Joined: Dec 09, 2007 Posts: 2 Location: Santa Ana, CA
Posted: Tue Jan 08, 2008 7:09 am Post subject: Classifying CI Data
Classification of Configuration Items based upon financial risk…
We have been toying around with the idea of classifying our CI data based upon the financial risk to the organization. The information would be used primarily with our Service Desk, Change, and Release Management teams. At the same time the information could be used by the Service Desk in defining the priority of the incident instead of just using urgency + impact.
Has anyone attempted to do this in their organization’s CMDB? What type of classification or categorization schema did you use?
Joined: Oct 26, 2007 Posts: 295 Location: Calgary, Canada
Posted: Tue Jan 08, 2008 7:19 am Post subject:
Actually, we have included financial risk and impact in the prioritization guide for Incidents and Changes. Defining and better yet quantifying financial risks, such as costs, penalties and any other impact on revenue, fits perfectly with the impact/urgency when setting priority.
Would you mind providing and example on how you are planning to use Financial Risk information for classifying CI's in context of Incidents and Changes?
if you get the CI relationship design right and have good relationships of your CI;s which inturn are used to create service records with related CI's you can get to see what is related froma service point of view and the areas of risk e.g. where there is no failover server for a service.
You can set rick etc. of a Ci at the Ci level but when you look at it from a service level you may get a different picture. i think it is important to look at this from the Services level and not the individual CI level. _________________ Mark O'Loughlin
ITSM / ITIL Consultant
Joined: Jan 08, 2008 Posts: 6 Location: Bangalore, India
Posted: Tue Jan 08, 2008 9:26 pm Post subject:
The classification will also depend on the RPO (Recovery Point Objective) and RTO (Recovery Time Objective) of every CI.
Here, the lower the RPO & RTO for any CI and its associated CI's, the higher the cost to the business and vice versa.
To define the same, you need to identify the critical services for the business, and then arrive at the time in which business want the service to be recovered and the lowest point of loss (say data, transaction) which they are willing to accept to the business.
Then you will have a better and more business oriented classification all the CI's for that service. Based on the same information you can also define the categories of the CI's.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum