Fetching dependencies from the CMDB and BIA

  • Release version: Zurich
  • Updated July 31, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Fetching dependencies from the CMDB and BIA

    In the Zurich release of Operational Resilience, ServiceNow enables customers to fetch service dependencies from the Configuration Management Database (CMDB) and the Business Impact Analysis (BIA). This integration helps maintain up-to-date dependency information for services and business processes, which is critical for operational risk and resilience management.

    Show full answer Show less

    Fetching Dependencies from CMDB

    Operational Resilience uses the Data Relationships Framework (installed by default with the app) to retrieve dependencies from the CMDB via API calls. To enable this, administrators must activate the main node configuration labeled "Service (CMDB)" within the framework.

    For each dependency fetched:

    • If a matching entity exists in Operational Resilience, it is linked as a downstream dependency under its parent entity.
    • If no matching entity exists, the dependency is skipped (Operational Resilience does not create new entities automatically).
    • If the entity exists but is not assigned to one of the recognized entity types (Facilities, People, Suppliers, Technology), it must be manually assigned by users.

    Example: For a business service like "Windows mobile updates," dependencies such as "OWA-SD-01" and "IronMail-SD-01" are linked appropriately in the service hierarchy.

    Fetching Dependencies from Business Impact Analysis (BIA)

    When BCM applications are installed, Operational Resilience also fetches dependencies from approved, active BIA records where the "Applies to" field matches a business process entity type used in Operational Resilience. The scheduled job updates dependencies only if the dependency group is marked complete.

    Rules applied during BIA dependency fetching:

    • Dependencies must have a matching valid entity in Operational Resilience.
    • Inactive entities, entities without a pillar, or entities not belonging to an entity type within Operational Resilience are ignored.

    Manual Dependency Management

    If dependencies do not belong to recognized entity types, ServiceNow customers must manually add or assign these dependencies within Operational Resilience. Administrators and managers can also choose to update dependencies manually instead of relying solely on the scheduled jobs.

    Data Relationships Framework Support

    The Data Relationships Framework underpins the fetching process, providing the configuration and API capabilities needed to retrieve and map dependencies from CMDB and BIA. Activating the main node configuration is essential for this functionality.

    Practical Benefits for ServiceNow Customers

    • Ensures up-to-date, accurate mapping of service and business process dependencies critical for operational resilience planning.
    • Reduces manual effort by automating dependency retrieval from CMDB and BIA where possible.
    • Provides flexibility to manually manage dependencies when automatic assignment is not feasible.
    • Leverages existing frameworks (Data Relationships Framework) for scalable and maintainable integration.

    You can fetch the dependencies for the services or business services from CMDB in Operational Resilience. Similarly, when the BCM applications are installed, the Operational Resilience scheduled job also monitors for the changes in the business impact analysis (BIA) dependencies and fetches the dependency updates.

    Fetching the dependencies from CMDB for the services

    Beginning with the Zurich release, the Data Relationships Framework supports the Operational Resilience application with the underlying framework to fetch the dependencies from CMDB. The Data Relationships Framework (app-grc-relationship-config) is installed with the Operational Resilience application by default. The CMDB dependencies are retrieved by calling an API from the Data Relationships Framework.​

    To get the CMDB dependencies, the Operational Resilience administrator must activate the main node configuration, labeled as Service (CMDB) in the Data Relationships Framework first.​

    For each retrieved dependency, the Operational Resilience application searches for an existing entity first. If there is no existing entity, the dependency is skipped. If there is an existing entity and the entity belongs to any entity type in Operational Resilience, it is added to the downstream of its parent’s entity. If the entity does not belong to any entity type, such as Facilities/People/Suppliers/Technology, you must add it manually to the corresponding entity type in Operational Resilience.​

    The following example shows a sample CMDB relationship setup for a business service. When the service Windows mobile updates its dependencies, the entity of OWA-SD-01 gets added to the downstream of its entity, IronMail-SD-01 and IronMail-SD-02 gets added to the downstream of the Email child service entity.

    Table 1. Sample relationship setup for a business service
    Business service Associated dependency, business process, and business service: Email Process and dependencies associated with business service: Email
    Windows mobile
    • Dependency: OWA-SD-01
    • Business process: Inbound payment validation
    • Business service: Email
    • Process: Fraud_escalation
    • Dependency 1: IronMail-SD-01 (The table is cmdb_ci_email_server.)
    • Dependency 2: IronMail-SD-02 (The table is cmdb_ci_email_server.)

    Fetching the dependencies from the business impact analysis (BIA)

    When the BCM applications are installed, Operational Resilience fetches the BIA's dependency update if the BIA's Applies to field is a business process used in Operational Resilience.

    The following conditions must be met for pulling the BIA dependencies in Operational Resilience:
    • The BIA has to be in the Approved state.
    • The BIA should not be in the Expired state.
    • The dependency group has to be completed.
    Note:
    Only when the Applies to field of the BIA record matches with any business process within the Business Processes Entity Type, its dependencies are fetched by the scheduled job.

    For each fetched dependency, the Operational Resilience application looks for an existing valid entity first. If the dependency has an existing valid entity and the entity belongs to any entity type in Operational Resilience, it is added to the downstream of its parent's entity.

    To fetch the CMDB dependency updates or BIA dependency updates, the following conditions are followed:
    • If there is no entity for the dependency, it is skipped. Operational Resilience does not create an entity for the dependency.
    • If a dependency entity is inactive, it is ignored.
    • If a dependency entity is active, but it has no pillar, it is ignored.
    • If a dependency entity is active and has a pillar, but it does not belong to any Operational Resilience entity type, it is ignored.

    Adding the dependencies manually

    If the entity does not belong to an entity type such as Facilities, People, Suppliers, Technology, Operational Resilience users must add it to the corresponding entity type manually.​ Instead of using the scheduled job, Operational Resilience administrators and managers can update the dependencies manually.

    Support for main node configuration in Data Relationships Framework

    For information on the Data Relationships Framework and main node configuration, see Data Relationships Framework and Create a main node configuration record.