Search
Topics
  Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Feedback
· Forums
· Search
· Statistics
· Surveys
· Top
· Topics
· Web Links
· Your_Account

Current Membership

Latest: HGoble
New Today: 33
New Yesterday: 69
Overall: 148113

People Online:
Visitors: 52
Members: 1
Total: 53 .

Languages
Select Interface Language:


Major ITIL Portals
For general information and resources, ITIL and ITSM World is the most well known for both ITIL and ITIL Books. A shorter snapshot approach can be found at ITIL Zone

Related Resources
Service related resources
Service Level Agreement
Outsourcing

Note: ITIL is a registered trademark of OGC. This portal is totally independent and is in no way related to them. See our Feedback Page for more information.


The Itil Community Forum: Forums

ITIL :: View topic - How to audit the configuratin management
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

How to audit the configuratin management

 
Post new topic   Reply to topic    ITIL Forum Index -> Configuration Management
View previous topic :: View next topic  
Author Message
Shirou
Newbie
Newbie


Joined: Jul 23, 2007
Posts: 2

PostPosted: Tue Jul 24, 2007 2:00 am    Post subject: How to audit the configuratin management Reply with quote

Hello,

I have to conduct an Inventory System Audit. I have no specific knowledge in this field, so I started looking for best practices and frameworks and got to ITIL.
The configuration management described seems to be what I need to look for (issues, concepts...), but in a much more complex way. See, I work for a company, more or less like a bank. We are just implementing a TI Audit team and we really have no support whatsoever to conduct our activities (the department has just been created by legal issues, not because the directors have actually saw something good coming from it).
We were assigned to run a Inventory System Audit, and there is no way my company could implement a completed CMDB, at least for now, so looking for that would be a waste of time.
I need your help to clarify what points or items should I look for? Which ones are essential? Lets say, to have a minimum, basic, simple, but yet somehow connected to ITIL, Inventory System.
PS: Our main concern is not the commercial softwares, like OSs, but the systems developed specific for our needs, programmed here by our IT Department or Third part employees.
Thanks
Back to top
View user's profile
UKVIKING
Senior Itiler


Joined: Sep 16, 2006
Posts: 3320
Location: London, UK

PostPosted: Tue Jul 24, 2007 8:44 pm    Post subject: Reply with quote

Sigh....

What is the purpose of the Audit ?

If it is to comply with legal issues, then you need to be concerned about the following

O/S & Applications
and the licenses for such

If you have 200 PCs w/XP, 2k, Vista etc do you have 200 seat license or 200 individual licenses for the O/S.
If you have Servers, same thing for the O/S, same thing for exchange, sql, etc etc as for licenses for the s/w and seat licenses for the users

For the development side, do you have the license(s) for the 'distributable' packages of the applications that were built for you. Did the 3rd party have them...etc etc.

The inventory can be done in several parallel steps.

1 - using your monitoring tools, determine the # of kit that is being monitored
2 - using your system mgmt/control tools - Active Directory - determine the # of users and the identified PCs, Laptops, Printers that exist in the AD database. You may also get application data - depending on what is installed for system mgmt
3 - With #1 data, go find the kit and identify the physical device that is associated with the virtual/logical device
4 - with #2 data, go around the office(s) and do the same thing

Then compare 1 & 3 and 2 & 4 - find the matching data and the unmatched data.

Repeat until satisfied.

In addition, your company may have to write policies concerning use of personall software, management of existing software.

While ITIL has some of this, this task is basically the following

Go to site. Touch device. mark it ans inventory.Move to next device

Same would apply to any application developed for internal use.

Congratulations..... you have been thrown into the deep end
_________________
John Hardesty
ITSM Manager's Certificate (Red Badge)

Change Management is POWER & CONTROL. /....evil laughter
Back to top
View user's profile
Guerino1
Senior Itiler


Joined: Jan 01, 2006
Posts: 500
Location: New Jersey

PostPosted: Fri Jul 27, 2007 5:28 am    Post subject: Re: How to audit the configuratin management Reply with quote

Hi Shirou,

"Audit" is all about transparency of data/information/knowledge.

In order to get the data you need, you have to have highly repeatable processes in place.

The first step you will have to address is the inventory of each data type your auditing group cares about...

Products
Releases
Assets
Configurations
Accounts
Changes
Incidents
Problems
People
Organizations
Projects
Etc.

What this means is that "somewhere" you should have a complete, and constantly "kept up to date" inventory of each and every one of those line items. The inventory, itself, ensures one place for a true source of data. The auditors will always want proof of this. How you keep the inventory up to date will be the processes that control the "lifecycle" of any instance of any data type, above. It's the processes that ultimately drive measurement, effectiveness and optimization.

For audit, the first thing to prove is that your inventory is solid.

The second thing to prove is that all people know where to go to see, update, and manage the definitive inventory.

The third thing is to show proof of repeatability for how those inventories are managed.

The fourth is to prove that there are repeatable and controlled processes for how you modify the items within the inventories. Remember, as a record of any single item moves through its lifecycle, it gets modified and you'll need to keep history of modifications.

And, finally, when you're very mature, you will also be able to show relationships between any and all entities, as well as proof of process that defines how you manage and modify the relationships, too.

Anyhow, I hope this helps.

My Best,

Frank Guerino, CEO
TraverseIT
On-Demand ITIL
Back to top
View user's profile Send e-mail Visit poster's website
Shirou
Newbie
Newbie


Joined: Jul 23, 2007
Posts: 2

PostPosted: Fri Aug 17, 2007 4:05 am    Post subject: Reply with quote

Thanks.
Recently I discovered that my company developed a IT Management Plan, and for that, and exclusively for that document, it has been elaborated a Inventory of Software and Hardware.
Ive discovered that the things is rather simple. There is no process involved, no standard, no responsabilities, no ... nothing. It has been done once and only God knows when is going to be updated...
My job now has changed to do some recomendations about "good practices" to be implemented.
Your advices will help me greatly in that.
Back to top
View user's profile
Guerino1
Senior Itiler


Joined: Jan 01, 2006
Posts: 500
Location: New Jersey

PostPosted: Mon Aug 27, 2007 9:56 pm    Post subject: Reply with quote

Hello Shirou,

You say that it has been "elaborated an Inventory of Software and Hardware". If this is the case, you're looking at basic Asset Management and not Configuration Management, at all. I can't tell you how many enterprises and people I deal with, in IT, that still don't understand the difference between the two.

The reality is that there are many different types of configurations you will need to inventory and manage and they are associated with almost all of your asset types. For example:

- Design Configurations
- Build/Contruction Configurations (including SW packaging)
- Deployment/Distribution Configurations
- Installation Configurations
- Instantiation Configurations
- Initiation Configurations
- Execution/Behavioral Configurations
- Rollback/Recovery Configurations
- Location Configurations
- Documentation Configurations
- Etc.

The reality is that anything that needs to be versioned and/or tracked is usually fair game for having a configuration that is worth keeping in your inventory.

Anyhow, I hope this helps.

My Best,

Frank Guerino, CEO
TraverseIT
On-Demand ITIL
Back to top
View user's profile Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    ITIL Forum Index -> Configuration Management All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.8 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

Logos/trademarks property of respective owner. Comments property of poster. Rest 2004 Itil Community for Service Management & Foundation Certification. SV
Site source copyright (c)2003, and is Free Software under the GNU / GPL licence. All Rights Are Reserved.