Back to Enterprise IT CMDB

Enterprise IT CMDB Governance Playbook

Establish policies, procedures, and controls to maintain data quality and integrity across 21 object types. This playbook ensures your CMDB remains a trusted source for incident management, change control, and compliance reporting.

📖 30 min read 📋 Governance v1.0 🏢 Enterprise Tier

Governance Structure

CMDB Governance Board

Purpose: Provide strategic direction and resolve cross-functional CMDB issues.

Role Responsibility Attendance
IT Director (Chair) Strategic decisions, resource allocation Monthly
Configuration Manager Operational governance, data quality Monthly
Enterprise Architect Schema evolution, integration strategy Monthly
Service Delivery Manager Service mapping requirements Monthly
Security Manager Security CI requirements, compliance Monthly
Change Manager Change impact analysis needs Monthly

CMDB Operations Team

Role FTE Responsibilities
Configuration Manager 1.0 Governance, quality oversight, stakeholder management
CMDB Analyst 2.0 Data quality, imports, relationship management
Integration Specialist 0.5 Discovery tool sync, API integrations
Report Developer 0.5 Dashboards, compliance reports

Data Ownership Model

Object Type Ownership Matrix

Category Object Types Data Owner
Locations Location Facilities Manager
Cloud Cloud Account, Cloud Instance, K8s Cluster Cloud Platform Lead
Business Services Business Capability, Business Service, Technical Service Service Delivery Manager
Applications Application, Microservice, Container Image, API Application Portfolio Manager
Servers Server, Virtual Machine Infrastructure Manager
Databases Database DBA Lead
Network Network Device, Load Balancer Network Operations Lead
Security Certificate, DNS Record Security Operations Lead
Licensing Software License, Contract Vendor Manager

Data Quality Framework

Quality Dimensions

Dimension Definition Target
Completeness Required fields populated 98%
Accuracy Values match reality 95%
Timeliness Records updated within SLA 90%
Consistency Values follow standards 95%
Uniqueness No duplicate records 99%
Validity Values within allowed ranges 98%

Quality Rules by Object Type

Business Service Rules:

Rule ID Rule Severity
SVC-001 Service Owner populated Error
SVC-002 Criticality assigned Error
SVC-003 RTO/RPO for Tier 1-2 services Warning

Application Rules:

objectType = "Application" AND Status = "Active" AND Owner IS EMPTY

Server Rules:

objectType = "Server" AND Status = "Active" AND updated < now(-60d)

Certificate Rules:

objectType = "Certificate" AND "Expiry Date" < now(30d) AND Status = "Active"

Review Cadence

Daily Reviews

Automated Data Quality Report - Generated at 6:00 AM:

  • Records created/modified in last 24 hours
  • Quality rule violations by severity
  • Stale record alerts
  • Sync failure notifications

Weekly Reviews

Data Steward Review (30 min each):

  • Quality score trend review
  • Open quality issues status
  • Upcoming data activities
  • Relationship verification sample

Monthly Reviews

Governance Board Meeting (2 hours):

  • Quality trend dashboard review
  • Major data quality issues escalation
  • Schema change requests
  • Integration health review

Quarterly Reviews

Full Audit:

  • Sample-based accuracy verification
  • Relationship integrity check
  • Orphan record identification
  • Compliance evidence gathering

Compliance Mapping

SOC 2 Type II

Control Area CMDB Support
CC6.7 - Configuration Management Complete CI inventory, change history
CC7.1 - Change Management Change impact via relationships
CC8.1 - Incident Management Service dependency mapping

ISO 27001

Control CMDB Support
A.8.1.1 - Asset Inventory All 21 object types
A.8.1.2 - Asset Ownership Owner attributes on all CIs
A.12.1.2 - Change Management Relationship-based impact analysis

Escalation Procedures

Severity Criteria Response Time Escalation Path
Critical >20% quality drop, audit failure 4 hours Config Manager → IT Director
High >10% quality drop, compliance gap 24 hours Data Steward → Data Owner
Medium Quality SLA miss 3 business days Data Steward → Data Owner
Low Minor data issues 10 business days Data Steward
Previous Document
← Implementation Guide
Next Document
Forms Specification →