DACH Insurance Leader

The insurance firm operated critical systems supporting policy administration, claims processing, and regulatory reporting across three countries. Several deep-rooted challenges made ITOM and CMDB implementation particularly complex.

• No Existing CMDB Foundation. Despite having a ServiceNow license for years, the CMDB was essentially empty. Previous attempts to populate it had failed because there was no data model, no governance, and no clear ownership of configuration data.
• Fragmented Asset Inventories. Each country maintained separate asset databases in spreadsheets, SharePoint, and legacy ITSM tools. Server counts differed by 30% depending on which source you trusted. Nobody knew the true state of the infrastructure.
• No Service Mapping. Business services (policy administration, claims, actuarial) had no mapped dependencies to underlying infrastructure. When an outage occurred, the impact assessment was pure guesswork, often taking hours to determine which business functions were affected.
• Multi-Cloud Complexity. The firm ran workloads across on-premises data centers, Azure, and AWS, with a growing Kubernetes footprint. Discovery tools needed to cover physical, virtual, cloud, and containerized infrastructure consistently.
• Regulatory Pressure. Insurance regulators (BaFin, FMA, FINMA) increasingly require demonstrable IT asset management and service continuity capabilities. The firm needed a defensible CMDB for audit purposes, not just operational convenience.

The fundamental problem was not tooling but data architecture. Without a governed data model and reliable discovery, any CMDB would degrade back to its previous state within months.

MainStack deployed a lead architect who had delivered CSDM implementations for 3 other insurance firms in the region. The approach was data-first: we built the model, proved it with discovery, and then scaled.

• CSDM Data Model Design (Weeks 1-3). We designed a Common Service Data Model aligned to ServiceNow's CSDM 4.0 framework, customized for insurance-specific service hierarchies. Policy administration, claims processing, and actuarial services were modeled as business services with clear dependency chains.
• Discovery Deployment and Tuning (Weeks 2-6). We deployed ServiceNow Discovery and Service Mapping across all three countries. MID servers were placed in each data center and cloud environment. Discovery patterns were tuned for the firm's specific infrastructure: AIX, Windows Server, RHEL, Azure VMs, AWS EC2, and EKS clusters.
• Data Reconciliation Engine (Weeks 4-8). We built reconciliation rules that automatically merge discovery data with HR feeds (employee assignments), procurement data (financial ownership), and the legacy asset spreadsheets. Duplicate detection and CI lifecycle management were automated from day one.
• Service Mapping of Critical Functions (Weeks 6-10). We mapped the top 15 business-critical services end-to-end: from the user-facing application layer through middleware, databases, and infrastructure. For the first time, the operations team could see the full blast radius of any infrastructure change or failure.
• ITOM Health and Event Management (Weeks 8-12). We integrated monitoring feeds from Dynatrace, Azure Monitor, and AWS CloudWatch into ServiceNow Event Management. Alert correlation rules were configured to automatically create incidents with pre-populated CI and service context.
• Governance and Quality Dashboards (Weeks 10-14). We established a CMDB governance model with data quality scorecards, orphan CI detection, and staleness alerts. A monthly CMDB health review was instituted with clear ownership: the CMDB manager reports data quality metrics to the CIO directly.

Within 3 months of kickoff, the CMDB was governed and trusted. Within 6 months, it became the authoritative source for change impact assessment, incident root cause analysis, and regulatory audit evidence. The internal team now operates it independently.