Achieving CSDM Compliance

Last Updated: January 7, 2026 Estimated Reading Time: 9 minutes

Overview

The Common Service Data Model (CSDM) is ServiceNow's framework for organizing IT services and infrastructure. This guide helps you achieve CSDM compliance to improve service visibility, change management, and business alignment.

What is CSDM?

CSDM defines how Configuration Items should be structured and related to represent your IT landscape accurately. It establishes:

• Standard CI Classes: Business Service, Application Service, Technical Service, etc.
• Relationship Rules: How different CI types should connect
• Service Hierarchy: Layered model from business to technical
• Naming Conventions: Consistent CI naming patterns

Why CSDM Matters

Business Benefits

1. Service Visibility: Clear view from business services to underlying infrastructure
2. Accurate Impact Analysis: Better blast radius predictions
3. Faster Incident Resolution: Quickly trace from service outage to root cause
4. Improved Change Management: Understand true change impact on business
5. Executive Reporting: Map IT costs and risks to business services

Technical Benefits

1. Consistent Data Structure: Everyone understands CI relationships
2. Better Health Scores: CSDM compliance improves overall CMDB health
3. Automation-Friendly: Standard models enable automation
4. Integration Support: Third-party tools expect CSDM structure
5. Reduced Complexity: Clear rules reduce confusion

CSDM Service Layers

CSDM organizes services into four layers:

Layer 1: Business Service

Purpose: Services that deliver business value to customers/users

Examples:

• Online Banking
• Employee Onboarding
• E-commerce Platform
• Customer Support Portal

Characteristics:

• Consumed by end users or customers
• Has business owner/sponsor
• Measurable business value
• Maps to business capability

Relationships:

• Contains → Application Services (Layer 2)
• Depends On → Other Business Services
• Used By → Business stakeholders/users

Layer 2: Application Service

Purpose: Technical services that support business services

Examples:

• Web Application
• Mobile API
• Payment Processing Service
• Authentication Service

Characteristics:

• Technical service managed by IT
• Provides specific functionality
• May be shared across multiple business services
• Has technical owner

Relationships:

• Contained By → Business Service (Layer 1)
• Runs On → Technical Services or Infrastructure (Layer 3)
• Depends On → Other Application Services
• Connects To → External services/APIs

Layer 3: Technical Service

Purpose: Shared infrastructure services

Examples:

• Database Service (SQL Server Cluster)
• Load Balancer Service
• DNS Service
• Backup Service

Characteristics:

• Infrastructure-level service
• Shared by multiple Application Services
• Often clustered/redundant
• Managed by infrastructure teams

Relationships:

• Supports → Application Services (Layer 2)
• Runs On → Infrastructure Components (Layer 4)
• Depends On → Other Technical Services

Layer 4: Infrastructure Components

Purpose: Physical/virtual hardware and network components

Examples:

• Virtual Machines
• Physical Servers
• Network Switches
• Storage Arrays

Characteristics:

• Individual infrastructure elements
• Directly managed assets
• Often discovered automatically
• Has physical/virtual attributes

Relationships:

• Hosts → Technical Services (Layer 3)
• Connects To → Other infrastructure
• Located In → Datacenters/zones

CSDM Compliance Rules

cmdbx validates your CMDB against 30+ CSDM rules. Here are the most critical:

Required Relationships

| From CI Type | Relationship Type | To CI Type | Rule | |--------------|-------------------|------------|------| | Business Service | Contains | Application Service | Must have at least 1 | | Application Service | Runs On | Technical Service OR Server | Must have at least 1 | | Business Service | Runs On | Server/Hardware | MUST NOT (violation) | | Application Service | Contains | Application Service | MUST NOT (violation) | | Technical Service | Runs On | Server/Hardware | Should have 1+ |

Prohibited Patterns

These patterns are CSDM violations:

1. Business Service directly on Infrastructure:

   • WRONG: Business Service → Runs On → Server
   • RIGHT: Business Service → Contains → App Service → Runs On → Server

2. Application Service contains Application Service:

   • WRONG: App Service → Contains → App Service
   • RIGHT: Business Service → Contains → App Service 1, App Service 2

3. Circular Dependencies:

   • WRONG: Service A → Depends On → Service B → Depends On → Service A
   • RIGHT: Unidirectional dependency chain

4. Missing Service Owner:

   • All services MUST have an assigned owner
   • Owner should be a team/group, not individual

5. Incorrect Relationship Types:

   • Servers don't "Depend On" Applications (should be reverse)
   • Applications don't "Contain" Servers (should be "Runs On")

Assessing Current CSDM Compliance

Step 1: Run CSDM Compliance Report

1. Navigate to Features → CSDM Workbench
2. Click "Compliance Report" tab
3. View overall compliance score (0-100%)
4. Review violations by category:
   • Missing relationships
   • Prohibited relationships
   • Incorrect hierarchy
   • Missing required fields

Step 2: Identify Top Violations

Common Violation Types:

| Violation | Impact | Priority | |-----------|--------|----------| | Business Service → Server | High | Critical | | Missing service owners | Medium | High | | Circular dependencies | High | High | | Orphaned services | Medium | Medium | | Missing containment | Low | Low |

Step 3: Prioritize Remediation

Priority Matrix:

1. Critical: Fix violations affecting business-critical services first
2. High: Address violations impacting change management accuracy
3. Medium: Clean up structural issues in production services
4. Low: Improve dev/test service compliance

Achieving CSDM Compliance

Quick Start: New Service Modeling

If building services from scratch, use the CSDM Workbench:

Step 1: Create Business Service

1. Open CSDM Workbench
2. Click "New Service"
3. Select "Business Service" template
4. Fill required fields:
   • Name: Customer-facing service name
   • Owner: Business owner/sponsor
   • Criticality: Critical/High/Medium/Low
   • Description: Business purpose

Step 2: Add Application Services

1. With Business Service selected, click "Add Child"
2. Select "Application Service" template
3. Create one service per technical capability:
   • Web Frontend
   • API Backend
   • Database Service
4. Set relationship: Business Service Contains Application Service

Step 3: Connect Infrastructure

1. Select an Application Service
2. Click "Add Dependency"
3. Search for server/technical service
4. Set relationship: Application Service Runs On Server/Service

Step 4: Validate CSDM Compliance

1. Click "Validate" button
2. Review any flagged issues
3. Fix violations before saving
4. Click "Write to ServiceNow"

Remediation: Fixing Existing Services

If you have non-compliant services, follow this process:

For Business Services on Infrastructure (Most Common):

Before (Non-Compliant):

Business Service: Online Banking
├── Runs On → Web Server 1
├── Runs On → Web Server 2
└── Runs On → DB Server 1

After (CSDM Compliant):

Business Service: Online Banking
├── Contains → Application Service: Web Application
│   ├── Runs On → Web Server 1
│   └── Runs On → Web Server 2
└── Contains → Application Service: Database
    └── Runs On → DB Server 1

Steps to Fix:

1. Open CSDM Workbench
2. Load existing Business Service
3. Click "CSDM Wizard" → "Insert Application Layer"
4. Wizard creates Application Services automatically
5. Moves "Runs On" relationships to new Application Services
6. Adds "Contains" relationships to Business Service
7. Review changes and write to ServiceNow

For Circular Dependencies:

1. Map dependency chain: A → B → C → A
2. Identify which dependency is incorrect
3. Remove the relationship creating the cycle
4. Add correct relationship if needed
5. Validate no other cycles exist

For Missing Owners:

1. Filter services by "No owner assigned"
2. Identify business/technical owner for each
3. Bulk update owner field in ServiceNow
4. Sync cmdbx and verify compliance improvement

Bulk CSDM Remediation

For large-scale fixes:

1. Export CSDM violations report (CSV)
2. Group violations by type
3. Create remediation plan for each type
4. Use ServiceNow Import Sets or API for bulk updates
5. Sync cmdbx and re-run compliance report
6. Verify improvements

CSDM Best Practices

Service Naming Conventions

Business Services: Use business-friendly names

• Good: "Online Banking", "Employee Portal"
• Bad: "PROD_APP_001", "WebApp_v2"

Application Services: Use technical names with function

• Good: "Web Application", "Payment Processing API"
• Bad: "Application 1", "Service 2"

Technical Services: Include technology and purpose

• Good: "SQL Server Cluster - Orders DB", "Load Balancer - Production"
• Bad: "Database", "LB"

Relationship Guidelines

1. Use Specific Relationship Types:

   • "Runs On" for hosting (app on server)
   • "Depends On" for functional dependencies (app needs database)
   • "Contains" for composition (business service contains app services)
   • "Connects To" for network connections

2. Avoid Generic Relationships:

   • Don't use "Related To" unless no other type fits
   • Always pick the most specific relationship type

3. Document Relationship Purpose:

   • Add description to clarify why relationship exists
   • Helps with future maintenance and audits

Ongoing Compliance Maintenance

1. Service Creation Process:

   • Always use CSDM Workbench for new services
   • Validate before writing to ServiceNow
   • Assign owner at creation time

2. Monthly Audits:

   • Run CSDM compliance report
   • Fix new violations within 30 days
   • Track compliance score trend

3. Change Management Integration:

   • Verify CSDM compliance before approving service changes
   • Update service models when infrastructure changes
   • Use blast radius to validate changes don't break CSDM

4. Training:

   • Train service owners on CSDM principles
   • Provide CSDM templates and examples
   • Review violations with responsible teams

Measuring CSDM Compliance

Key Metrics

1. Overall Compliance Score: Target 90%+
2. Critical Violations: Should be 0
3. Services with Owners: Target 100%
4. Service Hierarchy Depth: Average 3-4 layers
5. Time to Resolve Violations: Target < 30 days

Compliance Dashboard

Track these trends over time:

• Compliance score (monthly)
• New violations introduced
• Violations resolved
• Services CSDM-compliant at creation (should be 100%)

Common Questions

Q: Do I need CSDM compliance if we don't use ServiceNow ITOM?

A: Yes. CSDM improves CMDB accuracy regardless of what ServiceNow modules you use. Better service modeling means better change management and incident response.

Q: How long does CSDM remediation take?

A: Depends on your CMDB size and current state:

• Small (< 1,000 CIs): 1-2 weeks
• Medium (1,000-10,000 CIs): 1-2 months
• Large (10,000+ CIs): 3-6 months

Use cmdbx's bulk remediation tools to accelerate.

Q: Can I customize CSDM rules?

A: cmdbx enforces ServiceNow's standard CSDM rules. If you have unique requirements, contact [email protected] to discuss custom validation rules.

Q: What if my infrastructure doesn't fit the 4-layer model?

A: CSDM is flexible. You can have:

• Multiple Application Services per Business Service
• Nested Technical Services
• Direct server relationships if no shared services exist

The key is following relationship rules, not forcing artificial layers.

Related Articles

• CSDM Workbench - Visual service modeling tool
• Improving CMDB Health - Health improvement strategies
• Best Practices - CMDB hygiene best practices
• Health Scoring - How CSDM affects health scores

Need Help?

Contact [email protected] or use the AI Assistant for personalized CSDM remediation guidance.