Preparing the CMDB for an Audit

Version 1

    When you get the news that you need to get ready for an audit it can be a scary moment. Whether it is an internal or external audit team, the stress starts building up and that should not be the case. With ServiceNow, you can set automated workflows that create the ease of being able to prove:

    • Which software is installed on each device
    • Where each asset is physically located
    • Integrate and implement security operations

    The biggest problem is the majority of organizations do not know where to begin.

    I suggest starting with the documentation that governs the audit process. This documentation should be your cheat sheet for creating your sprints and stories for ServiceNow Enhancements. Craft the stories around what the audit team is looking for and you will be set. With the GlideFast CMDB and Asset Compliance Solution, you will have all you need to prepare your organization for the next audit. The evaluation of your processes and how to have events trigger changes to the CMDB and Asset Repository are critical for your defense against the audit team.


    Before you begin making changes to the workflow you need to make sure that you have all of your processes in Standard Operating Procedures (SOPs). This will allow you to show the audit teams what happens at each stage in the workflow. This is important to provide clear and concise instructions that are the standard for everything you do in your environment. Once you create these procedures you will have a clear idea of how to start making changes to your workflow with the custom columns that were provided in the GlideFast CMDB and Asset Compliance Solution. Our solution will make a huge impact on the speed of getting your audit completed. If you have these processes documented and the automation built into the workflow you will only need to prove that the steps are taking place versus trying to scramble to get information. All the information that the audit will need will be located in the CMDB and the Asset Repository.

    Our solution is the difference between you being proactive as opposed to reactive.

    Your next steps after you have the knowledge of what needs to happen in the workflow it is time to make those customizations. This will allow for you to automate your processes to the point of not having to panic when asked any questions from the audit team. The workflows will provide an audit trail of what happened to each asset and when it occurred. You can pull the history of the asset or configuration item in either a list or calendar view. This allows for you to prove that the tasks were accomplished and the exact date and time to satisfy compliance teams. Once you have this completed, you will have an automated process that protects you from those tough audit questions.


    If you would like more assistance check us out at Prepare for an Audit with ServiceNow |.

    Sam Sussman
    ServiceNow Implementation Consultant