Branimir Valentic
March 29, 2016
Implementation, maintenance, training, and knowledge products for Information Security Management Systems (ISMS) according to the ISO 27001 standard.
Automate your ISMS implementation and maintenance with the Risk Register, Statement of Applicability, and wizards for all required documents.
All required policies, procedures, and forms to implement an ISMS according to ISO 27001.
Train your key people about ISO 27001 requirements and provide cybersecurity awareness training to all of your employees.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Compliance and training products for critical infrastructure organizations for the European Union’s Network and Information Systems cybersecurity directive.
All required policies, procedures, and forms to comply with the NIS 2 cybersecurity directive.
Company-wide training program for employees and senior management to comply with Article 20 of the NIS 2 cybersecurity directive.
Compliance and training products for personal data protection according to the European Union’s General Data Protection Regulation.
All required policies, procedures, and forms to comply with the EU GDPR privacy regulation.
Accredited courses for individuals and privacy professionals who want the highest-quality training and certification.
Implementation, training, and knowledge products for Quality Management Systems (QMS) according to the ISO 9001 standard.
All required policies, procedures, and forms to implement a QMS according to ISO 9001.
Accredited courses for individuals and quality professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 and the QMS using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for Environmental Management Systems (EMS) according to the ISO 14001 standard.
All required policies, procedures, and forms to implement an EMS according to ISO 14001.
Accredited courses for individuals and environmental professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 14001 and the EMS using Advisera’s proprietary AI-powered knowledge base.
Implementation and training products for Occupational Health & Safety Management Systems (OHSMS) according to the ISO 45001 standard.
All required policies, procedures, and forms to implement an OHSMS according to ISO 45001.
Accredited courses for individuals and health & safety professionals who want the highest-quality training and certification.
Implementation and training products for medical device Quality Management Systems (QMS) according to the ISO 13485 standard.
All required policies, procedures, and forms to implement a medical device QMS according to ISO 13485.
Accredited courses for individuals and medical device professionals who want the highest-quality training and certification.
Compliance products for the European Union’s Medical Device Regulation.
All required policies, procedures, and forms to comply with the EU MDR.
Implementation products for Information Technology Service Management Systems (ITSMS) according to the ISO 20000 standard.
All required policies, procedures, and forms to implement an ITSMS according to ISO 20000.
Implementation products for Business Continuity Management Systems (BCMS) according to the ISO 22301 standard.
All required policies, procedures, and forms to implement a BCMS according to ISO 22301.
Implementation products for testing and calibration laboratories according to the ISO 17025 standard.
All required policies, procedures, and forms to implement ISO 17025 in a laboratory.
Implementation products for automotive Quality Management Systems (QMS) according to the IATF 16949 standard.
All required policies, procedures, and forms to implement an automotive QMS according to IATF 16949.
Implementation products for aerospace Quality Management Systems (QMS) according to the AS9100 standard.
All required policies, procedures, and forms to implement an aerospace QMS according to AS9100.
Implementation, maintenance, training, and knowledge products for consultancies.
Handle multiple ISO 27001 projects by automating repetitive tasks during ISMS implementation.
All required policies, procedures, and forms to implement various standards and regulations for your clients.
Organize company-wide cybersecurity awareness program for your client’s employees and support a successful cybersecurity program.
Accredited ISO 27001, 9001, 14001, 45001, and 13485 courses for professionals who want the highest-quality training and recognized certification.
Get instant answers to any questions related to ISO 27001 (ISMS), ISO 9001 (QMS), and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Find new clients, potential partners, and collaborators and meet a community of like-minded professionals locally and globally.
Implementation, maintenance, training, and knowledge products for the IT industry.
Automate your ISMS implementation and maintenance with the Risk Register, Statement of Applicability, and wizards for all required documents.
Documentation to comply with ISO 27001 (cybersecurity), ISO 22301 (business continuity), ISO 20000 (IT service management), GDPR (privacy), and NIS 2 (critical infrastructure cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Compliance, training, and knowledge products for essential and important organizations.
Documentation to comply with NIS 2 (cybersecurity), GDPR (privacy), ISO 27001 (cybersecurity), and ISO 22301 (business continuity).
Company-wide training program for employees and senior management to comply with Article 20 of the NIS 2 cybersecurity directive.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for manufacturing companies.
Documentation to comply with ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (health & safety), and NIS 2 (critical infrastructure cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 (QMS) and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for transportation & distribution companies.
Documentation to comply with ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (health & safety), and NIS 2 (critical infrastructure cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 (QMS) and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for schools, universities, and other educational organizations.
Documentation to comply with ISO 27001 (cybersecurity), ISO 9001 (quality), and GDPR (privacy).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 (ISMS) and ISO 9001 (QMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, maintenance, training, and knowledge products for telecoms.
Automate your ISMS implementation and maintenance with the Risk Register, Statement of Applicability, and wizards for all required documents.
Documentation to comply with ISO 27001 (cybersecurity), ISO 22301 (business continuity), ISO 20000 (IT service management), GDPR (privacy), and NIS 2 (critical infrastructure cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Implementation, maintenance, training, and knowledge products for banks, insurance companies, and other financial organizations.
Automate your ISMS implementation and maintenance with the Risk Register, Statement of Applicability, and wizards for all required documents.
Documentation to comply with ISO 27001 (cybersecurity), ISO 22301 (business continuity), GDPR (privacy), and NIS 2 (critical infrastructure cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for local, regional, and national government entities.
Documentation to comply with ISO 27001 (cybersecurity), ISO 9001 (quality), GDPR (privacy), and NIS 2 (critical infrastructure cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 (ISMS) and ISO 9001 (QMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for hospitals and other health organizations.
Documentation to comply with ISO 27001 (cybersecurity), ISO 9001 (quality), ISO 14001 (environmental), ISO 45001 (health & safety), NIS 2 (critical infrastructure cybersecurity) and GDPR (privacy).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 (ISMS), ISO 9001 (QMS), and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for the medical device industry.
Documentation to comply with MDR and ISO 13485 (medical device), ISO 27001 (cybersecurity), ISO 9001 (quality), ISO 14001 (environmental), ISO 45001 (health & safety), NIS 2 (critical infrastructure cybersecurity) and GDPR (privacy).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 (ISMS), ISO 9001 (QMS), and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for the aerospace industry.
Documentation to comply with AS9100 (aerospace), ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (health & safety), and NIS 2 (critical infrastructure cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 (QMS) and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for the automotive industry.
Documentation to comply with IATF 16949 (automotive), ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (health & safety), and NIS 2 (critical infrastructure cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 (QMS) and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for laboratories.
Documentation to comply with ISO 17025 (testing and calibration laboratories), ISO 9001 (quality), and NIS 2 (critical infrastructure cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and quality professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 and the QMS using Advisera’s proprietary AI-powered knowledge base.
Talking about implementation of anything related to ITIL (be it a process, function, tool, report … etc.) always raises many questions. Although that’s good for consultants (there are always potential customers), people inside the IT Service Management (ITSM) organization feel – trapped.
There are processes that are not complicated (at least in the beginning) for the implementation. A bit of logic, i.e., common sense, some theoretical knowledge … and you are ready. Incident Management belongs to this category. On the other side are processes that need thorough preparation, a lot of experience, tools … and who knows what. Well, this is partly true, but – let’s not overcomplicate things.
When talking about complexity of implementation, the Service Asset and Configuration Management (SACM) process belongs at the upper end of the complexity scale. I’d like to claim that I’m talking about my own opinion, but the fact is that many of my clients believe the same.
SACM is crucial for many other ITSM processes, which makes the implementation even more challenging. This means that the quality of the implemented SACM process influences the efficiency of other processes. Why is that? SACM is like a diet – in this or some other way you’ll manage to lose the targeted amount of weight, but then the difficulties begin – how to keep that weight off for the long term. Applied to SACM – you implement the process and populate the CMDB (Configuration Management Database, read the article Knowing your herd – Service Asset and Configuration Management (SACM) to learn more about the CMDB), but then the “party” starts. Changes, new requirements, incidents … they all influence the content of the CMDB and you have to fight really strongly to avoid inconsistency (e.g., change data of your Configuration Items that are not recorded in the CMDB).
By doing consulting and webinars, I get in touch with many people in ITSM. Some of them are highly skilled (and I can learn from them as well), and some of them are at the beginning of their “ITSM journey.” What is common to all of them is that they have questions when we discuss SACM. Here is a selection of the five most commonly asked:
1. How is SACM related to other processes?
More or less, all ITSM processes use (and benefit from) implemented SACM and particularly CMDB, foremost Incident Management, Problem Management, and Change Management (as the most visible ones). That’s because the services you provide are composed of service assets (HW, SW, people, process or other documentation, etc.). Most of them are CIs, which need to be managed. Managed means – to know exactly which CIs you have, which SW version, where your HW is located, what is the relation between HW and SW or different HW components … etc. This brings the idea to implement SACM before other processes. I would say this is correct, if possible. If not, leave some room while implementing, e.g., Incident Management for future SACM implementation. Learn more in the article Three main activities to set up ITIL Service Asset and Configuration Management.
2. Which tools should I use?
I usually get questions like what kind of (e.g., open source or not, how many ITIL supported processes … etc.) tool, which is always hard to answer precisely because organizations have different needs and budgets. If you need to integrate a lot of processes and interfaces to other tools as well as making a lot of customizations – open source is not the best fit. But, for smaller organizations and their needs – there are a lot of pretty good open-source tools; but, be aware – you get what you pay for. Additionally, discovery tools can help you to fill in the CMDB (as well as with snapshots, i.e., audits). When choosing a tool, take care about interfaces to other tools (e.g., ticketing system, fixed asset register, i.e., ERP). Read the article Free tools for ITSM – supporting IT Service Management for zero tool cost to learn more.
3. How do I measure efficiency?
Here we get to KPIs (Key Performance Indicators) and CSFs (Critical Success factors). CSFs are derived from goals set through ITSM implementation, and are descriptive. KPIs are parameters you will measure. Or, you can think of CSFs as groupings of KPIs with the same target. For example, your CSF is establishment of an accurate CMS, and a respective KPI is your CMDB audit result, which must show that less than 3% of CIs contain faulty or inconsistent information. When you decide about CSFs and KPIs, try to stay as practical as possible and don’t generalize; make KPIs measurable and make everyone involved agree on them. And, define CSFs and KPIs for both a SACM process as well as for the CMDB.
4. How do I determine the scope?
I.e., what to include in the CMDB and how far to go (i.e., breadth and depth). That’s a very important question. It will guide all further activities. Unfortunately, there is no one-size-fits-all solution; that is, every organization must define these for itself. Analyze what kinds of information you need to, e.g., assess changes or resolve incidents. For example, if you need information about a user’s laptop and the laptop’s processor or amount of RAM – that would be your CIs. If you don’t need that information – they are not. E.g., you need to upgrade all PCs to a new OS. So, most probably you need information about the PC’s processor and amount of RAM.
5. How do I start the implementation?
Without going into every organization’s details (and they could differ, e.g., having a tool capable of supporting SACM and CMDB, or having in place some of the ITSM processes), I would say – start with a good plan. Your plan should include reference to the regulation (if needed), scope of the implementation, tool description, roles and responsibilities definition, nomenclature (for the CI’s identification and labeling) … etc.
No, it’s certainly not. Since SACM covers most of the processes and service assets, we could spend much more time on debating about different aspects of the implementation. And, that’s one half of the story. The other one begins once you are in the operational environment. In that stage there are even more challenges and pitfalls. But, they have a common root – implementation of the process. Depending on implementation, you’ll make your life either easy or terrible on a daily basis. The only certain thing is – it depends on you, and that chance shouldn’t be missed.
Use this free ITIL Gap Analysis Tool to see how your SACM process fit to ITIL recommendations.
You may unsubscribe at any time. For more information please see our privacy notice.