Which Of The Following Applications Is Used To Track Configuration Items And Service Requests?

Two incidents caught my attending recently. The first was in New York Urban center, where 14,000 parking meters rejected credit card payments due to an anti-fraud security setting that disabled the feature on January 1, 2020. And then Microsoft disclosed that over 250 1000000 user analytics records were exposed on five ElasticSearch servers post-obit a modify to its security rules early in December 2019. They resolved the event on the last day of the year.

Both scenarios were attributed to configuration errors, with Microsoft stating that "Misconfigurations are unfortunately a common error across the industry." Indeed, managing configurations is one of the more than challenging activities in IT service management. So, what better fashion to look at configuration items than by defining what is it that we configure? In this commodity, we'll define CIs and look at real-world examples.

Defining configuration items

Let'southward wait at how configuration items (CIs) are defined past some leading ITSM sources:

ITIL^® 4 defines a CI as any component that needs to exist managed in order to deliver an It service.
ISO/IEC 20000:2018 says a CI is any element that needs to be controlled in order to deliver a service.
CMMI SVC calls a CI an aggregation of work products that is designated for configuration direction and treated as a single entity in the configuration management procedure.
Possibly well-nigh broadly, SIAM says a configuration item includes anything used to deliver or back up the services.

Based on these definitions, you might realize that there is no discernible deviation between CIs and assets. However, information technology is important to note that while all CIs are assets, not all avails are CIs. Configuration items have an element of control required to deliver services, and this is not usually a preserve for all assets.

So, for case, knowledge or furniture can be classified as assets for your visitor. But they are not CIs, as they are not controlled for purposes of delivering services.

Examples of configuration items

CIs vary widely in complexity, size, and blazon, ranging from an entire service or system including all hardware, software, documentation, and support staff to a single software module or a pocket-sized hardware component. Here are common examples of CIs:

CIs may be grouped and managed together. For example, a set of components may be grouped into a single release.

Managing CIs

Managing CIs requires a systematic approach in lodge to foreclose misconfiguration. Your approach should consider two functions:

Collecting and maintaining authentic, organized CI records
Regularly verifying and validating your CI information

Let'south look at both activities in more detail.

Keep accurate, organized CI records

The first step in preventing misconfiguration is to collect and keep accurate and organized records of the CIs in your environment. Records of configuration items are usually held in configuration management systems or databases. Almost ITSM solutions come with a CMDB, which is essential for correlating CI information with incidents, changes, requests, releases and deployments, plus supporting other practices such as information security and fiscal and systems audits.

While these solutions normally have myriad fields for each CI, at a bare minimum the ISO 20000 standards requires the post-obit fields:

Unique identifier
Type
Description
Human relationship with other CIs
Status

Collecting and recording CI information sounds uncomplicated, but the practical application is something else. I paraphrase a quote from the VeriSM publication: Configuration management is referred to as the 'unicorn' of service management – everyone has heard of it, everyone knows what it is, but no ane has seen it in real life!

Unless automated, diligently administered, and appreciated within your arrangement, chances are skilful that your staff views the human action of recording, tracking, and correlating information on CIs as a laborious and low-value activity. The discipline required is no small affair, and it takes a significant corporeality of governance to make this happen. Some organizations choose to delegate the role to the service desk or other roles, but, in my opinion, the practice should exist owned by system administrators working hand in manus with other stakeholders involved in the service delivery activities.

Best practise: Automate configuration management and include several stakeholders in its upkeep.

Verify and validate CI data regularly

Avoiding misconfiguration starts with configuration management, but information technology also requires administrators to regularly verify and validate the information stored in the organization'due south configuration direction system.

Most all organizations keep CI information in dissever repositories and, every bit a upshot, getting a common view of this information is extremely challenging. Even though hosting all your applications on the deject might provide easy visibility, the management of up-to-date information remains a pregnant hurdle when there are other pressing needs, such every bit incidents and projects.

Governance helps in getting people to empathise the need to constantly bank check the reliability of your CI data. This governance should include capturing baseline data and comparing with snapshots, which also support easier troubleshooting and implementing and tracking changes.

All-time practice: Establish CI governance for routine information checks, which trickle into easier troubleshooting and clearer change affects.

The necessary value of CIs

In determining the root causes of the Microsoft and New York City incidents, it is no surprise that both incidents could have been avoided if merely someone took time to ensure that configurations were well validated and regularly reviewed at all levels.

Though configuration direction may sound tedious, it is essential to successful and holistic ITSM. Other ITSM practices such as incident, problem, change, request, release, and deployment management can never exist effective if configuration items are not properly recorded and the data shared visibly and accurately to all stakeholders. Agreement the value of CIs and the demand to invest in CI direction can go a long way in helping service providers meet the needs of customers and other stakeholders in more than efficient and effective means.

Admission the 2021 Gartner^® Magic Quadrant^™ for ITSM

The Gartner Magic Quadrant for ITSM is the gold-standard resource helping yous understand the strengths of major ITSM software vendors, insights into platform capabilities, integration opportunities, and many other factors to make up one's mind which solution best fits your needs.

These postings are my own and do non necessarily represent BMC'southward position, strategies, or opinion.

See an error or accept a suggestion? Please let united states of america know past emailing blogs@bmc.com.

BMC Brings the A-Game

BMC works with 86% of the Forbes Global 50 and customers and partners around the world to create their future. With our history of innovation, industry-leading automation, operations, and service management solutions, combined with unmatched flexibility, we assist organizations free up time and space to become an Democratic Digital Enterprise that conquers the opportunities ahead.
Larn more about BMC ›

Almost the author

Joseph Mathenge

Joseph is a global best practice trainer and consultant with over 14 years corporate feel. His passion is partnering with organizations around the world through training, development, accommodation, streamlining and benchmarking their strategic and operational policies and processes in line with best exercise frameworks and international standards. His specialties are It Service Management, Concern Process Reengineering, Cyber Resilience and Project Management.