Introduction to Service Asset and Configuration Management

- select the contributor at the end of the page -
One of the basic pillars of ITIL® is the traditional Configuration Management. In ITIL® V3 it's called Service Asset and Configuration Management (SACM). Without it, the entire service management lifecycle can be rendered useless. I am going to discuss the basics of this proces.


Every service is made up of components that contribute to the overall working of it. Let's say for a messaging service, individual components that contribute are servers, software, networks, admins who run the show, and anything and everything else that chips in.

SACM deals with these individual components, their attributes and their relationships. Its omniscient presence through the service lifecycle makes it one of the most important processes in ITIL®, and potentially the very first to be implemented.


It's important to understand certain terminologies before proceeding any further.

Service asset - Resources and capabilities are service assets. Resources could be infrastructure, application and data. Capabilities include people, organization, management and their knowledge and wisdom. In essence, every single aspect of a service is considered a service asset.

Configuration Item (CI) - Any component in the service that needs to be controlled and managed in order to deliver a service is a configuration item. Servers, routers, switches, printers and work instruction documents are examples of a CI. A unique identifier differentiates one CI from another. CIs are made up of attributes and relationships. For example, let us consider a server as a CI that is uniquely identified as SRV. Some of its attributes would be 2GHz processor, 2GB RAM and Windows 2003 Server. This server's relationship could be that it is connected to XYZ router, and is the parent of another server, ABC.

Configuration Management Database (CMDB) - As the name suggests, it is a database that records various CIs along with their attributes and relationships. CMDB is a subset of another system called the Configuration Management System (CMS). CMS consists of various CMDBs and databases containing incidents, changes, releases, problems and known errors.

Definitive Media Library (DML) - DML is a secure storage for media CIs. It contains master copies of all authorized media, license agreements and other documents pertaining to media management.

Definitive Spares - Definitive spares are secure stores for physical CIs. It generally contains definitive hardware service assets that are not operational yet. For example, it might contain laptop batteries, power cables and head phones.

Configuration Baseline - When a service is implemented (or at any other juncture), there are certain additions/modifications done to the CMDB. A configuration baseline is drawn at this point which indicates that any further changes done to the CMDB has to go through change management.

Snapshot - A snapshot provides the current status of CIs. It is also called a foot print, and a snapshot is generally used in verifying CMDB records and audits.

SACM Activities

​SACM can be broadly classified into five activity streams.

1. Management and Planning

Planning the configuration management activities is a mammoth and decisive activity. It makes or breaks the success of this process.

First, we need to plan on what we are going to consider a CI. I stated in my example earlier that a server is a CI. It might so happen that a particular company wants to go one step deeper, and call the individual components of a server a CI - RAM, HDD, Motherboard and so on. There is nothing wrong in it. It is the company's preference to decide.

Another company on the other side of spectrum might decide to call a cluster of servers a CI. The same mantra applies - if they can manage it better this way, then it's the right way.

General practice across the service industry is to name a server as a CI, a router as a CI and sometimes, a monitor as a CI as well. Individual components that make up the CI are not managed individually.

The planning activity also takes into consideration how the succeeding four activities would be managed and what resources are necessary to achieve it.

2. Configuration Identification

Planning is one half, while execution is the other.

Identifying CIs is an onerous task for most organizations. It employs manpower to a good extent and the use of sophisticated tools such as auto discovery that can identify assets by polling them. Such tools come with a royal price tag as well.

The CIs identified are stored on the CMDB, either automatically or manually.

3. Configuration Control

Once all the CIs are identified and recorded, it's in no way the end of the road. Nothing is static, not even the information stored on CMDB. It changes with every change ticket, modification, addition and decommission. An important aspect in this activity is to control the changes done to the CMDB. The changes done must be accurate and authorized by the right people.

For example, let's say that a server is reporting a lack of memory to run a certain application. To mitigate, you increase the RAM from 1GB to 2GB. This prompts modification to be done to this CI in the CMDB. This activity controls the changes done to CIs, and in this case, the attribute of a CI.

4. Status Accounting and Reporting

From time to time, organizations like to know the number of assets they own, the types of assets they have, those commissioned in the past few weeks, and those disposed. Also, the different statuses that CIs have gone through over a period of time is of interest as well. All of it is covered under this activity.

5. Verification and Audit

Regular verfication and audit drills are put into plan in the first activity. It ensures that the ​accuracy of CI information residing on CMDB is reviewed, and an audit over a sample size is conducted by both internal and external parties regularly.

As CMDB provides information to all other processes, it is of utmost importance to keep it as accurate as possible. Hence maximum care must be taken to put measures that will verify the data on a regular basis - say weekly. Audits are done to check the compliance between what is stated in CMDB and what is stated in reality.​

Sign up for a free 3-day trial to get access to TrainSignal's entire training library, including project management training for ITIL® v3 Foundations.

ITIL® is a Registered Trade Mark of the Cabinet Office.

Get our content first. In your inbox.

Loading form...

If this message remains, it may be due to cookies being disabled or to an ad blocker.


Abhinav Kaiser

Abhinav Kaiser is a veteran in service and in project managements. He advises businesses, organizations and enterprises on how to build service management framework and deliver value. He is currently penning a book on communication in organizations, specifically aimed at IT departments. He holds PMP, ITIL© V3 Expert and Cobit 5.0 certifications and is an accredited ITIL© trainer.