The Client needed to understand why Service Mapping would be a benefit for their Critical Application Infrastructure and why it would help them meet the VAIT compliance outlined by BaFiN.
This Client also needed an Information Domain to understand attributes for each application driven by the CMDB relationships. The Information Domain was a must for applications (critical and non-critical) to identify the related infrastructure. Without a way to understand the relationships driving an application and supporting entities and attributes, the Client would fail VAIT compliance. What do they have? What do they need?
Prior to a full Service Mapping project, Client requested CSX to undertake particular activities to understand how Service Mapping could benefit them. By performing a PoC, CSX were able to deliver valuable feedback to determine to the correct approach for a full Service Mapping project. We understood how identifying this vertical slice of infrastructure will meet the VAIT Compliance needs. CSX also delivered the Information Domain to demonstrate how CMDB relationships can be used as a comparison to a business application map.
The Service Mapping Business case highlights why the Client should proceed with Service Mapping to ensure full VAIT compliance if audited as well as additional business benefits. Our Business Case also recommended appropriate next steps as preparation for a Service Mapping project.
The Information Domain provides a single view of VAIT attribute compliance per application. This was driven from the 7 entities provided by the Client (examples are Information asset and Physical Properties). The Information Domain considers completeness in this iteration with a view for further work to allow tracking of correctness in the future. This is intended to provide VAIT compliance status using CMDB relationships rather than Service Mapping.
Over 13.5k rows of data are used to populate the 450 applications within the Information Domain to review the attributes for each CI, based on their CMDB relationships, broken down in to the 7 entity categories.
This provides audit information for over 30 VAIT attributes in scope.
Going forward the Client can use the Information Domain to show VAIT compliance at an attribute level should they be audited by BaFin.
Should the Client decide to proceed with a Service Mapping project for full VAIT compliance, the business case is made with guidance upon how to best approach the project.