What Is SACM in ITIL v4? A Complete Virima FAQ| Virima

TLDR: SACM (Service Asset and Configuration Management) is the ITIL v4 practice that governs how CIs are identified, controlled, verified, and managed across their lifecycle. Virima 6.1.1 supports the full SACM lifecycle through automated Discovery, business rules governance, CI lifecycle tracking, configuration baselines, audit history, and ITSM integration.

Service Asset and Configuration Management is one of the most foundational — and most frequently underimplemented — practices in the ITIL v4 framework. Organizations often have a CMDB but lack the governance discipline that makes it trustworthy. This guide answers the most common questions about what SACM is, what it requires, and how Virima 6.1.1 supports its implementation.

ITIL 4, as maintained by PeopleCert, defines SACM’s purpose as ensuring that accurate and reliable information about the configuration of services and the CIs that support them is available when and where it is needed across the entire service lifecycle — making it the foundational practice that Change Enablement, Incident Management, and Problem Management all depend on.

What Is SACM in ITIL v4?

Service Asset and Configuration Management (SACM) is one of the 34 management practices defined in the ITIL v4 framework. Its purpose is to ensure that accurate and reliable information about the configuration of services — and the configuration items (CIs) that support them — is available when and where it is needed.

SACM covers the full lifecycle of service assets and CIs: their identification, control (ensuring changes happen through authorized processes), status tracking, verification against the actual environment, and audit. SACM governs the CMDB — the database where CI records and relationships live — but SACM is the practice, not the tool

How Is SACM Different from Just Having a CMDB?

The CMDB is technology — a database that stores CI records, attributes, and relationships. SACM is the governance discipline that determines how that database stays accurate over time.

An organization with a CMDB but no SACM practice has a database that starts accurately and progressively degrades as the environment changes without systematic CI record updates. Discovery finds discrepancies, but nobody reviews them. CI records become stale. Practitioners stop trusting the data and start working around it.

SACM establishes the policies, roles, processes, and controls that prevent this degradation. SACM defines:

Who creates and updates CI records
How discrepancies between discovered reality and CMDB records are resolved
How configuration changes are verified after implementation
How data quality is measured and reported

The CMDB is where configuration data lives. SACM is what keeps that data trustworthy.

What Are the Key Activities in an SACM Practice?

The SACM practice organizes around seven core activities:

1. CI Identification — defining which CI types are tracked, what attributes they carry, and what relationships between CIs are maintained in the CMDB.

2. CI Control — ensuring only authorized changes are made to CI records, connecting SACM directly to Change Enablement processes.

3. Status Accounting — tracking each CI through its lifecycle states (New, Active, Maintenance, Retired, Deleted) with a full state transition history.

4. Configuration Verification — confirming that CMDB data matches the actual environment, typically through automated discovery with discrepancy review processes.

5. Configuration Audit — formal reviews of CI data against authoritative records and configuration baselines, either on a schedule or triggered by incidents and change failures. For proven approaches to audit-ready configuration management, see Virima’s guide to CMDB best practices.

6. Configuration Reporting — producing reports on the configuration estate for compliance, governance, and operational decision-making.

7. Configuration Baseline — capturing and maintaining approved snapshots of service or CI configurations that serve as the reference point for drift detection and change verification.

How Does Virima Support the ITIL v4 SACM Practice?

Virima 6.1.1 supports each SACM activity with specific platform capabilities:

CI Identification: Virima’s configurable CI type taxonomy lets IT teams define which CI types matter, what attributes each captures, and how relationships between CIs are structured — establishing the scope and schema of the CMDB to match the organization’s service delivery context.

CI Control: Virima’s business rules engine governs who can create, update, or retire CIs and under what conditions. Rules enforce the authorized-change requirement that SACM CI control demands, ensuring CI data changes through governed processes rather than ad-hoc edits.

Status Accounting: Every CI in Virima carries a lifecycle state (New, Active, Maintenance, Retired, Deleted) with a timestamped, user-attributed state transition history. The complete status history of every CI is always available for operational review and audit.

Configuration Verification: Virima Discovery scans the environment on a configurable schedule and surfaces discrepancies between what was found and what the CMDB currently records. Discrepancies enter a review queue for SACM practitioners to assess and resolve — creating a structured verification workflow rather than an ad-hoc process.

Configuration Audit: Virima’s audit history framework logs every change to every CI record — attribute updates, relationship changes, state transitions — with a timestamp and user attribution. This log supports both scheduled SACM audits and event-driven reviews.

Configuration Reporting: Virima generates exportable configuration reports covering CI lifecycle status, recent changes, unresolved discrepancies, and relationship completeness. Reports support compliance programs, executive governance, and vendor audit response.

Configuration Baseline: Virima supports the definition and storage of configuration baselines, with drift detection that surfaces deviations from the approved baseline after each Discovery run.

Does Virima Support Configuration Baselines and Drift Detection?

Yes. Virima supports configuration baselines as part of its SACM capabilities. A baseline is an approved, named snapshot of CI configuration attributes captured at a specific point in time — typically after a validated change, a successful deployment, or the start of a compliance period.

After a baseline is established in Virima, subsequent Discovery runs compare current CI attributes against the baseline. Any deviation — a changed attribute, a new relationship, a disappeared dependency — surfaces as a drift event for review.

Drift detection directly supports three operational activities:

Change verification: Confirming that implementations matched the change plan and that no unintended side effects occurred in adjacent CIs
Incident investigation: Identifying what changed in CI configuration before an incident occurred — answering “what was different since the last known-good state?”
Compliance monitoring: Demonstrating to auditors that critical systems stayed within approved configuration parameters during a compliance period

How Does Virima’s SACM Practice Support Change and Incident Management?

Change Enablement relies on SACM data for impact assessment. Before approving a change, Virima surfaces which CIs are affected by the proposed change and what services depend on those CIs. This gives the change manager the full impact picture — not just a list of directly affected components, but the service relationships downstream of the change.

Incident Management uses CMDB service mapping to scope incidents and identify affected services. Virima’s ViVID Service Mapping capability maintains the service relationships that incident responders need to assess the scope of an outage and route the incident to the right resolver group. Without accurate SACM-governed CI data, incident scope assessment relies on manual investigation rather than structured CMDB queries.

Problem Management uses CI audit history — maintained by the SACM practice — to identify what changed in the environment before a problem appeared. The configuration audit trail is the primary structured data source for root cause analysis, replacing unreliable human recollection with timestamped configuration evidence

What Is a Configuration Audit and Does Virima Support It?

A configuration audit is a formal review of CI data against authoritative records — comparing what the CMDB says against what Discovery finds, against purchase records, and against approved configuration baselines. The goal is to confirm data integrity and identify discrepancies that require investigation.

Virima supports configuration audits through four mechanisms:

Discovery discrepancy review workflow: Conflicts between discovered data and CMDB records surface automatically for practitioner review, creating a continuous, lightweight audit process that runs after every discovery scan.

CI audit history log: A complete record of every CI change — queryable for any CI, attribute, or time range — provides the structured evidence that configuration audits require.

Baseline comparison reports: Current CI attributes compare against a defined baseline, with deviations highlighted for review. These reports directly address the core question of a configuration audit: “Does the current state match the approved state?”

Exportable configuration reports: Structured configuration documentation — CI status distributions, recent changes, relationship completeness — supports the formal audit process and the compliance frameworks that mandate it.

Configuration audits in Virima can run on demand, on a scheduled basis, or as part of a post-incident or post-change review process, depending on the governance requirements of the SACM practice.

For a broader context on why SACM-governed configuration management reduces outages and accelerates incident resolution, download the EMA ServiceOps 2025 report.

Schedule a Demo at virima.com to see how Virima supports the ITIL v4 SACM practice across CI identification, control, verification, baseline management, and audit history.

This article reflects capabilities in Virima 6.1.1. For the latest feature information, visit virima.com.

What Is SACM in ITIL v4 and How Does Virima Support Service Asset and Configuration Management?

What Is SACM in ITIL v4?

How Is SACM Different from Just Having a CMDB?

What Are the Key Activities in an SACM Practice?

How Does Virima Support the ITIL v4 SACM Practice?

Does Virima Support Configuration Baselines and Drift Detection?

How Does Virima’s SACM Practice Support Change and Incident Management?

What Is a Configuration Audit and Does Virima Support It?

Your CMDB: Your ITSM-ITOM Connection

Why Virima Leads Xurrent Integrations for Discovery & CMDB

Why Virima is the best CMDB integration for your ITSM processes

Why does your business require a modern enterprise CMDB?

Why do Common Service Data Models (CSDM) matter for CMDB success?

Why configuration management is critical for global companies

Features

Quick Links

Compare

Resources

What Is SACM in ITIL v4?

How Is SACM Different from Just Having a CMDB?

What Are the Key Activities in an SACM Practice?

How Does Virima Support the ITIL v4 SACM Practice?

Does Virima Support Configuration Baselines and Drift Detection?

How Does Virima’s SACM Practice Support Change and Incident Management?

What Is a Configuration Audit and Does Virima Support It?

Similar Posts

Features

Quick Links

Compare

Resources