Taking CMDB to the Next Level by Capturing Data Inventory on Assets that Will Automate GRC Efforts

To improve compliance, IT risk management, and IT support within our decentralized IT structure at NC State University, our Office of Information Technology (OIT) is working with cross-campus IT stakeholders to establish a central inventory within our ServiceNow Configuration Management Database (CMDB). NC State is expanding this resource inventory to include data from all relevant IT assets. This inventory expansion has required customization to reflect how NC State leverages its data classification scheme. The data inventory will empower the business, IT support, compliance, and risk management teams a full understanding of compliance obligations, levels of sensitivity, and the data governance responsible for that data. This inventory expansion will also enable the institution’s governance, risk, and compliance (GRC) tools to leverage that data to perform automated compliance attestations with the appropriate stakeholders, improve the use of risk management efforts, and enable the university’s internal audit organization to improve its scope for audit plans. This project is kicking off in 2022 with proofs of concept being conducted within OIT along with the IT support group from the Division of Academic and Student Affairs. Full campus use is estimated by fall 2022.