LeanIX Technology Risk and Compliance

The LeanIX Technology Risk and Compliance is key to successfully realizing obsolescence risk management use cases. It enriches your organization's LeanIX usage with capabilities to proactively identify, assess, and mitigate risks associated with their IT systems and processes. Organizations can protect their valuable assets by effectively managing technology risks, maintaining operational stability, ensuring business continuity, and complying with relevant regulations and standards.

This article explains:

  • what are the key capabilities of the LeanIX Technology Risk and Compliance.
  • how to start building your LeanIX repository and managing technology risk for your organization by leveraging the Technology Risk and Compliance.
  • how to visualize your technology risk with Reports and manage risk mitigation.
  • how to use dashboards to provide aggregated reporting to stakeholders.

What are the capabilities of the LeanIX Technology Risk and Compliancee?

LeanIX Technology Risk and Compliance adds the following capabilities and features to your LeanIX Enterprise Architecture workspace that are critical to running an obsolescence risk management use case successfully:

  • Integration to ServiceNow to discover IT components automatically and manage Applications and lifecycles in LeanIX
    • Synced to ServiceNow, allowing real-time mapping between Application Fact Sheet in leanIX and used software/hardware in ServiceNow
  • Access to Lifecycle Catalog to retrieve lifecycles for IT Component Fact Sheets
  • Three additional Technology Obsolescence Views: Mitigated risk, missing data, and unaddressed risk percentages
  • Dedicated Obsolescence Risk Management dashboard

Get started with LeanIX Technology Risk and Compliance

The following sections explain how to get started with LeanIX Technology Risk and Compliance and how to get the first value for your obsolescence risk management use case.

Step 1: Bring your Software Assets Information to LeanIX

To initiate your first obsolescence risk assessment with LeanIX Technology Risk and Compliance, you must populate LeanIX with essential data, including Applications Fact Sheets and the underlying IT Components. This foundational step ensures you have a comprehensive inventory of your software assets, a prerequisite for conducting meaningful risk assessments. If your organization maintains a Configuration Management Database (CMDB), LeanIX offers seamless integration options. This integration streamlines the process of bringing your software asset data into LeanIX. Integration with your existing CMDB ensures that LeanIX is continuously updated with the latest information, providing a real-time view of your technology landscape.

LeanIX also provides an out-of-the-box ServiceNow Integration, a widely used IT Service Management (ITSM) platform. This integration simplifies the transfer of data from ServiceNow to LeanIX. Leveraging the ServiceNow integration expedites the data migration process, allowing you to build a comprehensive inventory in LeanIX quickly.

LeanIX - ServiceNow Integration

Companies who manage the discovery of their software assets with ServiceNow can configure our integration for a faster time to value, compared to the manual creation of Fact Sheets in LeanIX. Furthermore, the relationships between Applications and IT Components can be imported depending on your ServiceNow setup. This allows management of technology risks at an application level thanks to LeanIX’s ability to roll up the risks of smaller IT Components.

You can find the detailed instructions for the integration in this section: ServiceNow Integration

Step 2: Discover Technology Obsolescence Risks by Lifecycle Catalog Data Enrichment

The Lifecycle Catalog provides lifecycle information for IT Components in your LeanIX workspace, enabling users to understand technology obsolescence risks for their technology landscape and make better upgrade and transformation decisions.

Linking an IT Component to the Lifecycle Catalog provides:

  • Descriptive information for easier recognition of components & their lifecycle.
  • Automated relations modeling for Providers and Tech Categories with the Tech Category Catalog.

You also get access to information like Support Policies, Descriptions, direct URLs to IT Component and Provider websites, and more.

You can find the detailed instructions for the integration in this section: Lifecycle Catalog.



  1. Use the Lifecycle Catalog Bulk Linking page with Confidence Level filters to quickly link the identified High Confidence matching recommendations.
  2. Identify your mission-critical IT Components next and link them to the Lifecycle Catalog items using recommendations provided for each.
  3. Raise Data Requests in-tool if you need information about an IT Component that is not already included in the Lifecycle Catalog.

Step 3: Visualize your Technology Obsolescence Risk with Reports and a dedicated Dashboard and manage risk mitigation

The Technology Risk and Compliance comes with specific views in the Report section and with a dedicated dashboard. These views help you to manage your obsolescence risk mitigation processes.

1. Make sure you capture all relevant lifecycle information so that you can prioritize risk mitigation next

  1. In the Dashboard, the module Data Completeness provides you with a good summary of data missing. A click on the row brings you to the inventory, where you can manage the process for data completion
  1. With the Report view Obsolescence: Missing Data Percentage, you analyze for what relevant applications in the context of business capabilities you still have lifecycle information missing.

2. Prioritize what risks to analyze and evaluate first

Evaluate based on business capability criticality what related IT components to evaluate first and focus on end-of-life risks first before you continue with IT components that are in a “phase out” state.

  1. Use the Application Matrix report with Obsolescence: Aggregated Risk view to analyze what applications have end-of-life risk versus phase-out risk. Use business criticality or any other dimension of your choice to prioritize what applications to evaluate first
  1. Finally, trigger relevant stakeholders to evaluate the applications they are responsible for. The best practice is to use our Surveys or To-Dos.

3. Evaluate the risks and trigger transformation actions

During evaluation, stakeholders might identify that data was incomplete/faulty. If not, they decide to either accept the risk or address it by taking transformation actions.

  1. Mark the IT components with “risk accepted” to signalize the evaluation completion for this IT component so that you can discard it from the next prioritization round.
  1. For the IT components that you decided to address the risk for, use the “Upgrade a technology” template from the LeanIX Architecture and Road Map Planning to unlock the full potential of planning these changes. An alternative is to use the LeanIX Initiative Fact Sheet, through which you can plan different ways to tackle that risk.
  2. Mark the IT component you will mitigate the risk for, with “risk addressed” afterward.

4. Measure the success of your risk mitigation efforts

  1. The Dashboard provides a great summary of Applications: Unaddressed Obsolescence Risk and “Applications: Addressed Obsolescence Risk” to report progress on a high level.
  2. Use the Report view Obsolescence: Mitigated Risk Percentage to keep track of your progress on the application level. As a best practice, to manage risk comprehensively across your application portfolio, you would seek to reach 100% coverage of Risk Accepted or Risk Addressed.