OIT delivers centralized IT inventory platform
With ServiceNow, we are well positioned to leverage the investments NC State made in our CMDB to support major initiatives such as S&C’s risk management, as well as enabling other major initiatives on our ITSM roadmap.
John Constantelos
Director of OIT Technology Support Services-Client Solutions
OIT Security and Compliance (S&C), Shared Services and Technology Support Services (TSS) worked with several cross-campus IT stakeholders in the first stage of a multi-year effort to deliver a centralized inventory that captures all campus IT assets.
The initiative, which began in 2019, was in response to the UNC System Office Standard 1400.3, mandating that all universities inventory their systems to determine the location of highly sensitive (red) and ultrasensitive (purple) data.
Developed in ServiceNow, the Configuration Management Database (CMDB) captures the data on IT assets and documents the data classification levels and their relationships.
The CMDB centralizes the management of IT assets, allows a better understanding of where the university’s critical data is and allows for better decision-making around security, risk and business investments.
This project covers the initial inventory and classification effort for OIT Financial Systems (PeopleSoft and connected systems) and the Division of Academic and Student Affairs systems. After additional refinement and vetting with other colleges, this solution will encompass IT assets throughout the university.
Data Classification in CMDB
The ServiceNow team, working in collaboration with S&C, successfully customized the ServiceNow platform to add data classification tables and a data and compliance details tab to identify the classification of business or application data contained on the devices. Using the NC State Data Management Framework, this customization allows owners to determine the data sensitivity level and resulting compliance requirements.
By associating the data classification levels to IT assets in the CMDB, OIT can account for these assets in governance, risk and compliance (GRC) programs, providing a better understanding of the dependencies to plan and secure services.
The data inventory will also enable the institution’s GRC tools to leverage that data to perform automated compliance attestations with the appropriate stakeholders, improve risk management efforts and enable the university’s internal audit unit to improve its scope for audit plans.
IT Service Management (ITSM)
The CMDB will also support the many university’s IT service management (ITSM) processes including change management, incident response and service mapping, aiding in the reduction of IT disruptions and outages because the relationships can reveal which systems will be impacted.
“The CMDB is foundational to any ITSM platform and processes,” said John Constantelos, director of OIT TSS-Client Solutions. “With ServiceNow, we are well positioned to leverage the investments NC State made in our CMDB to support major initiatives such as S&C’s risk management, as well as enabling other major initiatives on our ITSM roadmap.”