Fetching dependencies from the CMDB and BIA

Release version: Australia

Updated March 12, 2026

3 minutes to read

Summarize

Summarized using AI

Summary of Fetching Dependencies from the CMDB and BIA

This document outlines how to fetch dependencies for services from the Configuration Management Database (CMDB) and Business Impact Analysis (BIA) within the Operational Resilience application. The process is essential for maintaining accurate service dependencies in operational resilience planning.

Show full answer Show less

Key Features

Data Relationships Framework: The framework supports fetching dependencies from the CMDB, requiring activation of the main node configuration labeled as Service (CMDB).
Dependency Retrieval: When fetching dependencies, the application checks for existing entities. If no valid entity exists, the dependency is skipped. If a valid entity is found, it is added to the downstream of its parent's entity.
BIA Dependency Updates: The Operational Resilience application fetches BIA dependencies only if the BIA is in an Approved state, not Expired, and the dependency group is complete.

Key Outcomes

By using the features outlined, ServiceNow customers can ensure their Operational Resilience applications are up-to-date with accurate dependencies from both CMDB and BIA, which enhances risk management and operational planning. Manual addition of entities is required when dependencies do not belong to recognized entity types. Administrators have the option to update dependencies manually instead of relying solely on scheduled jobs.

You can fetch the dependencies for the services or business services from CMDB in Operational Resilience. Similarly, when the BCM applications are installed, the Operational Resilience scheduled job also monitors for the changes in the business impact analysis (BIA) dependencies and fetches the dependency updates.

Fetching the dependencies from CMDB for the services

Beginning with the Australia release, the Data Relationships Framework supports the Operational Resilience application with the underlying framework to fetch the dependencies from CMDB. The Data Relationships Framework (app-grc-relationship-config) is installed with the Operational Resilience application by default. The CMDB dependencies are retrieved by calling an API from the Data Relationships Framework.

To get the CMDB dependencies, the Operational Resilience administrator must activate the main node configuration, labeled as Service (CMDB) in the Data Relationships Framework first.

For each retrieved dependency, the Operational Resilience application searches for an existing entity first. If there is no existing entity, the dependency is skipped. If there is an existing entity and the entity belongs to any entity type in Operational Resilience, it is added to the downstream of its parent’s entity. If the entity does not belong to any entity type, such as Facilities/People/Suppliers/Technology, you must add it manually to the corresponding entity type in Operational Resilience.

The following example shows a sample CMDB relationship setup for a business service. When the service Windows mobile updates its dependencies, the entity of OWA-SD-01 gets added to the downstream of its entity, IronMail-SD-01 and IronMail-SD-02 gets added to the downstream of the Email child service entity.

Table 1. Sample relationship setup for a business service
Business service	Associated dependency, business process, and business service: Email	Process and dependencies associated with business service: Email
Windows mobile	Dependency: OWA-SD-01 Business process: Inbound payment validation Business service: Email	Process: Fraud_escalation Dependency 1: IronMail-SD-01 (The table is cmdb_ci_email_server.) Dependency 2: IronMail-SD-02 (The table is cmdb_ci_email_server.)

Fetching the dependencies from the business impact analysis (BIA)

When the BCM applications are installed, Operational Resilience fetches the BIA's dependency update if the BIA's Applies to field is a business process used in Operational Resilience.

The following conditions must be met for pulling the BIA dependencies in Operational Resilience:

The BIA has to be in the Approved state.
The BIA should not be in the Expired state.
The dependency group has to be completed.

Note:

Only when the Applies to field of the BIA record matches with any business process within the Business Processes Entity Type, its dependencies are fetched by the scheduled job.

For each fetched dependency, the Operational Resilience application looks for an existing valid entity first. If the dependency has an existing valid entity and the entity belongs to any entity type in Operational Resilience, it is added to the downstream of its parent's entity.

To fetch the CMDB dependency updates or BIA dependency updates, the following conditions are followed:

If there is no entity for the dependency, it is skipped. Operational Resilience does not create an entity for the dependency.
If a dependency entity is inactive, it is ignored.
If a dependency entity is active, but it has no pillar, it is ignored.
If a dependency entity is active and has a pillar, but it does not belong to any Operational Resilience entity type, it is ignored.

Adding the dependencies manually

If the entity does not belong to an entity type such as Facilities, People, Suppliers, Technology, Operational Resilience users must add it to the corresponding entity type manually. Instead of using the scheduled job, Operational Resilience administrators and managers can update the dependencies manually.

Support for main node configuration in Data Relationships Framework

For information on the Data Relationships Framework and main node configuration, see Data Relationships Framework and Create a main node configuration record.