.svg)
.svg)
.png)
.png)
As IT environments scale, keeping your Configuration Management Database (CMDB) accurate becomes both more critical and more challenging. The Service Mapping Certification policy, configured in ServiceNow's CMDB Workspace Data Manager, provides a structured, repeatable way to validate that Configuration Items (CIs) are correctly associated with the Services they support.
What the Policy Covers
The policy targets the Service Configuration Item Association (svc_ci_assoc) table, the source of truth for which CIs underpin each Service. What makes this approach powerful is its flexibility. Certification policies can be scoped to cover any combination of service types: Tag-Based, Calculated, Top-Down, or even manually defined services. You are not locked into a single discovery method. Similarly, policies can be configured to focus on all services or narrowed to just Production, giving teams a clean separation between what matters now and what can be reviewed later. On top of that, CI Class filtering allows you to further constrain the scope, for example, targeting only servers and databases rather than surfacing every network device or storage volume. This means service owners are reviewing the CIs they understand and can speak to, rather than being overwhelmed by a list of infrastructure components outside their domain. A well-scoped policy keeps the certification effort manageable, high-impact, and far more likely to produce accurate feedback.
Designing Your Scope
One of the most important decisions when building a certification policy is defining what to include. The svc_ci_assoc table holds records across all service types, and not every organization wants to certify all of them at once. Consider the following dimensions when scoping your policy:
Service Type
Filter by how the service was created or how its CIs are discovered. Tag-Based services rely on tagging rules to map CIs automatically; Calculated services derive their CI relationships algorithmically; Top-Down services are defined by service hierarchy; and Manual services have CIs associated by hand. Each type carries different staleness risks and may warrant separate certification cycles.
Environment
Restricting to Production services is the most common starting point, as these carry the highest business risk. However, teams managing pre-production pipelines or performing broader CMDB health checks may want to certify across all environments.
CI Class
Filtering by CI Class is one of the most effective ways to make certification tasks meaningful for service owners. An application team asked to certify a list of servers and databases can engage confidently. The same team asked to certify every network device, storage controller, and virtualization host on their service map is likely to rubber-stamp results rather than genuinely validate them. Use CI Class filtering to keep the scope digestible and the feedback credible.
Who Does the Work
Certification tasks are automatically routed to the support group listed in the "Managed By Group" field on each service. This means the teams with the most hands-on knowledge of each service are the ones doing the validating, not a centralized team working at arm's length from the data.
What Gets Validated
Certifiers review five key fields on each CI association: the Configuration Item identity, Life Cycle Stage, Life Cycle Stage Status, CI Class, and Discovery Source. Field updates are intentionally disabled. This is a validation exercise, not an editing one. Certifiers have 30 days to complete their tasks, and for each CI, they select one of three verdicts: Certified, Not Certified, or Needs Review. Where issues are flagged, a comment is required so the CMDB team can act on it.
Why It Matters
Incorrect or stale CI associations cause real downstream problems, inaccurate impact analysis, unreliable service maps, and poor change risk assessment. A CMDB that was accurate six months ago can quietly drift as infrastructure changes, services are re-classified, or new discovery sources come online. The certification process creates a clear, structured feedback loop between service owners and the CMDB team, surfacing data quality issues before they become operational risks. Because the scope is configurable, you can run targeted certifications after major changes, ahead of audits, or as part of a broader CMDB health initiative - focusing on exactly the service types and CI classes where drift is most likely or most consequential. Over time, running these certifications regularly across Tag-Based, Calculated, Top-Down, and Manual services ensures that no corner of your CMDB goes unvalidated.
The result is a CMDB that your teams can actually trust. Contact RapDev to learn how we can help you build a more reliable, trustworthy CMDB.
