How do you do ITAM?

This is a very common question today as more and more organizations are realizing the importance of setting up and maintaining a successful IT asset management (ITAM) program.

Before we dive deeper, allow me to introduce myself. I'm Teri Bobst. With over 25 years of experience in IT, I've spent the last decade and more focused on ITAM. My passion lies in guiding organizations to ITAM program success, leveraging the immense potential of the ServiceNow platform. Now, back to our exploration.

Let’s begin by considering what ITAM is.

What is ITAM?

ITAM is a discipline that all organizations need to adopt and champion to be good stewards of their budget, data, and security of the organization.

ITAM is the management and tracking of all your organization’s IT assets, including hardware, software, and services. It's about recognizing your needs, identifying the assets you have, and knowing where they are. Through knowing how assets are used, you make better financial decisions.

ITAM does not stand alone. It is connected to IT service management, change management, security, compliance, HR, procurement, finance, and so forth.

ITAM is a program, not a project. There is no “end date.” ITAM must be an ongoing practice in your organization.

Ok, now we know what ITAM is. Let’s look at how it’s done.

How do you do ITAM?

Ask any ITAM practitioner and they will tell you, ITAM is mostly about process, and you must start there. They will also tell you that a solid ITAM program is the foundation to the success of all the “cool” things that organizations get excited about—but more on that later.

Your end goal is to define and implement processes for the complete management of an IT asset’s lifecycle—but how do you get there?

You start by understanding the complete IT asset lifecycle—from selection to disposal and everything in between.

Once you understand the lifecycle, you can start identifying each individual stage within the lifecycle. And once you have stepped through and documented each lifecycle Stage, you will have a set of processes that will allow you to manage the complete lifecycle. And then you will be doing ITAM!

Sounds simple, right? It can be—if you have the proper guidance. Here are the lifecycle stages:

• Stage 0: Selection and planning
• Stage 1: Request
• Stage 2: Fulfill
• Stage 3: Deploy
• Stage 4: Monitor
• Stage 5: Service
• Stage 6: Retire

Stage 0: Selection and planning

I call this Stage 0 because it is technically outside of the asset lifecycle, but it is the true beginning of the technology lifecycle. This stage brings in model management, budgeting, and forecasting. Decide who within your organization will set standards for each class. Standards reduce support costs, increase uptime, and generally make your life easier. This stage involves budgeting for hardware and software refresh, forecasting net new deployments, and providing annual estimates, by model, to your procurement team.

Common questions to consider:

1. What model or version do I need?
2. Does it meet my business needs?
3. Is it available?
4. How much does it cost?
5. Who are my potential vendors?
6. Who is responsible for the budget and expense?
7. What is the expected useful life?

Output = Defined standards that meet the requirements of your business.

Stage 1: Request

This stage provides end users within your organization the means to request the hardware and software identified in Stage 0. Typically, approved models will be created and published to the service catalog. All required details should be captured during the request process to increase efficiency within request fulfillment. This stage includes model management, catalog management, and workflow design.

Common questions to consider:

1. Who can request it?
2. How do they submit the request?
3. What information needs to be captured to fulfill the request?
4. Who needs to approve the request?

Output = Approved request with sufficient data captured to carry out fulfillment

Stage 2: Fulfill

This stage facilitates the fulfillment of the request. Fulfillment is typically handled via a direct purchase or pulled from stock. This stage can include determining if stock levels are sufficient for fulfilling the request, and if not, then procuring and receiving, then the transfer or handoff to the appropriate group for deployment, or shipping directly to the requester. This stage includes procurement and inventory management.

Common questions to consider:

1. Who will fulfill the request?
2. Will they source from stock or send to purchase order (PO)?
3. What steps are required to fulfill the request?
4. When/how will the asset be created, or by whom?

Output = Asset ready to be deployed

Stage 3: Deploy

This stage involves the actual deployment of the hardware or software to the requester. Depending on the item, this may also include configuration, installation, and testing prior to the deployment. This stage includes imaging, software installation, running updates, testing, and deployment. Deployment can be personally delivered and set up by an agent or shipped to the requestor. For assets requiring change approval, this may also include the change process within your organization.

Common questions to consider:

1. Who is responsible for the deployment?
2. What configuration needs to take place?
3. How will it be deployed and what information is needed?
4. What updates need to be captured on the asset record?

Output = Asset put in service, ready to be monitored. This stage introduces the CI record.

Stage 4: Monitor

This stage is all about monitoring your in-use assets and is geared towards the configuration item (CI) record. You will need to utilize a monitoring or management system such as ServiceNow Discovery, Microsoft MECM, Tanium, or a similar tool, in order to appropriately monitor your assets/CIs. These data sources need to be integrated with your CMDB to continually feed data such as hardware configuration, software installations, IP addresses, logged on users, and so forth. This stage allows for you to proactively manage risk by ensuring your hardware and software is updated, monitored, and routinely checking in.

Common questions to consider:

1. Which management or monitoring systems do we use?
2. Do the systems provide the data I need to monitor my assets?
3. How will the data be fed into my CMDB? How often?
4. Do I need alerting on certain data conditions?
5. If more than one data source provides input to the CMDB, which has precedence and what attributes are updated by what source?

Output = CI that is monitored while in service, processes to create and manage alerts, and reporting capabilities

Stage 5: Service

This stage is about maintaining the health of your CI’s while they fulfill their role in providing a service to your organization. Service requests can be triggered via the monitoring stage for things such as required software upgrades to maintain secured systems, potential hardware issues, etc. Service requests can also be triggered as an incident from an end user such as “my laptop will not power on” or “my screen is broken.” Often service requests are triggered by a monitoring system.

Common questions to consider:

1. Will I proactively watch lifecycle stages to perform required upgrades on hardware and software?
2. What methods for requesting service will I implement (self-service, service desk, monitoring system, etc.)?
3. Will I track costs related to service requests?
4. What metrics do I want to track for service requests?

Output = Defined process to submit and remediate service requests for CI’s

Stage 6: Retire

This stage determines the end-of-life/end-of-service process for your assets. Understanding the useful life of the assets you are tracking is critical for this stage. This should have been determined in the planning stage and be used as a trigger for hardware and software refresh. Activities in this stage include asset retrieval, data destruction, retire, and disposal. You will typically work with one or more asset disposal vendors, and you will want to have a clearly defined contract with the vendor(s) outlining all of the requirements and communications needed.

Common questions to consider:

1. How will I collect the assets for disposal?
2. What are my internal controls for data destruction?
3. Will I sell, donate, or dispose of the assets?
4. Do I need to report retired and disposed assets to my financial team?
5. What needs to be written in my contract with my disposal vendors?

Output = An asset that has passed its useful life and has been retired and disposed in accordance with corporate controls, as well as the appropriate storing of certificates of destruction.