration 0.5Tier 4 – Strategic Conformance 0.5

Total Capability Score (out of 4.0) 1.8

Process Roadmap Implementation Recommendation – 4 PhasesIt is recommended that Protective LifePL focus on the following elements as a roadmap to Asset Management Best Practices:

o Phase 1 – Tier 0 & Tier 1 in support of Asset Management Implementationso Phase 2 – Tier 2 after Phase 1 and in support of Software Asset Management

Implementationso Phase 3 – Tier 3 after Phase 1 and in support of Service Catalog and Optimized Configuration

Managemento Phase 4 – Tier 4 after efforts of Phases 1-3

7.10[7.11] Technology Roadmap


IT Asset ManagementThe Technology Roadmap is assembled based on the Best Practices of Asset Management (Section 4). Practical experience has identified the need for a prescriptive and phased approach for Asset Management. This roadmap is intended as a guide for Protective LifePL.

Technology Elements & Restrictions:The following elements are needed for the performance of IT Asset Lifecycle within ServiceNow:

o Service Catalogo Asset Managemento Software Asset Management

o Extended CMDBo Financial Management (with Cost

Management)

ID Element Restrictions

1 Service CatalogService Catalog will require the use/management of Models for standard assets (hardware/software). Additionally, Service Catalog will require workflow from the Request & Acquisition process.

2 Asset ManagementUse/management of Models for standard assets is needed. Asset details are required in order to uniquely track and relate provisioned assets.

3 Software Asset Management Discovery is required for Software Asset Management performance.

4 Extended CMDB

Capacity & Financial Management is dependent upon a fully built out CMDB. The current CMDB does not have a complete picture of the environment. Additionally, best practice follows the lifecycle creation of records where an Asset exists BEFORE the creation of a Configuration Item. The CMDB needs all relationships completed from CI to CI to Services.


RequisitionProvisioningAutomated WorkflowModel Management

1. SN Service Catalog

Model ManagementAsset RepositoryCostingContract Ts&Cs

2. SN Asset Repository Software Entitlements

Enterprise DiscoverySoftware Counters (Compliance)

3. SN Software Asset Management

ConfigurationsCI to CI RelationshipsApplication/Service Chunking

4. SN CMDBTotal Cost of OwnershipBusiness Service CostingExpense AllocationsBudgetsChargeback/Showback

5. SN Financial Management

IT Asset Management

5 Financial Management

Performance of Financial Management requires the fully built Service Catalog, Asset Management, Software Asset Management, and Extended CMDB environment.

Technology Roadmap RisksThe implementation of Asset Management within Protective LifePL carries risks. Some of those risks are listed below:

The large number of non-persistent desktops and high level of application virtualization will need to be reviewed closely during the implementation timeframe

The split of financial capabilities between ServiceNow and other tools is conceptually easy to understand, but will need to be mapped to ServiceNow functionality to confirm the proper way to build this split into the system, to enable cost allocation through ServiceNow but not other financial functionality

Technology Roadmap Implementation Recommendation – 4 PhasesThe Asset Management Roadmap enables the performance of IT Asset Management in a phased approach. The implementation phases allow for rapid returns on effort without the monumental effort and expense.

It is recommended that the 5 technology elements of Asset Management be implemented in the following phases:

o Phase 1 – Trustworthy Data: Asset Repository and CMDB optimizationo Phase 2 – Practical Management: Full IT Asset Management with Software Asset

Managemento Phase 3 – Operational integration: Integrated Service Catalog with models for lifecycle

managemento Phase 4 – Financial Management


7.10.1[7.11.1] ServiceNow Asset Management Technology Implementation PhasesThe following details are provided in support of the recommended Technology Roadmap. The Implementation details are created to help scope and document the stories needed for implementation activities.

Note: These sections will be discussed for future planning as the SACM components are further planned for all of the following sections in this topic.

7.10.1.1[7.11.1.1] Phase 1 ServiceNow Asset Management Launch – Trustworthy DataPhase 1 of the ServiceNow IT Asset Management Launch within Protective LifePL will focus on baseline configurations with data accuracy. A baseline configuration utilizes OOTB data elements and capabilities of ServiceNow, which allows for a rapid start to implementation efforts.

7.10.1.1.1[7.11.1.1.1] ScopeThe recommended Scope of Phase 1 includes a primary focus on Trustworthy Data with the following activities:

Asset Repository build Core CMDB build (including integration to 3rd party discovery tools)

7.10.1.1.2[7.11.1.1.2] ServiceNow Plugin Activation (For Stories)Pending detailed requirements discussions, the following plugins are recommended in support of Phase 1:

Extended CMDB Field Normalization

7.10.1.1.3[7.11.1.1.3] ServiceNow Configurations (For Stories)In support of a rapid implementation, ServiceNow recommends the use of default configurations for IT Asset Management including OOTB data attributes. After the launch of Phase 1 and the resulting trust in the provided asset data then activities may begin to optimize the ServiceNow environment as desired.

The following configurations are recommended within Phase 1: Manufacturer Data Normalization Hardware/Software Model Name Data Normalization Data Certification on critical Asset data element such as “Assigned To” Class & Model Category Mapping Status

7.10.1.1.4[7.11.1.1.4] Data MappingDetailed data mappings within ServiceNow from Protective LifePL will be discuss at a future date. These mappings will be created with the input and guidance of Protective LifePL during the onsite implementation workshop and subsequent discussions.

[7.11.1.1.5] Protective LifePL ActivityThe following areas have been identified as key requirements for Protective LifePL and require a critical focus on trustworthy data in Phase 1. It will be imperative to assemble appropriate asset details prior to and during launch activity. The use of discovery technology as a primary source of truth for Asset data will expedite data onboarding and improve data accuracy.

The following are recommended Data Activities: Rationalize discovery data – review asset discovery sources and consolidate where

possible. Data overlap can create data integrity issues when multiple sources of truth are creating/updating Asset records.

Gather/Validate Critical Data Elements – Implementation of IT Asset Management will need information related to Locations, Users, Departments, Cost Centers, Company, Manufacturers, and Vendors. If these details are part of data integration efforts then a data sampling will be needed to validate prior to integration completion. For Software Asset Management data will be required related to base/starter Software License purchase record details.

MID Server Implementation – A MID Server is required for many integrations. Class Mapping - Final mapping of Class structure for Model Categories. Model Data Onboarding – With so many IT Asset Management elements reliant on Model

Data it will be crucial to have this data organized at kickoff so implementation can occur shortly after.

Field Normalization – may be performed with Model Data Onboarding as normalization often begins with Manufacturer and Model normalization.

Integration Activity – After Model Data Onboarding is complete then integration to discovery (sources of truth) may be performed. Rationalization should be completed prior to implementation activities. Integration may create asset records that are not already seen within the ServiceNow environment. Allowing discovery/integration technology to create records facilitates a quicker phase launch as well as utilizing a source of truth.

Hardware Data Onboarding – After integration Activity is complete then additional, non discoverable, data elements can be loaded for each Asset/CI

Data Certification – After hardware data is fully loaded then Data Certification configuration can occur.

Process Testing & Validation – After hardware data is fully loaded then process testing may begin.

7.10.1.1.5[7.11.1.1.6] Integrations Activity (For Stories)Protective LifePL will integrate ServiceNow Asset Management with multiple points. Two types of integrations are listed:

Base system integrations use ServiceNow plugins and include CMDB, Change Management, Incident Management, Problem Management, Single Sign-on, and User Administration.

Process Guide Page 78 of 120

Custom integrations are implemented through your ServiceNow Professional Services Consultant

7.10.1.1.6[7.11.1.1.7] Required Foundation Data Elements (For Stories)The following Foundation Data Elements are required in the management of Asset Data within ServiceNow including Status, Cost Center, Company, and Location:

Model Categories – ServiceNow recommends utilizing the detailed Product Category mappings provided by ServiceNow and embedded in section 6.5.

Update the table below as needed during the planning stages for implementationSN Product Category Asset CI SN NotesAccessory alm_hardware cmdb_ci_acc

Business Service cmdb_ci_serviceCircuit cmdb_ci_circuit

Communication Device alm_hardware cmdb_ci_commCommunications Device - currently being used for Telecom Network Devices

Communication Device alm_hardware cmdb_ci_commComputer Peripheral alm_hardware cmdb_ci_peripheral review sub categories and rationalizeESX Server alm_hardware cmdb_ci_esx_server

Generator alm_hardware u_generator

Group with DataCenter, Consider table name that aligns with standard (u_cmdb_ci_)

IP Router alm_hardware cmdb_ci_ip_routerIP Switch alm_hardware cmdb_ci_ip_switchLinux Server alm_hardware cmdb_ci_linux_server

Panel alm_hardware u_panelConsider table name that aligns with standard (u_cmdb_ci_)

PDU alm_hardware cmdb_ci_pduPersonal Computer alm_hardware cmdb_ci_pc_hardware change to Personal ComputerPrinter alm_hardware cmdb_ci_printerRack alm_hardware cmdb_ci_rackServer Chassis alm_hardware cmdb_ci_chassis_serverUPS alm_hardware cmdb_ci_ups

Asset State & Sub-State – ServiceNow recommends utilizing the Asset Lifecycle States provided by ServiceNow and documented below.

State Available Substates Notes

On order None Asset has been ordered but not received.


In stock Available, Reserved, Defective, Pending repair, Pending install, Pending disposal, Pending transfer, Pre-allocated

Asset is stored in a stockroom. Substate indicates if it is possible or recommended to put the asset into use.

In transit Available, Reserved, Defective, Pending install, Pending disposal, Pre-allocated

In use None Available only for non-consumables.

Consumed None Available only for consumables.

In maintenance None Asset is being repaired or undergoing maintenance.

Retired Disposed, Sold, Donated, Vendor credit Setting an asset to a Retired state is recommended for asset end of life. Only delete asset records that were created erroneously.

Missing Lost, Stolen

CI Status – ServiceNow recommends utilizing the CI Lifecycle Status OOTB as documented below.CI-Install status Available CI SubStatusIn Stock AvailableIn Stock ReservedPending Repair blankPending install blankIn Stock blankPending Repair RepairablePending install ReservedIn Stock DisposableIn Stock Pre-allocatedInstalled In useIn maintenance blankRetired blankRetired ScrappedRetired SoldRetired DonatedRetired CreditAbsent blankAbsent LostStolen blank

Cost Center – Cost Center will be utilized as the primary Cost Center attribute. Final validated data is needed from Protective LifePL for the population of the Cost Center table within ServiceNow. The following is recommended for implementation:

SN Attribute SN NotesName Populate names of Cost Centers (currently just codes)


Code Cost Center Code

Protective LifePL to provide Cost Center Data during implementation project

Company & Department – Identifying the organizational structure through the use of the Company & Department attributes is critical for IT Asset Management. ServiceNow recommends a hierarchy to identify the institutional structure with the associated BU’s.

Protective LifePL to provide Company Hierarchy Data during implementation project

Location – Location data is critical for accurately identifying the physical location of assets. This data is needed to for both ITAM and ITSM. Unlike HR related data that identifies location for People, Asset needs to identify locations of IT Assets including those found in Data Centers, IT Closets, Stockrooms, and etc. The following is recommended for implementation:

Validate all the non-user related locations (current locations based on facilities records)

Protective LifePL to provide Location Hierarchy Data during implementation project

7.10.1.1.7[7.11.1.1.8] Roles and ActivitiesProtective LifePL will need to identify who will be responsible for IT Asset Management and related activities. As stated in Section 5.1.2, it is recommended that an Asset Center of Excellence team be created for the management and oversight of Enterprise Asset Activities with localization of enterprise processes.

The following Activities should be validated and mapped to Asset Management Roles within Protective LifePL.

ActivitiesProcess Planning and RequestProduce Asset Management PlanDefine what's in scope (Models. etc.)Determine selection guidelinesPerform AuditBaseline Asset and CMDBProcurementManage VendorsAdd/Remove new vendorsAdd/Remove new ModelsEvaluate appropriate attributesStockroom / ReceivingReceive new asset


Input asset Tag onto new hardwareCreate assets in the Asset RepositoryValidate Asset AttributesAssign appropriate status in the Asset RepositoryValidate financials on asset recordDeploy / FinancialsActivate Licenses, Contracts and/or Entitlement3sValidate asset attributes (Location, financials...etc.)Validate asset StatusAssign assets to usersUpdate the Asset RepositoryManage / Move, Add, Change (MAC)Ensure approved Change RequestModify asset attributes in the Asset RepositoryPlan and organize routine MaintenanceExecute asset auditsDetermine corrective actionInitiate corrective actionexecute corrective actionTrack asset historyTransfer assets to new locations/storeroomsRetire / DisposeRetire or dispose assetUpdate asset to Disposed /Retire in the Asset RepositoryGenerate Disposal report

7.10.1.1.8[7.11.1.1.9] Reporting (for Stories)The following reports were identified as desired for Protective LifePL:

Reporting to support annual software vendor contract true-up True cost of ownership of a service/ sub-service Hardware refresh schedule for each direct report of any given manager End-of-life dates for all hardware components that my team manages Monthly metrics report with data relevant to the CIO report List of contracts with upcoming contract renewal dates Exception report listing all unknown and unidentified assets

7.10.1.2[7.11.1.2] Phase 2 ServiceNow Practical Management – SAM and Expanded Hardware Asset Management

3


Phase 2 of the ServiceNow IT Asset Management Launch within Protective LifePL will focus on Practical Management of the activities performed during Phase 1. Activities identified in Phase 1 but unable to be implemented will be brought into Phase 2.

Note: ServiceNow does not assume an immediate rolling release from Phase 1 to Phase 2. Protective LifePL may delay Phase 2 efforts while managing the organizational changes related to Phase 1. Alternatively, Protective LifePL may combine Phase 1 and Phase 2 efforts or elements thereof.

7.10.1.2.1[7.11.1.2.1] ScopeThe recommended Scope of Phase 2 includes a primary focus on Practical Management with the following activities:

Holdover – Any efforts discovered from Phase 1 Full IT Asset Management Software Asset Management

7.10.1.3[7.11.1.3] Phase 3 ServiceNow Operational Integration – Service CatalogPhase 3 of the ServiceNow IT Asset Management Launch within Protective LifePL will focus on Operational Integration. Operational Integration is the focus on efficiency with the IT Asset Management services.


Integrated Service Catalog Model lifecycle management

7.10.1.4[7.11.1.4] Phase 4 ServiceNow Strategic ConformancePhase 4 of the ServiceNow IT Asset Management Launch within Protective LifePL will focus on Strategic Conformance. Strategic Conformance is the focus on Financial Optimization.


Total Cost of Ownership Business Services level cost allocation


Appendix A: Document Conventions

Symbol Description

Process start / end point: Represents the starting and ending point of the process.

Process Activity/Task: Presents an activity or task that needs to be accomplished to produce a specific outcome.

Predefined external process or organization: Indicated a contribution from an external process or organization.

Decision: Indicates that a question needs to be answered in order to determine the in order to identify the following Activity/task in the process. The answers are indicated on the different connectors attached to the decision box. Every answer is linked to an associated Activity/task.

System Action or Function: Indicates that an action is being performed in the system as an output of the previous activity and an input to the next.

Off-page reference: Indicates a reference to another diagram within the same process. The number of the referenced diagram is indicated in the shape.

On-page reference: Indicates a link to another activity within the same diagram.

Association: Represented by a doted or dashed line, it indicates an association or a relation between the connected, processes, tasks or activities.

Sequence flow: Is represented with a solid line and arrowhead, and shows in which order the activities are performed.


Appendix B: Glossary of Terms and Acronyms

Term Acronym Definition

Alert

A notification that a threshold has been reached, something has changed, or a failure has occurred. Alerts are often created and managed by system management tools and are managed by the event management process.

AssessmentInspection and analysis to check whether a standard or set of guidelines is being followed, that records are accurate, or that efficiency and effectiveness requirements are being met.

Asset

Any resource or capability. The assets of a service provider include anything that could contribute to the delivery of a service. Assets can be one of the following types: management, organization, process, knowledge, people, information, applications, infrastructure or financial capital.

AttributeA piece of information about a configuration item. Examples are name, location, version number, and cost. Attributes of CIs are recorded in the configuration management database (CMDB).

Back-outAn activity that restores a service or other configuration item to a previous baseline. Back-out is used as a form of remediation when a change or release is not successful.

Baseline

(ITIL Continual Service Improvement) (ITIL Service Transition) A snapshot that is used as a reference point. Many snapshots may be taken and recorded over time but only some will be used as baselines. For example:

▪ An ITSM baseline can be used as a starting point to measure the effect of a service improvement plan

▪ A performance baseline can be used to measure changes in performance over the lifetime of an IT service

▪ A configuration baseline can be used as part of a back-out plan to enable the IT infrastructure to be restored to a known configuration if a change or release fails.

Business Services

An IT Service that directly supports a Business Process, as opposed to an Infrastructure Service, which is used internally by the IT Service Provider and is not usually visible to the Business. The term Business Service is also used to mean a Service that is delivered to Business Customers by Business Units.

Category A named group of things that have something in common. Categories are used to group similar things together.

Change The addition, modification, or removal of anything that could have an effect on IT services.



Change Advisory Board CAB

A group of people who support the assessment, prioritization, authorization, and scheduling of changes. A change advisory board is usually made up of representatives from all areas within the IT service provider, the business, and third parties such as suppliers.

Change Management CHG

The process responsible for controlling the life cycle of all changes, enabling beneficial changes to be made with minimum disruption to IT services.

Change RecordA record containing the details of a change. Each change record documents the life cycle of a single change. A change record is created for every request for change.

Change Request See Request for Change.

Configuration Record

CI Record A record containing the details of a configuration item. Each configuration record documents the lifecycle of a single configuration item. Configuration records are stored in a configuration management database and maintained as part of a configuration management system.

Configuration Type CI Type

A category that is used to classify configuration items. The CI type identifies the required attributes and relationships for a configuration record. Common CI types include hardware, document, and user.

ClassificationThe act of assigning a category to something. Classification is used to ensure consistent management and reporting. CIs, incidents, problems, and changes are usually classified.

Closed The final status in the life cycle of an incident, problem, or change. When the status is closed, no further action is taken.

Closure The act of changing the status of an incident, problem, or change to closed.

Configuration Item

CI Any component or other service asset that needs to be managed in order to deliver an IT service. Information about each configuration item is recorded in a configuration record within the configuration management system and is maintained throughout its life cycle by service asset and configuration management.

Configuration Management Database

CMDB

A database used to store configuration records throughout their life cycle. The configuration management system maintains one or more CMDBs. Each CMDB stores attributes of CIs and relationships with other CIs.

Configuration Management System

CMS A set of tools, data, and information that is used to support service asset and configuration management. The CMS is part of an overall service knowledge management and includes tools for collecting,



storing, managing, updating, analyzing, and presenting data about all configuration items and their relationships. The CMS also includes information about incidents, problems, known errors, changes, and releases. It may contain data about employees, suppliers, locations, business units, customers, and users. The CMS is maintained by service asset and configuration management and is used by all IT service management processes.

Configuration Record

A record containing the details of a configuration item. Each configuration record documents the life cycle of a single configuration item.

Continual Service Improvement

CSI

Ensures that services are aligned with changing business needs by identifying and implementing improvements to IT services that support business processes. The performance of the IT service provider is continually measured and improvements are made to processes, IT services, and IT infrastructure in order to increase efficiency, effectiveness, and cost effectiveness.

Customer

Someone who buys goods or services. The customer of an IT service provider is the person or group who defines and agrees to the service level. The term is also sometimes used informally to mean user, for example, ‘This is a customer-focused organization.’

DiagnosisA stage in the incident and problem life cycles. The purpose of diagnosis is to identify a workaround for an incident or the root cause of a problem.

EffectivenessA measure of whether the objectives of a process, service, or activity have been achieved. An effective process or activity is one that achieves its agreed objectives. See also Key Performance Indicator.

Efficiency A measure of whether the right amount of resource has been used to deliver a process, service, or activity.

Emergency Change

A change that must be introduced as soon as possible, for example to resolve a major incident or implement a security patch. The change management process normally has a specific procedure for handling emergency changes.

Employee Self Service ESS

A module in ServiceNow that allows users to make requests, view articles, log incidents, and search the knowledge base through a user-friendly website called the Employee Self-Service Portal (ESS Portal).

Entitlement(s) Number of rights to be granted by a software license

Event A change of state that has significance for the management of an IT service or other configuration item. The term is also used to mean an alert or notification created by any IT service, configuration item, or



monitoring tool.

ImpactA measure of the effect of an incident, problem, or change on business processes. Impact is often based on how service levels will be affected. Impact and urgency are used to assign priority.

IncidentAn unplanned interruption to an IT service or reduction in the quality of an IT service. Failure of a configuration item that has not yet affected service is also an incident.

IT Asset Repository

The IT Asset Repository provides a single, centralized database that stores and tracks organizational assets physically and financially

Key Performance Indicator

KPI

A metric that is used to help manage an IT service, process, plan, project, or other activity. Many metrics may be measured, but only the most important of these are defined as key performance indicators and used to actively manage and report on the process, IT service, or activity. They should be selected to ensure that efficiency, effectiveness, and cost effectiveness is all managed.

Known Error KE

A problem that has a documented root cause and a workaround. Known errors are created and managed throughout their life cycle by problem management. Development groups or suppliers may also identify known errors.

Major Incident The highest category of impact for an incident. A major incident results in significant disruption to the business.

Metric Something that is measured and reported to help manage a process, IT service, or activity.

Policy

Formally documented management expectations and intentions. Policies are used to direct decisions and to ensure consistent development and implementation of processes, standards, roles, activities, IT infrastructure, and so on.

Post-implementation Review

PIRA review that takes place after a change or a project has been implemented. It determines if the change or project was successful and identifies opportunities for improvement.

Priority

A category used to identify the relative importance of an incident, problem, or change. Priority is based on impact and urgency, and is used to identify required times for actions to be taken. For example, the SLA may state that priority 2 incidents must be resolved within 12 hours.

ProblemA cause of one or more incidents. The cause is not usually known at the time a problem record is created. The problem management process is responsible for further investigation.

RACI RACI A model used to help define roles and responsibilities. RACI stands



for responsible, accountable, consulted, and informed.

Release

One or more changes to in IT service that are built, tested, and deployed together. A single release may include changes to hardware, software, documentation, process, and other components.

Request for Change RFC A formal detailed proposal for a change to be made. The term is

often misused to mean change record or the change itself.

RestoreTaking action to return an IT service to the users after repair and recovery from an incident. This is the primary objective of incident management.

Risk

A possible event that could cause harm or loss or affect the ability to achieve objectives. A risk is measured by the probability of a threat, the vulnerability of the asset to that threat, and the impact it would have if it occurred.

Role

A set of responsibilities, activities, and authorities assigned to a person or team. A role is defined in a process or function. One person or team may have multiple roles. For example, a single person may carry out the role of configuration manager and change manager.

Root Cause The underlying or original cause of an incident or problem.

Root Cause Analysis RCA

An activity that identifies the root cause of an incident or problem. Root cause analysis typically concentrates on IT infrastructure failures.

ServiceA means of delivering value to customers by facilitating the outcomes customers want to achieve without the ownership of specific costs and risks.

Service DeskThe single point of contact between the service provider and the users. A typical service desk manages incidents and service requests, and also handles communication with the users.

Service Level Measured and reported achievement against one or more service level requirements.

Service Level Agreement SLA

An agreement between an IT service provider and a customer. A service level agreement describes the IT service; documents service level requirements, and specify the responsibilities of the IT service provider and the customer.

Service Management

A service-oriented approach to manage applications, infrastructure, and processes.

Service Manages the lifecycle of one or more IT services, provides leadership



Managerby developing Business Cases, product line strategies and schedules, performs service cost management activities, and manages various and perhaps conflicting objectives.

Service RequestA formal request from a user for something to be provided, for example, a request for information or advice; to reset a password; or to install a workstation for a new user.

Software License Entitlements

Defining the people or machines to which a specific purchased software license is assigned. Asset managers allocate a license to entitle a user or machine to use the license

Stakeholder

A person who has an interest in an organization, project, or IT service. Stakeholders may be interested in the activities, resources, or deliverables. Stakeholders may include customers, partners, employees, shareholders, owners, or others.

UserA person who uses the IT service on a day-to-day basis. Users are distinct from customers, as some customers do not use the IT service directly.

Workaround

Reducing or eliminating the impact of an incident or problem for which a full resolution is not yet available, for example, by restarting a failed configuration item. Workarounds for problems are documented in known error records. Workarounds for incidents that do not have associated problem records are documented in the incident record.


Appendix C: ISO/IEC 19770-2 Software Asset Tagging

Adobe was the first major software publisher that has implemented a software identification tag. Adobe implemented its software tag prior to the finalization of the ISO/IEC 19770-2 standard, and therefore does not conform to it. However, Adobe's tagging does provide the ability for organizations to accurately identify installed Adobe software. Adobe introduced its software tagging with the CS4 product line.

Advocates for software taggingAdobe, CA, Microsoft, ModusLink, Symantec, EMC, IBM

Software Publishers and SoftwareMicrosoft - Basic tags (Product, Version, Tag Creator, Publisher, Licensor, Unique ID, Entitlement Required)

Win 8, Win Server 2012 Office 2013, SQL Server 2012, Visual Studio 2012 Looking at adding patches for older supported/active software

Symantec - Certified tags (everything thing in basic tag but is normalized, consistent, digitally signed, and used across any tools and any organization and any reporting systems. Also includes security requirements - manifest for install files and runtime files)

Enterprise tools - Control Compliance suite, Endpoint Protection, Netbackup, OpsCenter, etc.

Adobe - Non-normalized tags (Adobe implemented its software tag prior to the finalization of the ISO/IEC 19770-2 standard and therefore does not conform to it)

Creative suite products from CS4

Any publishers using InstallShield 2012 install scripts - varies

Physical Platforms supportedWindows, Macintosh, Linux, and Unix

Who is using the ISO/IEC 19770-2 standard?TagVault.org - http://tagvault.org/ - TagVault.org is the registration authority for international standard ISO/IEC 19770-2 software identification tags (SWID tags).WG21/TG 21 - http://www.19770.org/ - Working Group (WG) 21 is the ISO working group responsible for SAM standards development. Technical Group (TG) 21 is a mirror of WG 21 and is part of the US standards review and creation organizationDMTF - http://dmtf.org/ - Desktop Management Task Force (DMTF) enables effective management of IT environments. The organization is comprised of industry-leading member companies that collaborate on the development, validation and promotion of infrastructure management standards.


http://dmtf.org/

http://www.19770.org/

http://tagvault.org/

Appendix D: Asset Management Process Overview

The following Process Overviews are provided as best practice baselines for general IT Asset Management processes in line with ITIL’s view of IT Asset Service Management.

1 Asset Management Process Activity Overview (Best Practice Level Stack)


2 Asset Management Planning and Design (Best Practice Level Stack)


3 Procure Asset Activity (Best Practice Level Stack)



4 Receive Asset Activity (Best Practice Level Stack)


5 Manage Asset Activity (Best Practice Level Stack)


6 Dispose Asset Activity (Best Practice Level Stack)


Appendix E: Roles Associated with ServiceNow Implementations

The following is a guide to the various roles and responsibilities commonly used during the implementation of ServiceNow. These are only meant as a guide and not as an absolute.

1 Customer Resources

The following are details related to customer resources:

Customer Resources ResponsibilitiesPROJECT SPONSOR Senior Manager who has overall responsibility for the project success. The Project

Sponsor sets the vision.

SENIOR STAKEHOLDERS Executive Management who take part in Steering Committee meetings and provide advice to the project team.

PROJECT MANAGER Individual responsible for all project management activities including communicating progress and mitigating issues and risks. This person is also the key point of contact for Customer project team, and coordinates with the ServiceNow Engagement Manager. On average, the Project Manager dedicates between 40% and 75% of their time to the project.

PROCESS OWNERS Individuals who have decision-making authority for process definition and tool requirements definition and approval for each of the processes implemented within the ServiceNow product. On average the time commitment of the Process Owners varies between 10% and 25% of their time for the duration of the project.

TECHNICAL RESOURCES Customer will supply required technical resource(s) with ITIL, web services xml and JavaScript expertise to accommodate the scope of the Project and to support the configuration of any in-scope integrations, including but not limited to the following:

Role: Active directory administrator, Activities: Assistance with LDAP integration

Role: Email administrator, Activities: Assistance with in-bound / outbound email configuration

Role: Network engineer, Activities: Assistance with firewall and network configuration"

Role: Server hosting administrator, Activities: Assistance with Mid Server configuration

Role DB/System Administrator/Owner, Activities: SME Assistance with each of the required data sources outlined in Section 2 - Integration Scope

Role: Integration architects, Activities Resource(s) with ITIL and JavaScript expertise to accommodate the scope of service purchased and to provide support for the agreed integration with Web Services and XML experience.


The Technical resources are responsible for the completion of integrations (Consume/Publish) from the 3rd party tools with guidance provided by ServiceNow’s Architect and/or Integration Consultant(s). On average the time commitment of the Technical Resources varies between 25% and 40% of their time for the duration of the project.

SYSTEM ADMINISTRATOR Customer will supply certified ServiceNow system administrators to accommodate the scope of the Project and to take an active role in supporting ServiceNow in the configuration of the ServiceNow tool with guidance provided by ServiceNow’s Architect and/or Sr. Consultant(s). On average the time commitment of the System Administrators varies between 75% and 100% of their time for the duration of the project.

2 ServiceNow Resources

The following are details related to ServiceNow resources:

ServiceNow Resources ResponsibilitiesPRACTICE MANAGER The ServiceNow Executive Sponsor (Practice Manager) will provide support for

the Engagement Manager, assist with major issues/escalations, remove obstacles, participate in planning the scope, assess any scope changes, review major deliverables, and participate in the project gate reviews and steering committee events.

The ServiceNow Executive sponsor will work with the Customer Executive Sponsor and Project team to govern overall project risk, recommend opportunities to optimize cost/benefits and focus on the realization of benefits for the overall project.

ENGAGEMENT MANAGER ServiceNow Engagement Manager will facilitate project planning, provide implementation expertise, confirm the Statement Of Work is being adhered to, allocate appropriate resources from ServiceNow, manage escalations, and act as a single point of contact for the duration of the Project. The ServiceNow engagement manager will facilitate at minimum a weekly status or update call to ensure the Project is progressing appropriately.

TECHNICAL CONSULTANTS ServiceNow will provide technical consultant(s) to help with application configuration and assist with knowledge transfer to Customer resource(s).

INTEGRATION EXPERT ServiceNow will provide an integration expert to assist with integrations defined above.

BUSINESS PROCESS CONSULTANT

The business process consultant will drive process definition, re-engineering, improvement and gap analysis of current and future processes together with Customer process owners, key Customer sponsors and stakeholders.


Appendix F: Configuration Management Process Overview

The concepts described in this guide are aligned with ITIL 2011 and may reference capabilities that are dependent upon other ServiceNow applications. These references will be noted by blue italicized font.

This document assumes that the ServiceNow Discovery product is available and that the Enterprise CMDB plugin has been activated.

1.1 Overview

A process is defined as a set of linked activities that transform specified inputs into specified outputs, aimed at accomplishing an agreed-upon objective in a measurable manner. The configuration management process definition laid out in this document further breaks down these activities into actions and the role(s) responsible for their execution.

This document also describes how ServiceNow supports the configuration management process to identify, record, audit and verify assets and configuration items including their versions, baselines, components, attributes and relationships.

There are strong inter-process relationships between configuration management and the other IT service management processes. Configuration management and the CMDB are the foundation to integrated ITSM processes, and should be considered at the very beginning of any IT service management transformation effort.

1.2 Process Description

A configuration item (CI) is any component or other service asset that needs to be managed in order to provide an IT service. Information about each CI is stored in a configuration record within the configuration management database (CMDB). The configuration management process is responsible for managing the life cycle of all configuration items and their relationships with one another.

1.3 Process Goal

The primary goal of the configuration management process is to support efficient and effective service management processes by providing accurate information about configuration items. This enables users of that information to make better decisions, and more effectively support the objectives and requirements of the business.

1.4 Process Objectives

The objectives of the configuration management process are to:

Ensure that IT managed assets are identified, controlled and properly cared throughout their lifecycle.

Identify, control, record, report, audit and verify services and other CIs, including versions, baselines, constituent components, their attributes and relationships.


Account for, manage and protect the integrity of CIs, through the service lifecycle by working with change management to ensure that only authorized components are used and only authorized changes are made.

Ensure the integrity of CIs and configurations required to control the services by establishing and maintaining an accurate and complete CMDB.

Maintain accurate configuration information on the historical, planned and current state of services and CIs.

Support efficient and effective service management processes by providing accurate configuration information for decision-making purposes.

1.5 Relationship with Other Processes


Incident Management

The CMDB contains details of the infrastructure vital to efficient incident classification, initial support, investigation and diagnosis.

X

When CI records are identified as inaccurate, incident records are created and assigned to configuration management for correction.

X

Problem Management

CI details and relationship information aids in root cause analysis, impact evaluation, and solution development. X

Problem records are linked to relevant CI record(s). X

Change Management

The CMDB provides change management with the necessary information for the assessment of the risk and impact of proposed changes.

X

New, changed or disposed configuration items. Change management ensures that the information related to impacted CIs is updated properly following the implementation of a change.

X


1.6 Principles and Basic Concepts

PoliciesConfiguration management policies are needed to establish the objectives, scope and principles that govern the process and should be considered with the change management and release and deployment management policies because they are so closely related.

Configuration Management policies will be very dependent upon the organization’s business drivers, contractual requirements, and on compliance to applicable laws, regulations and standards. Areas that are typically addressed by policies are:

The need to comply with governance requirements, such as Sarbanes-Oxley, ISO/IEC 20000, or COBIT

The need to deliver the capability, resources and warranties as defined by service level agreements and contracts.

The level of control and requirements needed for traceability and auditability. The requirement to maintain adequate configuration information for internal and external

stakeholders. Level of automation to reduce errors and costs.

Security ConsiderationsData security is a crucial aspect of configuration management and the CMDB. In addition to being effective, security controls should be easily maintained and scalable. The ServiceNow platform provides a number of methods for securing data including user access control list rules, data policies, contextual security, and domain separation. See Security Best Practices in the ServiceNow Wiki for a detailed description of the various data security features available to support the configuration management process.

Process Roles

Each role is assigned to perform specific tasks within the process. Within a specific process, there can be more than one individual associated with a specific role. Additionally, a single individual can assume more than one role within the process although typically not at the same time. Depending on the structure and maturity of a process, all roles described may not exist in every organization.

The following describes the typical roles defined for service asset and configuration management.

Role Description

Process Owner A Senior Manager with the ability and authority to ensure the process is rolled out and used by the entire IT organization.

Responsible and Accountable for:


http://wiki.servicenow.com/index.php?title=Security_Best_Practices

Defining the overall mission of the process.

Establishing and communicating the process mission, goals and objectives to all stakeholders.

Resolving any cross-functional (departmental) issues.

Ensuring consistent execution of the process across the organization.

Reporting on the effectiveness of the process to senior management.

Initiating any process improvement initiatives.

Configuration Manager

Responsible for:

Managing the day-to-day activities of the process.

Gathering and reporting on process metrics.

Tracking compliance to the process.

Agreeing and defining the service assets that will be treated as configuration items.

Defining the structure of the configuration management system, including CI types, naming conventions, attributes and relationships.

Ensuring the integrity of the configuration management system, including the CI data model and relationships.

Defining and coordinating Configuration Analyst activities and responsibilities.

Planning and managing support for Configuration Management tools and processes.

Configuration Analyst

This role supports (and takes direction from) the Configuration Manager as the primary ‘representative’ for a specific CI category.

Responsible for:

Contributes to defining the structure of the configuration management system, including CI types, naming conventions, required and optional attributes and relationships.

Records and maintains CIs (within scope) in the CMDB.

Training staff in configuration management principles, processes and procedures. Performing configuration audits.

CI Owner

The CI Owner is responsible for the supporting, maintaining, controlling and updating of a specific CI or CIs. The CI owner is accountable for all activities that directly affect the actual CI. This role is also responsible for all ITSM process activities associated with the maintenance and support of the CI.

Stakeholder All persons who have an interest in the information contained in the CMDB. Stakeholders may include employees, customers, partners, CI owners, and others.

Change Management

Ensure that a change request is used for any change to an existing CI attribute or when a CI is added to the CMDB.

Ensure that information in Requests for Change (RFC) are accurate.

Matching RFCs against affected CIs.

Validating all scheduled changes occur.


Notifying configuration management that changes are complete.

RACI Matrix

Roles and responsibilities are assigned to specific process activities.

ID Activities

Chan

ge M

anag

emen

t

CI O

wne

r

Stak

ehol

ders

Confi

gura

tion

Anal

yst

Confi

gura

tion

Man

ager

Proc

ess O

wne

r

CFG Process Planning and DesignCFG P.1 Produce Configuration Management Plan C C R A/RCFG P.2 Define CMDB Structure C C R A/RCFG P.4 Determine CI Selection Guidelines C C R A/RCFG P.3 Populate CMDB C A/RCFG P.4 Perform Initial Audit C R A/R CCFG P.5 Baseline CMDB I I A/R ICFG 1.0 Configuration IdentificationCFG 1.1 Evaluate New CI Type to be Created C R A/RCFG 1.2 Assign Unique Identifier R A/RCFG 1.3 Specify Relevant Attributes C R A/RCFG 1.4 Specify Appropriate Relationship(s) C R A/RCFG 1.5 Publish New CI Type I R A/R ICFG 2.0 Configuration ControlCFG 2.1 Validate Update Request C A/RCFG 2.2 Validate CI Attributes I A/RCFG 2.3 Review Invalid Attributes A/R CCFG 2.4 Update CMDB I A/RCFG 3.0 Status Accounting and ReportingCFG 3.1 Authorize or Reject Report Request I R A/RCFG 3.2 Create or Update Configuration Management Report R A/RCFG 3.3 Generate Configuration Management Report R A/RCFG 3.4 Distribute Configuration Management Report I R A/RCFG 4.0 Verification and AuditCFG 4.1 Approve Verification & Audit Request A/RCFG 4.2 Execute Audit A/R CCFG 4.3 Reconcile with CMDB A/RCFG 4.4 Determine Corrective Action A/R ICFG 4.5 Initiate Corrective CMDB Action A/RCFG 4.6 Execute Corrective Action I A/R

R: Responsible, A: Accountable C: Consulted,I: Informed



Configuration Management Activity Description

1.7 Process Overview

Figure 1: Process Overview

Process Guide

Process Overview Activity Description

ID Activity Description

CFG P Process Planning and Design

The configuration management team and key stakeholders decide what level of configuration management is required to support the services delivered by the organization and how this level will be achieved and document this in a configuration management plan. While this activity is usually performed once (when the process is first being implemented), it is good practice to periodically review the configuration management plan to ensure that the process remains relevant to the support needs of the organization.

CFG 1.0

Configuration Identification

This activity determines the scope and criteria of CIs to be included in the CMDB. This includes the modeling of the infrastructure to determine what CIs will look like and how they are related to each other. It also includes establishing naming conventions, enterprise taxonomy and CI selection criteria.

CFG 2.0

Configuration Control

Configuration control is the activity responsible for ensuring that only authorized and identifiable CIs are in the infrastructure and that there is a corresponding accurate and complete CI record representing the CI in the CMDB. Updates to the CMDB are governed by Configuration Control activities.

Unauthorized changes are forwarded to change management for instructions on how to proceed. Discrepancies and errors in the CI configuration are forwarded to the CI Owner for resolution.

CFG 3.0

Status Accounting and Reporting

This is the production of reports on the current, past and future status of the infrastructure and the CIs under the control of configuration management.

CFG 4.0

Verification & Audit

This activity involves the review and verification of the physical existence of CIs to check that they are correctly recorded in the CMDB. When discrepancies are found, configuration management consults change management for instructions on what corrective action to execute. There are two possible actions, update the CMDB to reflect what is actually in the infrastructure or change the CI to match the CMDB.

CFG CContinuous Service Improvement

Ongoing activities to regularly measure and monitor the efficiency and effectiveness of the process and identify, plan and implement improvements.

Process Guide

1.8 Process Planning and Design

Figure 2: Process Planning and Design

In order for configuration Management to reflect enterprise goals and objectives, it is important that a set of stakeholders be identified from a representative cross section of the organization. This stakeholder group should include members with both a good appreciation for the business needs, as well as some knowledge of the technical aspects of managing the configurations of the IT infrastructure.

Process Planning and Design Activity DescriptionID Tasks Description

CFG P.1

Produce Configuration Management Plan

A configuration management plan will be unique to each organization and is based on the level of detail needed to support the services it provides. Following is an example of content that can be included in a configuration management plan:

Scope Applicable services Environments and infrastructure Geographical locations

Requirements Link to policy, strategy Link to business, service management and contractual requirements Summarize requirements for accountability, traceability, auditability

Policies Industry standards, e.g. ISO/IEC 20000

Process Guide

ID Tasks Description

Internal standards, e.g. hardware standards, desktop standardsOrganization

Roles and responsibilities Change advisory board Authorization for establishing baseline, changes and releases

Processes and Procedures Configuration identification Version management Establishment and maintenance of configuration baselines Procurement and retirement of CIs Reference implementation plan (data migration and loading, training and

knowledge transfer, etc.) Relationships and interfaces with other processes and groups (fixed asset

management, projects, suppliers and sub-contractors, etc.) Baseline and audit criteria and procedures

CIs Naming Conventions Categorization Attributes Relationships

CFG P.2

Define CMDB Structure

Defining the CMDB structure is a key activity that contributes in making the CMDB a powerful decision support tool. It is important that the appropriate level of CI information be properly defined and agreed upon by the various stakeholders in each organization. See Appendix C for a representation of the defined CMDB structure.The CMDB structure will contain the various CI classes and their relationship to one another in the delivery of a service. These relationships are used within ServiceNow to create Business Service Management (BSM) maps that can be used to analyze the impact of a change or an incident, evaluate the risk associated to a proposed change, and to build a logical model of the infrastructure. See Figure 3 below for an example of a BSM map. Also see Defining CI Relationships in the ServiceNow Wiki for a recommended approach to defining CI relationships.

CFG P.3

Determine CI Selection Guidelines

The selection of CIs and level to which they are defined and controlled are very important decisions to be made in the design of the CMDB. CIs can be selected by applying a top-down approach, considering whether it is sensible to break down a CI into component CIs or not. Configuration information that is collected at too granular a level, or in too much detail, may cost more to collect and maintain that the value it provides. CI information is valuable only if it facilitates the management of change, the control of incidents and problems, or the control of assets that can be independently moved, copied or changed.

CFG P.4 Populate CMDB

This activity involves the creation of CI records in the CMDB for each CI that has previously been identified as part of the initial CMDB build. Consult the following ServiceNow Wiki articles to evaluate the different ways for importing data in the CMDB:

Getting Started with Agentless Discovery in the ServiceNow Wiki describes how the Discovery plugin can collect information on network-connected hardware, the different applications and software that runs on that hardware and the relationships between all of the items found.

Importing Data Using Import Sets in the ServiceNow Wiki provides information on how to integrate data with existing external CMDBs or by simply using a CSV file.

Process Guide

http://wiki.servicenow.com/index.php?title=Importing_Data_Using_Import_Sets

http://wiki.servicenow.com/index.php?title=Getting_Started_with_Agentless_Discovery

http://wiki.servicenow.com/index.php?title=Defining_CI_Relationships

ID Tasks Description

CFG P.5

Perform Initial Audit

To ensure the accuracy of the imported data in the CMDB, perform an initial audit based on sampling criteria as outlined in the configuration management plan.

Examples of sampling criteria could be:

A predefined percentage of each CI category and their attributes to be captured

Only certain CI types or classes Integrity of the relationships between CIs related to predefined service(s)

The results of the audit should be compiled and a report on the accuracy of the initial CMDB data should be submitted to all identified stakeholders for review.

CFG P.6 Baseline CMDB

To facilitate the tracking of the different changes that will be made in the CMDB, it is recommended that a baseline of the audited CIs be made before moving the initial data into the ‘production’ instance.

Consult the Baseline CMDB article in the ServiceNow Wiki for more details and instructions.

Process Guide

http://wiki.servicenow.com/index.php?title=Baseline_CMDB

Figure 3: Business Service Management Map example

Process Guide

1.9 Configuration Identification

Figure 4: Configuration Identification

Configuration Identification Activity Description

ID Tasks Procedure Primary Role Input Output

CFG 1.1 Create New CI

Evaluate the request and determine the new CI type to be created based on the CI selection guidelines documented in the configuration management plan.

Configuration Manager/ Coordinator

Change request

Configuration management plan

New CI type identified

CFG 1.2

Assign Unique Identifier

Assign a unique identifier to the new CI type identified.


New CI type identified

New CI type with assigned unique identifier

CFG Specify Relevant Identify the necessary Configuration New CI type with Defined

Process Guide


1.3 Attributes

attributes for the new CI type. Consult the Reference Fields article in the ServiceNow Wiki for more information on creating reference fields on a table record.

Manager/ Coordinator

assigned unique identifier

attributes for new CI type

CFG 1.4

Specify Appropriate Relationships

Specify the appropriate relationships required for the new CI type.


Defined attributes for new CI type

New CI type associated with appropriate relationships

CFG 1.5

Publish New CI Type

Publish the new CI type in the production CMDB.


New CI type associated with appropriate relationships

New CI type published

Process Guide

http://wiki.servicenow.com/index.php?title=Reference_Fields

1.10 Configuration Control

Figure 5: Configuration Control

Configuration Control Activity Description


CFG 2.1

Validate Update Request

The configuration manager receives a request to enter a new CI record or update an existing CI record.Authorized requests are prioritized and forwarded to a configuration management analyst for further processing.Rejected requests are returned to the requestor with an explanation of the rejection.In the case of new CIs identified by Discovery, verify that an authorized request exists to justify the presence of the discovered CIs.


Assigned task from a request for change (RFC)

New CI identified by Discovery

Valid request ready to be processed

Or

Rejected request

Process Guide


CFG 2.2

Validate CI Attributes

For new CI requests, validate that the proposed CI attributes meet the requirements of configuration management as defined in the configuration management plan.If all the proposed CI attributes meet the criteria, the request is approved for updating the CMDB.For CI attributes that fail to meet the configuration management plan criteria, reject the request and inform the CI owner with proper instructions.


Valid request ready to be processed

New CI ready to be created in the CMDB

Or

CI with invalid attributes identified

CFG 2.3

Review Invalid Attributes

Review the submitted instructions for defining proper CI attributes and submit a new request.

CI Owner CI with invalid attributes identified

Revised attributes

CFG 2.4 Update CMDB Publish the valid and authorized

CI data into the CMDB.

New CI ready to be created in the CMDB

New CI published in the CMDB

1.11 Status Accounting and Reporting

Figure 6: Status Accounting and Reporting

Status Accounting and Reporting Activity Description


CFG 3.1

Authorize or Reject Report Request

Review the submitted report request and validate if the request is for an existing report or gauge.

Requester

New configuration management report request

Valid or invalid report request

CFG 3.2

Create or Update Configuration

For valid requests, create new configuration report

Configuration Manager/

Valid report request

New configuration

Process Guide


Management Report

or gauge as requested. See the Creating Report ServiceNow Wiki article for more information and detailed procedures.

Coordinatormanagement report or gauge

CFG 3.3

Publish Configuration Management Report

Publish the created report or gauge and send the provided link to the requester.


New configuration management report or gauge

Published report or gauge accessible by requester

1.12 Verification and Audit

Figure 7: Verification and Audit

Verification and Audit Activity Description


CFG 4.1

Authorize or Reject Verification Request

A request for verification & audit is reviewed and approved or rejected by the Configuration Manager. Rejected requests are returned to the requester with


Request for verification & audit

Authorized verification & audit request

Or

Process Guide

http://wiki.servicenow.com/index.php?title=Creating_Reports


an explanation.Rejection information sent to requester

CFG 4.2

Execute Audit

Depending on the scope of the verification or audit request, the Configuration Analyst performs an audit via physical inspection or Discovery.ServiceNow also employs several mechanisms by which data in the CMDB may be certified. See Appendix D for a discussion of these techniques.


Authorized verification & audit request

Documented results from verification & audit

CFG 4.3

Reconcile with CMDB

Review the compiled results from the audit and compare with CI record information found in the production CMDB.


Documented results from verification & audit

Reconciliation with production CMDB results

CFG 4.4

Determine Corrective Action

If discrepancies exist between the information contained in the CMDB and the actual CI(s), there are two possible actions to take: Update the CMDB to reflect

what was verified in the infrastructure

Change the CI to match the information in the CMDB The task of correction is passed to the CI Owner.


Reconciliation with production CMDB results

CMDB information to be corrected

Or

CI to be modified to reflect information in CMDB

CFG 4.5

Initiate Corrective CMDB Action

Update the CMDB so that the CI record matches the ‘as is’ CI configuration in the infrastructure.


CMDB information to be corrected

Corrected CMDB discrepancies

CFG 4.6

Execute Corrective Action

Change the configuration of the actual CI so that it matches the CMDB CI record.

CI Owner

CI to be modified to reflect information in CMDB

CI matching information in CMDB CI record

Process Control

Process controls are the policies and principles that provide direction over the operation of processes and define constraints or boundaries within which the process must operate.

Name DescriptionAudits The frequency of configuration audits

Process Guide

1.13 KPIs

KPIs are best represented as trend lines and tracked over time. They provide information on the effectiveness of the process and the impact of continuous improvement efforts.

KPI/Metric Purpose

Quality and accuracy of configuration information

Measure of how well an accurate and complete configuration management system is established and maintained.

Increase in re-use and redistribution of under-utilized resources and assets

Accounting for, managing and protecting the integrity of CIs throughout the service lifecycle

Reduced number of exceptions reported during configuration audits

Accounting for, managing and protecting the integrity of CIs throughout the service lifecycle

Number of RFCs without corresponding CI updated in CMDB

Measure of how well an accurate and complete configuration management system is established and maintained.

1.14 Reports & Homepage Gauges

There are numerous default reports available in ServiceNow that can be used to generate charts, publish to a URL, or schedule to be run and distributed at regular intervals. Users can also create custom reports. See Creating Reports in the Wiki for more detail on this capability.

In addition to reports, each user can create a personal homepage and add gauges containing up-to-the-minute information about the current status of records that exist in ServiceNow tables. See Customizing Homepages in the Wiki for details.

Process Guide

http://wiki.service-now.com/index.php?title=Customizing_Homepages

http://wiki.service-now.com/index.php?title=Creating_Reports

Appendix G: Data Certification and Verification

There are multiple approaches that can be taken to help ensure that data in the CMDB is accurate. These methods can be applied to data managed by Discovery, if internal controls require it, but are usually applied to undiscoverable data such as special relationships, CI ownership, or any other people-related information.

Data Certification - Data certification manages scheduled and on-demand validations of CI data that has been added to the CMDB by the ServiceNow Discovery tool, by importing from third-party tools, or manually. For regulatory or procedural reasons, information in the CMDB needs to be checked for accuracy and certified. The person or team responsible for certification can define what information should be verified as well as the verification schedule. The schedule then generates a checklist of tasks for verifying the data. Individuals assigned to certification tasks answer a series of questions to verify the data. For example, a certification can be set up to validate key information fields, such as Operating System and CPU Count, on all Windows servers located in Chicago and assign the tasks to the appropriate team member automatically.

Data Certification manages the tasks assigned to specific individuals who are responsible for physically verifying the data in question. Data certification can also be performed against specific fields on non-CMDB CI tables.

Compliance - Compliance is a set of tools that enable administrators to certify ServiceNow data for validity and correct any discrepancies found. Compliance offers these options to suit an organization’s size and requirements:

o Desired State – This application conducts scheduled or on-demand audits of CMDB data to determine which configuration items (CI) match a desired state. The certification process can mean checking servers to ensure that their physical resources, such as CPU speed or memory, comply with certain standards, or ensuring that all critical business services have a manager, support group, and approval group. The administrator responsible for compliance creates template definitions of desired states and then schedules an audit to check CIs against the definition. The audit results identify CIs that pass certification and itemize the discrepancies of those that fail. ServiceNow then automatically generates follow-on tasks to track the process of adjusting the CIs to the desired state.

o Architecture Compliance – This application manages scheduled or on-demand reviews of CMDB data to determine which CIs match expected attributes. The compliance audits check servers to ensure that their physical resources, such as CPU speed or memory, comply with certain standards. The administrator responsible for compliance creates template definitions of expected attributes and then schedules an audit to check CIs for compliance. The audit results identify CIs that pass certification and itemize the discrepancies of those that fail. ServiceNow automatically generates and assigns follow-on tasks to track the process of getting the CIs back into compliance.

Process Guide

http://wiki.servicenow.com/index.php?title=Architecture_Compliance

http://wiki.servicenow.com/index.php?title=Desired_State

http://wiki.servicenow.com/index.php?title=Compliance

http://wiki.servicenow.com/index.php?title=Data_Certification

Documents

SACM Workshop Best Practice and Road Map Implementation Process Guide - PL Corp Dec 2015