A student in a recent ITIL class asked me a very good question: "Why did ITIL v3 combine the processes of Asset Management and Configuration Management, is it because assets and configuration items are the same thing?" Well, yes and no, but mostly no. Although I was not an author in the newest version of the ITIL framework, I do have some ideas and thoughts on the subject.
ITIL v2 to ITIL v3: Assets and Configuration Items
In ITIL v2, there were essentially two separate processes: Asset Management and Configuration Management.
Asset management was considered an accounting based process that was concerned primarily with maintaining details of assets for the purposes of depreciation (or amortization). System use in this process was primarily used to track values, ownership and locations. Configuration management was the process of planning, identifying, verifying and controlling Configuration Items (CIs). Systems use in this process was primarily focused on recording the status of CIs and supporting Change Management in assessing the potential impact of changes.
In ITIL v3, what was two, is now one process: Service Asset and Configuration Management (SACM).
ITIL v3, and more specifically ITIL 2011 Service Transition, nicely combines these. In order to have efficient and effective use of assets, it is vital to ensure those assets are properly controlled and information about those assets is accurate, reliable and available when needed. This information should include how the assets are configured, their attributes, and relationships between each other. Therefore, these service assets that are needed to deliver services are considered CIs.
Why the convergence?
If you think about it, there’s a logical fit.
Suppose your company has a spreadsheet that has a list of all of the IT related assets that you manage. Somebody in your organization goes around once or twice a year to get a physical inventory of these assets (maybe using some type of bar code or related system) and reports these to the finance department. From there, your job is done, or so you thought.
Meanwhile, on another floor or hallway of your department, somebody else is trying to get a handle on all of the Configuration Items (CIs) IT manages so that the change management process can effectively get a handle on all of the relationships between these CIs. They want this in order to minimize the risk of crashing a system that nobody thought was related to the change being implemented.
You later find out that the finance department has a few questions regarding a particular asset, and you don’t recognize the name, or even the purpose of the asset they are asking about. Luckily, a colleague overhears your conversation and informs you that they are asking about the (fill in the blank here) and you immediately know what they are talking about, only you call it by something different than finance does. Upon further reflection, you have an ‘aha’ moment. You ask yourself: “Can’t these two objects (Assets and CIs) be handled by essentially the same type of process or system?”
And the rest is SACM, or Service Asset and Configuration management. It makes no sense in managing these separately since a single process, or source, can provide all of the information needed for both processes, not to mention the huge positive business impact you can have through better integration.
The Configuration Management Database (CMDB)
A primary component of this process is something called the CMDB. This is a database that contains the pertinent information regarding service assets, or CIs. This CMDB is part of a larger concept call the Configuration Management System (CMS) and provides enterprises an organized view of how all of the IT assets interact to deliver services to the customer.
How can you benefit with SACM?
This is a very powerful process that takes a lot of time and effort to manage, but the payoff is absolutely incredible. How can you benefit?
- Compliance. Information about IT assets is accurate up to date in order to comply with multiple regulatory and compliance initiatives.
- Risk & Security. Provides information about vulnerabilities and levels of risk by CI and furthermore, by service.
- Alignment. Barriers between IT and the business can be removed.
- Change & Decision Support. With a clear understanding of attributes and relationships of CIs, more information is available for risk-based decision making.
- Process Integration. Multiple processes integrate with SACM, notably Change Management, Problem Management, Incident Management and Service Level Management. Of course, there are many more, but in my experience these are the biggest winners.
This is a subject that has volumes of information available and is hard to boil down to a simple list. As always, your comments are welcome.