N
I have been tasked with looking at gaining certification to ISO/IEC 20000-1 (IT Managed Services).
One of the biggest sticking points we currently have is that we cannot agree on what a Configuration Management Database (CMDB) should be for. The clause in the standard states that "All configuration items shall be uniquely identifiable and recorded a CMDB......The CMDB shall be actively managed and verified to ensure its reliability and accuracy. The status of configuration items, their versions, locations, related changes and problems and associated documentation shall be visible to those who require it".
In the group that has been tasked with looking at implementation we currently have two schools of thought as to what this means. The first is saying this only to applies to internal information and systems, ie how we record this information about our own systems etc. The other is arguing that this should be for information about the managed services that we are providing to the customer, ie what equipment and in what configurations etc. My own personal view is a third way that it should be both of these, ie information about own own systems etc and information about what a customer has.
I have done back ground reading (on which my opinion is based), however the group have also done the same background reading (I supplied them with the references) but they are all interpreting this in information in different ways. Does anybody have any idea as to what the answer this is?
One of the biggest sticking points we currently have is that we cannot agree on what a Configuration Management Database (CMDB) should be for. The clause in the standard states that "All configuration items shall be uniquely identifiable and recorded a CMDB......The CMDB shall be actively managed and verified to ensure its reliability and accuracy. The status of configuration items, their versions, locations, related changes and problems and associated documentation shall be visible to those who require it".
In the group that has been tasked with looking at implementation we currently have two schools of thought as to what this means. The first is saying this only to applies to internal information and systems, ie how we record this information about our own systems etc. The other is arguing that this should be for information about the managed services that we are providing to the customer, ie what equipment and in what configurations etc. My own personal view is a third way that it should be both of these, ie information about own own systems etc and information about what a customer has.
I have done back ground reading (on which my opinion is based), however the group have also done the same background reading (I supplied them with the references) but they are all interpreting this in information in different ways. Does anybody have any idea as to what the answer this is?