Non Discoverable CIs

dyma06
Kilo Contributor

Has anyone started to capture Non Discoverable CIs in CMDB (i.e. applications)? I would like to know a few things....

1) what is your validation strategy?

2) what is your remediation strategy?

3) who do you consider the best data owner?

I am starting to put a process together to capture "application" CIs. The main concern is how to keep the data as accurate as possible. I would love to see best practices as well as a proven process that some of you may have implemented.

Thanks!

5 REPLIES 5

adilrathore
ServiceNow Employee
ServiceNow Employee

By Non-Discoverable do you mean the applications which are discovered by ServiceNow discovery OOB. Well if you have the SAM or SCCM plugin activiated you can discover those applications as well with ease.


Hi Adil,



I am referring to applications that are client facing apps. Non Discoverable attributes such as application owner, business owner, technology owner. These are all manual entries in CMDB. If you have hundreds of applications, how are you controlling, managing and supporting it so data is accurate. Are you saying I can accomplish this by getting the SAM or SCCM plug ins? Thanks


Jeff Boltz1
Mega Guru

Hi Joe,



People, process, and technology.



Someone in the organization needs to own the Application Portfolio (the apps that are not discovered) and set a policy describing the roles and responsibilities.   Those would include reviewing their data periodically.   This could be facilitated through SN Data Certification (Data Certification is a plugin).



Hold the application owner responsible for keeping their application data up to date.   The App Owner is "responsible for the business delivery, functioning and services of the application. The application owner is also the custodian of the data [data steward] in the application."   (https://www.chapman.edu/campus-services/information-systems/_files/security/3rd-Party-Application-St... - good example of a policy for application standards.



You could reach out to Risk Management or Governance in your organization, or maybe Information Security to help the policy agenda.



Hope that helps.



Take care,
Jeff


also refer to ITIL or other authoritative source that your organization uses,



https://wiki.en.it-processmaps.com/index.php/ITIL_Application_Management