Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021
ISO-20000-ITIL-blog

ISO 20000 & ITIL® Blog

What is the role of the Service Asset and Configuration Manager according to ITIL/ISO 20000?

From the questions that I get, I have a feeling that many of you see Service Asset and Configuration Management (SACM) as complicated. I have to tell you that you are not alone. I do ITIL / ISO 20000 trainings and consulting projects, and I have to admit that many people share that thought. We can argue whether that’s justifiable or not, but the fact is that it is so.

The SACM process affects almost everyone in the company and has interfaces to almost all other IT Service Management (ITSM) processes and functions. Even more, the SACM process goes beyond IT and ITSM. The SACM process has a strong interface to corporate finance and assets employees use, like PCs, printers, servers, network devices, etc. ISO 20000 sets direct requirements for such interfaces.

What’s the importance?

Both ITIL and ISO 20000 emphasize the importance of this process. There is a slight difference in the vocabulary, i.e., naming. ITIL uses “Service Asset and Configuration Management process,” whereas ISO 20000 uses “Configuration Management process.” The requirements of both of them are pretty similar. Therefore, the person responsible for the process can have the same job description.

But, how about the importance of the process and its result? To avoid theoretical explanations, just ask people involved in, e.g., Incident Management (e.g., incident diagnosis) or, even better, Change Management (e.g., change evaluation/assessment, planning, etc.). Those processes are, basically, inefficient without SACM in place. But, those are not the only ones; actually, these were just a few of them. SACM is important for Release and Deployment Management, Problem Management, Capacity Management, Availability Management, Knowledge Management… etc.


What are the activities?

In addition to process-specific activities (I’ll explain them soon), the Service Asset and Configuration Manager has generic process manager responsibilities, which usually include:

  • Making sure that process activities are performed as planned
  • Managing resources
  • Monitoring activities and process performance
  • Identifying and managing improvement initiatives (process related, activity related… etc.)

Planning, identification, and control are three main activities to set up the SACM process. Read my previous article Three main activities to set up ITIL Service Asset and Configuration Management to get more details about these activities. Based on these three main groups of activities, the Service Asset and Configuration Manager role will have the following responsibilities:

Planning – The Service Asset and Configuration Manager is responsible for ensuring that the SACM Plan (read the article How to use ITIL to prepare the Service Asset & Configuration Management Plan to learn more about the plan) is created. This will include definition of scope (e.g., whole company), definition of Configuration Items (CIs – service assets that need to be managed to deliver the service), creation of interfaces to other processes, and planning related to the tools that will support the SACM process activities (e.g., requirements definition, vendor selection, integration with other tools, preparation for the implementation, setup of the tool, etc.).

Identification – The Service Asset and Configuration Manager is responsible for ensuring that all CIs are identified as documented in the plan. This task can be difficult when it is performed for the first time. But, once it’s done – it’s important that every new CI follows the same identification nomenclature as defined in the SACM Plan. The Service Asset and Configuration Manager needs to control the identification process (e.g., audit performed occasionally).

Control – This is where the Service Asset and Configuration Manager’s organizational and managerial skills are tested. Therefore, policies and detailed procedures (again, the Service Asset and Configuration Manager has to make sure they exist) needs to be in place in order to ensure that everyone knows what to do and what is allowed (i.e., no change, addition, or deletion of a CI is possible without approval.). Some kind of tool, used by SACM personnel, is crucial here. Usually, this tool covers more than the SACM process, but it’s the Service Asset and Configuration Manager who is responsible for making sure that SACM is properly implemented in such tool.

Once you have the SACM process in place and services are running in the live environment, it’s important that the SACM process manages and keeps control over all the CIs that were defined in the scope (set in the SACM Plan). But, this is not as static as it seems. Quite the contrary – SACM is involved in almost all daily activities related to the service. Therefore, the Service Asset and Configuration Manager has responsibility for two sets of activities:

Status Accounting and Reporting – This is where the Service Asset and Configuration Manager needs to ensure that the listed status of the CI is always its actual status. For example, the status of the CI can be “In test,” “Approved,” “Installed,” “Withdrawn,” “Under Maintenance”… etc. For this purpose, the Service Asset and Configuration Manager has to clearly define responsibilities among the people involved in the SACM process, as well as their relation to other processes (e.g., Release and Deployment Management). Reporting can be seen as a controlling mechanism, i.e., a tool for the Service Asset and Configuration Manager to be sure that everything is as expected.

Verification and Audit – The Service Asset and Configuration Manager performs regular audits of the CMS (Configuration Management System) and verifies that all CIs match the physical infrastructure. If there are discrepancies, the Service Asset and Configuration Manager will need to investigate why they occur and how to prevent such situations in the future.

You can’t live without him

So, it’s obvious that the SACM process is needed, as well as someone to manage it, i.e., the Service Asset and Configuration Manager. Since you need to have one, it’s logical to make the best of it. How can you do that? Well, that’s another story. There are many parameters that influence this answer, but consider:

  • your own business – i.e., what you are doing, what kind of services you are providing, what is the market or competition, etc.
  • your own organization – structure, people, know-how, and particularly, assets, i.e., CIs under your jurisdiction
  • tools in place – this is a great help to the Service Asset and Configuration Manager, but also his responsibility

And, it’s not only about the SACM process. The Service Asset and Configuration Manager has much broader reach in ITIL, as well as ISO 20000. Therefore, the right person provides you with an excellent foundation in many other processes. It’s better not to miss that opportunity.

Use this free  ITIL/ISO 20000 Gap Analysis tools to check your Service Asset and Configuration Management process compliance with ITIL/ISO 20000.

Advisera Branimir Valentic
Author
Branimir Valentic
Branimir is an expert in IT service management (consultancy, training and tools), IT governance (training and consulting), project management and consultancy in IT and telecommunication. He holds the following certificates: ITIL Expert, ISO 20000, ISMS Lead Auditor and PRINCE2.