Back to Standard CMDB

Standard CMDB Governance Playbook

Enterprise governance framework for operating and maintaining the Standard CMDB Schema v2.0. Defines ownership models, data quality rules, review cadences, and escalation procedures aligned with ITIL Configuration Management best practices.

📖 30 min read 🖥️ Standard CMDB v2.0 💼 Paid Tier

Overview

Effective CMDB governance ensures data accuracy, completeness, and currency. Without governance, CMDB data degrades rapidly, undermining the value of incident correlation, change impact analysis, and service dependency mapping. This playbook provides the policies and procedures necessary to maintain CMDB integrity as a trusted source for IT operations.

What This Playbook Establishes

  • Data ownership model for all twelve object types
  • Data quality rules and metrics for CMDB accuracy
  • Review cadences for CI verification and reconciliation
  • RACI matrix for Configuration Management activities
  • Escalation procedures for data quality issues
  • Audit readiness for IT compliance requirements

CMDB Governance Structure

The CMDB Governance Board

A CMDB Governance Board provides strategic oversight and decision authority for Configuration Management. This board establishes policies, resolves ownership disputes, and ensures CMDB alignment with IT and business objectives.

Role Responsibility Meeting Attendance
IT Operations Director (Chair) Strategic direction, resource allocation, executive accountability All meetings
Configuration Manager Day-to-day CMDB operations, data quality, process enforcement All meetings
Service Management Lead Service catalog alignment, service dependency accuracy All meetings
Change Manager Change impact assessment, CI-change correlation All meetings
Asset Manager Hardware and software asset tracking, license compliance All meetings
Infrastructure Lead Server, network, and cloud infrastructure accuracy Monthly
Application Development Lead Application and database CI accuracy Monthly
Security Representative Security-relevant CI attributes, access control Quarterly

Meeting Cadence

  • Weekly: Configuration Manager operational review
  • Monthly: CMDB Governance Board meeting (IT Operations Director chairs)
  • Quarterly: Strategic alignment review with IT Leadership

Data Ownership Model

CMDB data ownership follows a three-tier hierarchy:

Tier Role Responsibility
Data Steward Overall accountability for object type Sets policies, resolves disputes, ensures completeness
Data Owner Accountability for individual CI records Maintains accuracy, confirms changes, approves updates
Data Contributor Creates or updates CI data Follows processes, provides accurate information

Ownership by Object Type

Object Type Data Steward Source Systems
Location Facilities Manager Facilities management system
Vendor Procurement Manager Procurement system, contract database
Team IT Operations Manager HR system, organizational charts
Person HR Business Partner HR system, Identity Provider
Business Service Service Management Lead Service Catalog (CMDB often authoritative)
Server Infrastructure Manager Discovery tools, hypervisor, cloud APIs
Database Database Administration Lead Database monitoring tools
Application Application Development Lead Application Portfolio Management, CI/CD
Network Device Network Operations Lead Network discovery tools, NMS
Cloud Resource Cloud Operations Lead Cloud provider APIs
Software License IT Asset Manager SAM tools, procurement system
Document Knowledge Management Lead Documentation platforms

Data Quality Rules

Core Data Quality Dimensions

Dimension Definition Measurement
Accuracy CI data correctly reflects reality Sample validation against source systems
Completeness Required attributes populated Percentage of CIs with all required fields
Currency CI data is up-to-date Age of last update vs. expected refresh
Consistency CI data follows standards Adherence to naming conventions, valid values
Uniqueness No duplicate CIs Duplicate detection scan results

Quality Targets by Object Type

Object Type Quality Target Key Rules
Location 95% Name follows convention, active locations have address
Vendor 90% Active vendors have support contact, contract dates tracked
Team 95% Has contact email, has at least one member
Person 98% Active persons have email and team assignment
Business Service 98% Has Service Owner and Support Team
Server 95% Has IP address, environment, location
Database 95% Has host reference, backup schedule for production
Application 95% Has host reference, service linkage for production
Network Device 95% Has IP address, location
Cloud Resource 95% Has Resource ID, region, cost tracked
Software License 90% Has vendor, expiry date for subscriptions
Document 95% URL accessible, has related service for runbooks

Review Cadences

Daily Operations

Activity Owner Deliverable
Discovery import monitoring CMDB Administrator Import success/failure report
Data quality dashboard review Configuration Manager Exception list for follow-up
New CI review CMDB Administrator Validated new records
Duplicate detection scan Automated Duplicate alerts

Weekly Reviews

Activity Owner Day
Data quality exception review Configuration Manager Monday
Orphaned CI review CMDB Administrator Tuesday
Stale CI investigation Infrastructure Lead Wednesday
Discovery reconciliation CMDB Administrator Thursday
Weekly metrics report Configuration Manager Friday

Monthly Reviews

  • CMDB Governance Board meeting (1st week)
  • Complete data quality scan (1st week)
  • CI count trend analysis (2nd week)
  • Ownership verification sample (3rd week)
  • Integration health review (4th week)

Quarterly Reviews

  • Full service dependency verification
  • Business Service completeness audit
  • License utilization review
  • Team and Person reconciliation
  • Vendor contract review
  • CMDB process assessment

RACI Matrix

R = Responsible (does the work) | A = Accountable (owns the outcome) | C = Consulted (provides input) | I = Informed (kept updated)

CI Lifecycle Management

Activity Config Mgr Data Steward Data Owner CMDB Admin IT Ops Mgr
CI Creation (Manual) C A R C I
CI Creation (Discovery) A I I R I
CI Update C C R C I
CI Validation C A R I I
CI Archival/Deletion A C R R I

Escalation Procedures

Escalation Levels

Level Authority Response Time Scope
L1: Data Owner Correct data, update records 5 business days Individual CI issues
L2: Data Steward Assign ownership, set priorities 3 business days Object type issues
L3: Configuration Manager Process exceptions, cross-type issues 2 business days Multi-type issues
L4: IT Operations Director Resource allocation, policy exceptions 1 business day Strategic issues

Common Escalation Triggers

Issue Initial Owner Escalate To Trigger
Incorrect CI data Data Owner Data Steward Not corrected in 5 days
Missing required attributes Data Owner Data Steward Not populated in 5 days
Duplicate CIs CMDB Administrator Data Steward Ownership conflict
Ownership dispute Data Steward Configuration Manager Teams cannot agree
Resource constraints Configuration Manager IT Operations Director Insufficient capacity

Audit Readiness

Pre-Audit Checklist

  • Run full data quality scan and remediate critical findings
  • Verify all critical Business Services have complete attributes
  • Confirm ownership assignments for all Production CIs
  • Validate dependency chains for top 10 critical services
  • Generate CI count reports by type and status
  • Export data quality trend reports (12 months)
  • Verify discovery integration is current
  • Review and close stale exception tickets
  • Brief Data Stewards on audit scope and timeline

Evidence by Audit Type

Audit Type Required Evidence
IT General Controls CI inventory by type, change correlation, access control reports
Asset Management Server/network inventory, license utilization, vendor contracts
Service Continuity Business Service inventory, DR documentation links, dependency maps
Security Server inventory, environment classifications, ownership assignments

Data Retention Policy

Object Type Active Retention Archive Retention
Location Indefinite while Active 7 years after closure
Vendor Indefinite while Active 7 years after relationship ends
Person Indefinite while Active 7 years after termination
Business Service Indefinite while Active 5 years after retirement
Server, Database, Network Device Indefinite while Operational 3 years after decommission
Application Indefinite while Operational 5 years after retirement
Cloud Resource Indefinite while Running 2 years after termination
Software License Indefinite while Active 7 years after expiration
Previous Document
← Best Practices Guide
Next Document
Forms Specification →