Updated: Nov 12
Application Portfolio Management (APM) is a part of the IT Business Management suite within ServiceNow. Using Application Portfolio Management, an organization can define a comprehensive application inventory, reduce total cost of ownership by eliminating redundancies, strengthen business capabilities by identifying technical gaps, and prevent risk by tracking life-cycles with Technology Portfolio Management.
With the Paris release of ServiceNow, Application Portfolio Management received some great new product enhancements.
Key Updates in the Paris Release
Business Application Lifecycle Management Services as Catalog Items
The new Business Application Lifecycle Management Services category contains three out-of-the-box catalog items to standardize the organization’s delivery and management of business applications.
Register a Business Application
The Register a Business Application catalog item allows users to register or request new business applications using the same catalog ordering process as other catalog items. Users can request and register business applications and harness the power of Predictive Intelligence to suggest appropriate categories for business applications that are on-boarded.
The built-in flow in ServiceNow checks to see if a business application with the same name already exists. If there is already a business application with the same name, an error is presented within the catalog item to the user. If the business application name is unique, the flow then gathers the appropriate approvals and, once approved, creates a record automatically within the Business Application table.
Request Architecture Review
The Request Architecture Review catalog items allows application owners to submit requests to review modifications to underlying technologies of business applications, network design, or proposals of new solutions, services, or standards to the Architecture Review Board.
Retire Business Application
The Business Application Lifecycle Management service catalog has the Retire Business Application catalog item that manages the following:
Archives data generated while the application was in use.
Uninstalls related software the application depended on.
Removes hardware dependencies of the software.
There are few conditions that have to be met in order to retire a business application:
The requesting user must be either the IT Application Owner, Business Owner, or is in the Supported by field of the business application.
The sn_apm.apm_user or sn_apm.apm_analyst role is required.
APM users cannot delete or deactivate business applications, a new request must be raised to decommission an application.
The business application must not already be in the Retired or Inactive status.
Once a user has submitted a request to retire a business application, a Business Application Request task is created and the associated Flow is triggered. Approvals are sent to the appropriate users in order to approve or deny the request of the application decommission.
ServiceNow has made it easy to locate the Flows associated with the Business Application Lifecycle Services catalog by placing a module under the Application Portfolio Management application named ‘Services Flow Designer.’
For more information, visit the ServiceNow document: Business Application Lifecycle Management services.
APM reports using CMDB query builder
The CMDB Query Builder can be used to build complex queries and retrieve data from CMDB CI classes, APM tables, and configuration items that are related to one another. ServiceNow added some out-of-the-box queries for APM in the Paris release.
There are scheduled jobs that must be run before APM users can take advantage of the APM reports within the CMDB Query Builder. For more information, visit the ServiceNow Document: Run scheduled jobs for CMDB Query Builder reports.
ServiceNow has made it easy to locate the CMDB Query Builder reports added to APM in the Paris release by adding menu options to the Application Portfolio Management application. Users can navigate to Application Portfolio Management > CMDB Query Builder.
The out-of-the-box reports for APM based on CMDB Query Builder in Paris are as follows:
Business Capabilities provided by Business Application.
Application Services consumed by Business Application.
Business Applications providing a Business Capability.
Business Services provided by a Business Capability.
Business Applications using an Information Object.
Information Objects used by a Business Application.
Demands on a Business Application.
Projects on a Business Application.
Clicking into any of the reports within the sidebar will display the report as a bar chart in a new tab:
The screenshot below displays the APM queries added to the CMDB Query Builder in Paris:
Clicking on any of the query cards will display the query used in an easy-to-read visualization:
For more information on the CMDB Query Builder, visit the ServiceNow Document: Querying the CMDB.
Application Backlog View
Paris offers this new and exciting feature for application owners to view the backlog for their business application in the same timeline view under the Technology Portfolio Management. Prior to Paris, we were only able to see the demands and projects associated with particular technology models. This is a representation of the waterfall approach to project management. As more organizations adopt the agile methodology, epics, stories, and enhancements are also necessary to a successful implementation. The new Application Backlog displays all of these in addition to projects and demands in a nicely formatted timeline so that application owners can make informed decisions around their business application.
Risk Management for Business Applications
One of the most exciting new features of APM in the Paris release is the ability to integrate with ServiceNow’s Governance, Risk, & Compliance (GRC) application. This integration allows application owners to identify risks and add in controls to mitigate those risks. It promotes collaboration between risk managers and application owners, and gives insights into digital risk and business criticality.
At a high level, the workflow for the integration is as follows. GRC will check for new business applications and create an associating GRC entity. The risk manager sees this entity and will send a questionnaire to the application owner to collect some additional details. When the manager is satisfied with the response, the inherent assessment is initiated based on the risk assessment methodology configuration in GRC. The risk manager then reviews the information object mapping from APM and determines which risks, policies, and citations should be associated with this application and recommends controls that should be in place. Finally, the application owner implements these controls with the relevant stakeholders.
In the business application related list, the new GRC features adds on some additional tabs for risks and controls. In addition, we can see all the Risk Questionnaires and Control Attestations that were answered by the application owner. Finally, we have visibility into the GRC issues and the list of remediation tasks pending for the business application.