Context

Government regulations require company executives to certify the integrity of the systems generating financial reports. Part of maintaining integrity is controlling changes to critical infrastructure components that support financial reporting applications. Similarly, internal controls might require reporting against baseline server, desktop, or application configurations. Given the fast pace of change, its important to know what has changed and whether or not those changes were approved.

Description

Steps	Process and Activity	Roles	Work products	Tools
Identify and document system or application baseline configurations.	Configuration Management Identify Configuration Items	Configuration Librarian	Configuration Baseline Report	CCMDB – Identify Configuration Items
Periodically scan application or CIs to verify configurations and detect violations.	Configuration Management Verify and Audit Configuration Items	Configuration Auditor	Compliance Audit Reports	CCMDB – Verify and Audit Configuration Items
For each CI in violation of the baseline a change request is created to document and initiate the correction of the CI.	Configuration Management Verify and Audit Configuration Items	Configuration Auditor	Change Request
Review and schedule the required change.	Change Management Accept and Categorize Change	Change Manager	Change Request	CCMDB – Change Management
Process the change request and change the CI back to the desired state.	Change Management Coordinate Change Implementation	Change Implementor	Change Request	CCMDB – Change Management

Obtaining more information

To get more information, talk to a representative, purchase IBM® Service Management tools, or visit the IBM Service Management page.