TGwinn (12/12/2013)
From an operational perspective, I think I would treat the PVP as an external service being subscribed to by the company, and managed as such within the company's ITSM system. This should allow better visibility and awareness of upcoming expirations/renewals. In addition, the procedures for creating/renewing/installing certs should be documented up front within the ITSM system.As Forbes points out in their "three reasons why PVPs get overlooked", "in every case the problem is a failure to plan strategically". The three issues they describe are symptomatic of a lack of a capable ITSM system and/or lack of capable management to utilize that system properly.
I agree, if you have some ITSM system in place. Sometimes it's ad hoc and the people handling various pieces don't know about things like domain names, certificates, etc.