Should entities be mapped to Service Instance or Offering level
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
4 weeks ago - last edited 4 weeks ago
Hi,
A customer I'm working with is using "legacy" GRC and the Policy & Compliance module where the application owners attest their applications (entities) against defined security controls (control objectives). CMDB is aligned with the ServiceNow CSDM-model. The entities are currently referring to the matching application on the Service Instance level.
My question is that does ServiceNow recommend linking entities to the Service Instance level or the Service Offering level? Or are both options correct and are there any benefits in either?
To me the linking seems anyway cosmetic as you can just basically utilize the auto-update owner to keep the entity owner up to date if there are changes in the record it is referring to.
Thank you in advance for your input.
- Labels:
-
Policy and Compliance Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
I have seen that Service Offering level is the recommended entity link as Service Instance level is pretty granular. But of course, if you track risks and controls separately at the instance level, that answers your question, and you will want to include them in your linkage.
And...
You're absolutely right that the auto-update owner functionality makes the linkage somewhat "cosmetic" from a pure data maintenance perspective. However, the choice still matters for:
- Reporting and visualization - Where you link determines what shows up in your service maps and dependency views
- Scope of impact - Service Offering gives you a business-level view of risk/issues; Service Instance gives technical-level granularity
- User experience - Business users typically think in terms of offerings, technical teams think in instances
