ITIL Status Tracking CMDB

i am pretty new to ITIL and COnfiguration Management, but am trying to learn the key concepts. I know with ITIL the 4th stage out of 5 relates to status tracking of CI's. I understand from asset management the general notion of the lifecycle of an asset. But I am struggling to see what issues / risks are caused if you dont have proper status tracking procedures in place for your CI's. what risks can you face with poor status tracking procedures of CI's? If any?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

pma111Author Commented:
Surely somebody on the forum has a configuraiton management policy?
btanExec ConsultantCommented:
COBIT is good reference to
(a) the CM policy (extract)
The following list shows good practice examples of statements that can be added to CM policies. Other, more specific statements that can be included in the policies depend on the specific circumstances and requirements of the enterprise:

• Only authorized personnel should have access to CM repositories.
• Access requests are approved and controlled through the proper IT management group.
• The CMS is the consolidated repository for all configuration information.
• Modifications to the established CM model go through the established change management process and require the approval of stakeholders who are responsible for providing oversight. In some enterprises, a dedicated group named the Configuration Change Board (CCB) may be established to provide oversight over the CM process and supporting systems.
• All CIs have defined owners who are responsible for maintenance, accuracy and review of the baseline settings.
• Modifications to the definitions of CIs and their relationships are reviewed and approved by stakeholders prior to implementation.
• The status of the CIs in the CMS is accurately maintained and authorized by stakeholders.
• A baseline is determined and approved for every new CI and before any major change to an existing CI.
• A standard naming convention is used in defining CIs and their relationships. The naming convention is followed according to procedures.
• All CIs have a defined criticality level (critical vs. noncritical and criticality duration) as identified through the business continuity processes and inferred by their dependencies to the services supported by them.
(b) the risk involved (e.g chap 4. Risk and Threats Related to CI.- on the process and example in CM risk found in Appendix F. Mapping Threats and Mitigating Actions, it involved the different CI implicated)
The overall mgmt should be inclusive of  CIs being identified, controlled, recorded, reported, classified, audited and verified.

Ref -

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Assuming you are referencing ITIL because you are of sufficient size where it makes a difference. Without proper status tracking procedures in place for your CI's how would you be able to allocate proper sparing levels if applicable, how would you reallocate resources, understand operational issues for each component and sub components, vendor support issues, etc. There are many reasons why, but they are a catalyst for effective management, obviously. You cannot have effective management without it, otherwise its the wild wild west and no efficiencies are realized.

btanExec ConsultantCommented:
Also we may want to note in status tracking of CMDB, the key process is very much in Change management.

Question that the policy and system should address and emphasis on
a) A large organisation could have a hundred thousand objects in a CMDB, how will you populate the CMDB initially?
Most time, it will be auto-discovery however this can easily missed out disconnected devices, or financial information, or physical location. Check separately for UPS, PABX, factory machinery, or building security and etc.
b) How will you keep it current and accurate?
c)  How will you know if an error is made or someone subverts the process?
Some manual report and review processes to pick up stuff the automated tools miss.
d) If one fails, what will be the impact on the SLAs?
e) How many can we take out for maintenance without degrading performance?
f) What are the permutations between half a dozen relationships, with embedded business rules, and thousands – or hundreds of thousands - of objects?
CMDBs will be a federation of multiple vendor repositories. Keep them to current and double any estimate for buffer.

Eventually a well recognised controlled CMDB via standard alignment helps to manage changes and provide governance via accurate reporting and adhere to the policy giving the direction to address the inventory tracking of all CIs accurately and consistently across the organisation. The creep is to avoid any Shadow IT that should be captured in CMDB but not. DevOps article give a sense of agility revolving ITIL and control process to be managed in the whole lifecycle.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.