Assessing the SACM Process

Any particular instance of an incident management process exists along a maturity spectrum. The questions are largely adapted from those published by the itSMF in regards to ITILv2 and can help to map that level of maturity.

1. Process Pre-requisites

1.1.  Are at least some service asset and configuration management activities established within the organization?

1.2.  Have you identified some of the CI attributes, e.g. location, current status, service component relationships?

1.3.  Is there existing configuration data held in hard copy, local spreadsheets or databases?

1.4.  Is there a high level configuration management plan?

1.5.  Has the purpose and benefits of configuration management been disseminated within the organization?

1.6.  Has the scope of configuration management activity been established within the organization?

1.7.  Is there a suitable budget for configuration management tools (CMS/CMDB) and a commitment to resource configuration management activities?

2. Process Capability

2.1.  Have responsibilities for various configuration management activities been assigned?

2.2.  Have configuration item naming conventions been agreed?

2.3.  Does the organization have procedures covering the acquisition and disposition of CIs?

2.4.  Are there procedures for identifying, controlling, updating, auditing and analyzing configuration item information?

2.5.  Is configuration data routinely used in performing impact assessments?

2.6.  Are CIs recognized in terms of service component relationships?

2.7.  Is configuration data used routinely when building or releasing new CIs?

2.8.  Are there procedures covering housekeeping, license management, archiving and retention periods for CIs?

2.9.  For planned releases, is the configuration baseline determined in advance?

2.10.                 Are the configuration management activities reviewed on a regular basis?

2.11.                 Are configuration audits performed on a regular basis?

2.12.                 Have measure been taken to avoid duplication and anomalies with CI records?

2.13.                 Is configuration data used routinely for capacity planning purposes, e.g. to ascertain the actual growth of CI’s within the organization?

2.14.                 Is there interface control between configuration management and third parties?

2.15.                 Are there links and interfaces between configuration management and other Service Management systems?

2.16.                   Do service support and service delivery personnel regularly retrieve configuration data to facilitate their activities?

2.17.                   Are standard reports concerning CI information produced regularly?

2.18.                   Is there a configuration management database?

2.19.                   Are there controlled environments available within which CI’s are manipulated?

2.20.                   Is there a DSL/DML?

 3. Inter-Process Integration (i.e., in relationship to other service management processes)

3.1.  Are build and release schedules produced on the basis of the CI records?

3.2.  Do you hold regular meetings with interested parties in which Configuration Management matters are discussed?

3.3.  Do you receive notification from, or provide information to Change management relating to every CI to be changed or introduced?

3.4.  Is information exchanged with Release Management in order to keep the Definitive Software Library (DSL) consistent with the CMDB?

3.5.  Is configuration information made available to the Service Desk regarding new CIs?

3.6.  Does Configuration Management exchange information with Problem Management concerning details of CIs relating to problems, suppliers, customers and changes?

3.7.  Does Configuration Management exchange information with Financial Management for IT Services regarding new cost and charging codes and other attributes?

3.8.  Is configuration information made available to IT Service Continuity Management regarding CIs and backup details, and other security and contingency matters?

3.9.  Is configuration information made available to Capacity Management concerning growth estimates based on the CMDB?

4. Quality Control   

4.1.  Are the standards and other quality criteria applicable for the registration of CIs made explicit and applied?

4.2.  Are the personnel responsible for configuration management activities suitably trained?

4.3.  Does the organization set and review either targets or objectives for Configuration Management?

4.4.  Does the organization use any tools to support the configuration management process?

 5. Reporting

5.1.  Are standard reports concerning asset information (lease renewals, licensing, maintenance, etc.) produced on a regular basis?

5.2.  Does Configuration Management provide the organization with information concerning configuration items affected by major changes?

5.3.  Does Configuration Management provide the organization with information concerning exceptional problems regarding specific CIs / types of CI?

5.4.  Does Configuration Management provide the organization with information concerning non-conformance to standards?


<<-Back to SACM