Working across teams to eliminate redundancies and keep your CMDB accurate and up-to-date 

Having a centralized up-to-date configuration maintenance database (CMDB), or an overall record of shared information across a business’ digital ecosystem, is a great competitive advantage. Specifically, easy access to information enables people to execute at a higher level. When it comes to having a consolidated list of IT assets, systems, and processes in place throughout your business, your CMDB, most organizations have little confidence in its accuracy of their documentation.   

Evaluating Traditional Roles of CMDB Maintenance 

Maintaining a complete list of IT assets and business practices has traditionally been a function of IT. Logically, this made perfect sense when IT was the team physically managing and maintaining the hardware housing this information. Consolidating and updating this information has been relegated to a routine activity and scheduled on a cadence that works with an individual’s job function. Other instances of an update would occur when you add a new IT asset, but in the digital age of technology, data and systems are moving faster than ever. To maintain compliance with regulations across departments, teams need access to this data regularly that may align with IT’s CMBD maintenance schedule.  

Considering Today’s Responsibilities, New Needs for Information 

To conduct a meaningful risk assessment, Privacy Impact Assessment (PIAs), or on a larger scale a full Business Impact Analysis (BIA), organizations have to understand and disclose where and what sensitive data is stored as well as associated processing activities.  To execute these routine assessments, businesses need to pull the latest information across their IT assets, software applications, and related business processes, but most organizations have little confidence in the accuracy of their data documentation, or CMDB. 

Compliance requirements impose high stakes motivation to avoid penalties, fines, or data loss that can result in negative publicity. To report and adhere to compliance requirements, CISOs, Risk Managers, and Privacy Professionals maintain the same CMDB information. The source of CMDB data maintained outside of the preview of IT produces the same information on a much more regular basis than the traditional centralized CMDB.  

Engaging in Cross-Functional Collaboration to Regulate CMDB Upkeep

Businesses have shifted how they work with new technology to keep pace with delivering optimal customer experiences. Regulatory reactions have since come into play and created additional obligations to protect public interest and hold organizations accountable. This cycle of change has led to different business initiatives, and many times different roles completing essentially the same task.  

Professional vantage points have broadened to connect departments and identify efficiencies. Therefore, organizations need to take a broader look at their business processes for traditional roles and responsibilities. Keeping your CMDB up-to-date is traditionally a business process challenge. If businesses approach this task from a different perspective, there are solutions available today. Coordinating teams and tools, in this case, audit, compliance, privacy and IT, you can eliminate redundancies by shifting the responsibility to the highest motivated stakeholder seeking the information, and streamlining the task at hand with a shared toolset.  

Learn how OneTrust GRC takes a business-centric approach to enable employee collaboration across departments, execute tasks efficiently and implement automation into routine tasks such as CMDB maintenance.  

Follow OneTrust news via Linkedin and Twitter