Service Asset and Configuration Management (SACM), an ITIL Service Transition process, is often one of the first ITIL
processes implemented in any organization. SACM helps leadership understand what they own in terms of assets and how a change in configuration affects other assets, which helps an organization deliver effective service management and tangibly improves its bottom line.
Service Asset and Configuration Management definitions:
- Service assets are resources required to deliver IT services. They can include data, hardware, applications and people.
- Configuration items (CI) are resources that have to be configured in specific ways to deliver a service. When you design your configuration, you can decide how granular you want to get: Is a server a CI, or is the motherboard within your server a CI, too? Also, things like vendor contracts and other variables that can significantly impact service delivery should also be considered as CIs.
- The configuration management database (CMDB) stores information about your CIs, each distinguished by a unique identifier, including identifying information like its serial number, MAC address or IP address; its current version; its location; and its vendor and supplier information.
- The configuration management system (CMS) is the set of tools that gather information on the CMDB and the items therein. It often includes records on related incidents, problems, changes, and releases.
ITIL asset management may provide a rough schedule and budget over an IT asset's lifecycle. It's about managing IT assets, including hardware, software, and applications, throughout their lifecycle, and making decisions about those assets around procurement, repair, updating and decommissioning. The configuration management
process maps out the effect that each configuration item has on the others. It evaluates and records what changes when a CI changes in status and how that change impacts all hardware that connects to the asset, all applications that communicate with it and even the people who are affected by it. SACM is generally implemented in five steps.
Create a list of services delivered by your organization and come up with a service management plan for each. It should explain what the service does, who uses it, what processes are involved, what CIs it requires and how those CIs relate to others. A good IT service management plan also spells out how change management
and configuration management interact. It may include information on other steps of the SACM process, such as information on configuration controls for the service and how you plan to audit it.
Whenever you deploy a new service, create a service management plan for it. The plans may seem cumbersome at first, but they're your bedrock for sound financial management and high-performance service delivery. Map out the steps for updating these plans and for enabling authorized stakeholders to access this information.
Develop a complete record of your configuration baseline. Identify what you have now and how each CI interacts with the others; this inventory becomes your CMDB.
All configuration adjustments need to be recorded so that you know the status of the CIs that support your services. They should be captured as close to the time of the actual adjustment as possible, so your CMDB is always current. The control process ensures accurate and timely documentation by clarifying who makes changes, records them, and when -- automation can be a big helper in that process. It covers not only adjustments in response to incidents, but also adjustments around changes and releases. License management can also be a part of the control process.
4. Status Accounting
Status accounting is a report of your CIs and their configuration, so you know where it stands at any moment -- whether that moment is now or you're reviewing a service's historical status. When you view the status of a service, you should note anomalies like unauthorized CIs and the effects that any updates or adjustments have had compared to prior status.
5. Verification and Audit
Periodically, you need to confirm that your CMDB is accurate and up-to-date and that your current configuration manages your assumed configuration baseline. Schedule times for audits, and prioritize according to risk. A service that is low-priority doesn't need to be audited as often as a service that, if impacted, could lead to major downtime or financial loss. It's also a good idea to include disaster recovery preparation in your audit discussions. You should make sure you're backing up your CMDB and have a process in place for recovering it in case of a disruption.