Support Guide: SACM / Service Asset & Configuration (Application/Software)

Objective

  • To convey information that ensures accurate and up-to-date records of all software assets and configurations, and their relationships
  • Application/Software is defined as a computer program that is intended for end user use which provides a specific need or function, can be managed through an application life cycle from conception to retirement/disposal.  Applications are subject to compliance like data privacy and accessibility while meeting the needs across the University. They involve some type of registration, include a user name or password, and/or agreement for terms of use
  • A website is not typically considered an "application for asset management" as it usually lacks the necessary features to actively track, manage, and control a company's assets; however, a website can be part of a larger asset management system, particularly when used to access and manage digital assets through a dedicated Digital Asset Management (DAM) platform

Scope 

  • The scope of SACM for applications/software can reside on-premise, cloud or a workstation clients include the follow key elements:
    • Configuration Identification: Applications and software components 
    • Relationship Mapping: Maintain relationships between different software elements
    • Integration with Change Management process: Used for Impact analysis
    • Regular Audits and Updates: Ensures accuracy of the configuration 
    • Configuration status tracking and reporting: Auditing and tracking
  • Enterprise Applications are supported by enterprise IT teams and defined in the Configuration Item Handbook as A subset of configuration items regarding the applications that are created, managed, or maintained by Enterprise IT. Examples: Banner General, Banner Finance, TeamDynamix, OBIEE, Tableau, Gmail 
  • Conditional Use Applications are often used by individual faculty and students to conduct research, collaborate, and to gain a deeper understanding of how technology is used in the real world or by administrative staff to perform their job duties, in TDX  the forms  User Application and Enterprise User Application are utilized for this purpose 
  • Forms not in scope: Banner Mod, User Application - Google Workspace Marketplace, User Application - Zoom Market Place

Environment

  • 12568: Service Asset & Configuration Management (SACM)
  • 10374: TeamDynamix (CMDB) Applications/Software

Automation

  • Applications/Software are tracked manually as automation currently does not exist

Reviews/Audit 

  • The Configuration Item Owner Handbook provides the process, direction, and roles for applications/software. The application owners are key for auditing and reviewing the applications

User

  • IT Services: Solution Delivery and Enterprise Application Groups are the owners of applications/software once approved, and enter the application/software in TeamDynamix 

Procedure: Add an asset

  1. Log into TDX
  2. Select the IT CMDB tab at the top of your screen
  3. Click on + Asset for a new asset 
  4. At minimum, follow the Must (below attributes list) providing the attributes that are required; you can also add information for the Should/Could sections 
  5. Once completed, Save the asset

Application/Software Device Attributes 

Below are key attribute names with their descriptions along with guidance and information about end user device assets.

 

Must (required)

Crucial to the integrity of most or all CIs; will be regularly audited for accuracy and completeness by the Practice Owner

  • Form: Provides a template of fields to complete - Form Name: Application / Software 
  • Name: The name of the asset
  • External ID: Unique identifier of the asset for connecting to third party systems via API. For Applications: Typically use the Name
  • Status: Status of the asset - Key status are highlighted in BLUE
    • Ordered: Is on order and awaiting arrival 
    • Inventory: Not actively in use but available for deployment 
    • Build Phase: Is in build process - ie. New applications that are in the process of build configuration phase and have not been implemented
    • In-Use: Active - in use
    • Retired: No longer in use but not disposed
    • Disposed: No longer under control of Miami and removed from the environment 
  • Supplier: Vendor from whom the asset was acquired. Specify Miami University if home-grown, if the supplier does not exist in TDX, select supplier
  • Escalation Instructions: Instructions for ticket logger on where to escalate if unable to solve. Most commonly a link to an escalation procedure article in the Knowledge Base
  • Owner (Local Change Authority/Manager): Authorized local change authority/manager of asset
  • Owning Acct/Dept: Solver Team that contains deepest level of technical expertise
  • Prod URL: URL to the production application
  • Description: Purpose of the application or any pertinent information
  • Application Location: Radio Button Choices
  • Premise: Hosted in Miami Data center
  • Cloud - Miami: Hosted off-premise, managed by Miami staff
  • Cloud - Vendor: Hosted off-premise, outside of Miami control
  • Hybrid: Application split across cloud and premise
  • End Point: runs on an end user device
  • Product Model: The product model of the asset. (MU - Application/Software) - This will be filled in by using the form Application/Software
  • Server Environment: This is the ITSM Lifecycle phase. (Production is automatically filled in, but you can use the drop down to change the environment
  • Audited Date: This is the date that this configuration item record was last audited for completeness and accuracy by the configuration item owner
  • Audited By: UniqueID of the Configuration Item Owner who last audited this Configuration Item record for completeness and accuracy

 

Should

Necessary for continuous improvement of SACM capabilities; will be regularly audited for accuracy and completeness by the Practice Owner

  • Application Language: For open-source or custom-built, in what language was the application developed
  • Attachments: Runbooks; Architecture Diagrams; Contracts; Memorandum of Understandings; Operational Documentation
  • Diagram Link: Physical and Logical Diagram Links
  • Requester: Individual in business office who serves as the business owner
  • Requesting Account / Department: Primary business unit beneficiary of asset
  • Internal Escalation Notes: For solver teams to include notes needed for support. Links or location of operational documented
  • Test URL: URL to the test application 
  • Target State: What enterprise application will subsume functionality in long-term
  • Relationship: Other configuration items upon which this application depends

 

Could

The attribute is relevant and desirable to at least some Configuration Item Owners in managing the baseline configuration of their CIs

  • Serial Number: Other names for this product, as used by clients, end-users, vendors, etc.  AKA 
  • Platform(s) Framework(s): The platform or framework the application uses
  • Git Repository: URL to the git repo for the application
  • CAM Interface App Name: Name of the application as it appears in the Configuration Application Management (CAM) Interface used by solution delivery to provide application configuration options for users
  • Product Backlog: Link to project backlog ( Jira) for this asset
  • Admin URL: URL to the administrative interface
  • Last Known Upgrade date: For manually tracking of when an application was last upgraded. Ideally, there should be a change ticket with details of that upgrade that corresponds with this date
  • Last Procurement Renewal Date
  • Next Procurement Renewal Date: The date that the asset is expected to be replaced
  • Related Knowledge: List URLs to KB categories related to this configuration asset
  • Status Health: Used only by MI Coordinator during outages to make asset appear on miamioh.edu/itstatus
  • Maintenance Window: The maintenance window used to determine when activities concerning the asset can be performed
  • Application Blackout Window: Period of time when this application should not be updated and the reason why
  • Attachment(s):  File attachments associated with the asset

 

Solution Delivery Confidence Information

  • Direct Confidence Information: On scale of 1 to 10: direct confidence in a service is determined by operational characteristics from development through runtime
    See this document for signals
  • Context Score: On a scale of 1 to 10: represents how hard a service is to understand as well it's exposure to external factors
    See this document for signals to consider
  • Complexity Score: On a scale of 1 to 10: represents how hard a service is to understand as well it's exposure to external factors
    See this document for signals to consider

 

RISK and Data Privacy Information - Should

  • ISO Data Classification: Data classification as outlined in Best Practice: ISO / Data classification
  • ISO Data Classification Involved:  Please describe the kind of Restricted or Confidential data involved
  • ISO Vendor Privacy Policy Link:  Link the vendor provides for their data privacy
  • ISO Risk Level:  Cybersecurity risk level to categorize a cyber threat
  • Responsible AI Score (RAI):  MS Standard we can loosely adopt. See this document

 

Accessibility Information - To be completed by Accessibility Staff - Should

  • Audience: Check box that applies (Students, Faculty, Potential Students, Staff, Parents, Alumni, Public
  • Accessibility Procurement Status:  Selections include (Need Credentials, On Deck, Testing, Restarting Vendor Inquired, Usability Testing, Report Sent, Client Response, Vendor Engagement, Waiting Meeting, Waiting Roadmap/Updates, Roadmap Received, Past Testing/Engagement, Out of Scope/EOL, On Hold, Needs Follow up
  • Accessibility Last Contact:  The date when the vendor was last contacted for Accessibility Information
  • Accessibility Notes:
  • Accessibility Test Date:
  • Usability Test Date:
  • Accessibility Vendor Roadmap:
  • EEAP Status:
  • Accessibility Contract Language:
  • Accessibility VPAT Date:
  • Contract Term:
  • Accessibility Not Needed:
  • Reviewed by AccessMU: Date that the application was reviewed by AccessMU

 

Audits and Reviews

  • Reviewed by Procurement: Date that procurement or their designate reviewed Terms and Conditions and deemed acceptable per Miami policy
  • Audited Date: This is the date that this configuration item record was last audited for completeness and accuracy by the configuration item owner
  • Audited By: UniqueID of the Configuration Item Owner who last audited this Configuration Item record for completeness and accuracy
  • Last Security Assessment: This is the date that this configuration item record was last audited for security vulnerabilities or other concerns
  • Who Performed the Assessment: UniqueID of the security expert who last audited this Configuration Item for vulnerability or other security concerns

 

Print Article