Skip to main content
Combining CMDB with ITSM practices to ensure regulatory compliance
Share on socials

Combining CMDB with ITSM practices to ensure regulatory compliance

Effie Bagourdi
Effie Bagourdi
2 June 2023
10 min read
ITSM automation production line
Effie Bagourdi
Effie Bagourdi
2 June 2023
10 min read
Jump to section
Let’s start with, what is CMDB?
How ITSM and CMDB can support adherence to regulations

CMDB should be the single source of truth that spans the IT Service Management landscape of your organisation—here's why.

In today's world, Information Technology (IT) has become the backbone of almost every innovative organisation. To ensure the smooth operation of business operations, managing, and delivering IT services efficiently is essential. This is where ITSM frameworks, such as the Information Technology Infrastructure Library (ITIL), come in. ITIL 4 is the latest iteration of the framework, which is a series of best practices for IT service management (ITSM) that aims to align IT services with the needs of the business and encourage collaboration with teams across the organisation.
One of the most critical aspects of ITSM is the Configuration Management Database (CMDB). It is considered the single source of truth regarding the IT landscape of an organisation, and plays a crucial role in ensuring the success of IT service management.
This blog will explore why a solid ITIL model and CMDB structure are imperative for successful IT service delivery and management. We will also discuss how tools like ScriptRunner, Assets, and Jira Service Management (JSM) can be utilised to ensure that your CMDB stays well-maintained and relevant in an ever-changing environment.

Let’s start with, what is CMDB?

CMDB is a database that stores information related to configuration items (CIs) in an IT environment which are the fundamental building blocks of a CMDB. A CI is any component under the IT function's control, including hardware, software, networks, applications, documentation, processes, and people. They’re identified and documented within the CMDB to map their attributes and interdependencies to provide context.
CMDB is critical when using ITSM frameworks, such as ITIL 4. This is because it acts as a single source of truth and allows IT professionals to work more effectively by locating resources, understanding how these resources impact services, and how they are utilised.

The importance of a solid ITSM framework and CMDB structure

Frameworks such as ITIL 4 provide a structured approach to IT service management that helps organisations to improve their IT services' quality while reducing costs. A solid ITIL model is essential because it defines how IT services should be built, managed, delivered, and improved over time. It also ensures that IT services are aligned with the needs of the business.
When we integrate a well-designed and implemented CMDB solution with our ITIL practices, it enables organisations to:
  1. Improve service management and delivery
    CMDB provides a comprehensive view of an organisation's IT infrastructure (software and hardware), allowing IT teams to manage services effectively. It includes information on the interdependencies between various CIs, allowing teams to identify and address potential risks and issues, as well as having visibility of any changes to the ITSM infrastructure that could impact services.
  2. Facilitate Change Management
    A well-designed CMDB can help organisations manage change effectively. By providing information on the relationships between CIs, IT teams can understand the impact of changes on the infrastructure. ITIL 4 supports this by encouraging the building of practices that keep in mind continuous development. This allows teams to plan and execute changes more effectively, preventing service outages and resulting in minimal impact on the customer experience.
  3. Ensure Compliance
    Having a single source of truth means any iterations to the service or any changes to regulations are easier to manage. CMDB will present IT organisations with reliable, up-to-date information, allowing them to monitor changes that may breach a regulation requirement or make it easier to identify how they can become compliant using the birds-eye view of CIs that CMDB offers.
  4. Better decision-making
    IT professionals can ensure that their decisions are based on relevant information and analysis from systems implemented using ITIL best practices, generating more reliable data. By incorporating the CMDB structure into the ITIL framework, IT professionals can access accurate and up-to-date information about all CIs, enabling them to make informed decisions on their service management and the things it influences.

How to manage a potential drawback of Configuration Management Databases

One of the main challenges of managing a CMDB is ensuring the data it contains is accurate and up-to-date. This can be extremely difficult for large organisations with vast amounts of data and complex infrastructure that requires data to be integrated from multiple sources. Therefore, it’s important to try and enforce regular/scheduled CI reviews to remain compliant.
This is where integrating tools like ScriptRunner and Assets with Jira Service Management (JSM) that can save time and could prevent you from being unnecessarily penalised for poor compliance. These tools can enforce scheduled CI revisions of specific attributes. ScriptRunner is a powerful automation tool that can automate repetitive tasks, such as updating CIs in a CMDB following a series of approvals. You can also use it to enforce policies, such as scheduling when specific attributes must be updated regularly. Combining Assets with JSM allows IT functions to track and manage IT assets. It can be integrated with CMDB to ensure data is accurate and up-to-date and to track the lifecycle of an asset from acquisition, deployment, usage, and retirement.
Extend Jira Service Management with ScriptRunner

Extend Jira Service Management with ScriptRunner

ScriptRunner for Jira ensures easy scheduling and automation of tasks, such as maintaining corporate data from all corners of the organisation. Find our more about ScriptRunner for Jira and optimise your CMDB.

How ITSM and CMDB can support adherence to regulations

Compliance with regulations such as GDPR, HIPAA, SOX, and PCI DSS is essential to avoid legal and financial penalties, reputational damage, and loss of customer trust. Here are a few ways in which ITSM and CMDB can help:
A centralised repository of IT assets and configurations
CMDB provides a centralised location for IT assets and configurations, including hardware, software, and network infrastructure. This information can help IT professionals identify and track changes to the IT environment, ensuring compliance with regulatory requirements.
Compliance management
A combination of ITSM and CMDB can support compliance management by providing an accurate picture of the IT environment, including all IT assets and configurations, changes, incidents, and problems. This information, held in one location, can help organisations demonstrate compliance with regulations to auditors and regulators when needed. For example, the General Data Protection Regulation (GDPR) requires organisations to protect the personal data of EU citizens. This means ITSM teams must ensure personal data is stored securely and that access is restricted only to authorised personnel. A CMDB can track which assets hold specific types of personal data and ensure that it is stored securely.
Security Management
Security is a critical aspect of regulatory compliance. ITSM processes can help organisations ensure security policies and procedures are followed. ITSM practices can help detect, report, and resolve security incidents, vulnerabilities, and breaches. CMDB can also provide a 360-degree view of the IT infrastructure, enabling security teams to implement security controls accordingly to relieve the recurrence of the same issue.
Audit and Reporting
Regulatory compliance often requires organisations to maintain records and provide reports to regulatory bodies. CMDB can support audit and reporting activities by being a single source of truth for CIs - their interdependencies and the changes history log. Additionally, an ITSM solution supports this by helping to manage the data that can be easily extracted and put into reports for regulatory bodies when required.
Service Level Management
Many regulations require organisations to provide a certain level of service to their customers. ITSM practices such as Service Level Management can help organisations ensure compliance with certain regulatory institutions' required service expectations. ITSM frameworks, such as ITIL, also play a role here by ensuring organisation’s processes are designed to gather and use feedback to improve their service further. A CMDB structure will support this by providing insights from CIs to not only identify problems that impact the quality of service but also prevent future issues.

So, in conclusion...

A solid ITIL model, which includes a well-designed and implemented CMDB structure, is critical to successful IT service delivery and management. Using a solid ITSM framework—such as ITL4—to design, build, and implement an ITSM solution will put your IT services in an excellent position to incorporate a stronger CMDB. This enables IT departments to align with business goals supporting the growth and adaptability of your organisation.
However, as mentioned earlier, it is imperative to manage CMDB adequately. Tools like ScriptRunner and Assets with JSM can be utilised to enforce scheduled or ad-hoc CI revisions of specific attributes. Utilising their automation capabilities to deal with routine tasks of maintaining the data within CMDB ensures you maintain audit compliance. The insights obtained from this data will help continuously develop your ITSM solution and reduce costs, improve service quality, and align IT teams. But it will also align the IT function with the broader organisational goals.
Adaptavist is a leader in shaping ITSM solutions that deliver value to organisations and their customers. Learn more about how we can support your organisation in achieving your digital transformation goals while complying with fundamental regulations.
Written by
Effie Bagourdi
Effie Bagourdi
Head of Service Management Practice
With 15 year's experience in IT and service management, Effie is an ITIL4 professional with a track record in highly regulated industries such as banking. Leading our service management practice, Effie is passionate about leveraging AI to elevate customer experience.
DevOps