ITIL® 4 Foundation

THE ITIL®
PRACTICES
You can download this document to view offline here.

QA.com
1
The ITIL® practices
ITIL® 4 has many practices, and you need to understand the purpose of 15 of them.
It’s important that you have a high-level understanding of the first eight. You need
to have a more detailed understanding of the other seven, so these have been
separated into smaller topics. There are also seven definitions which you need to
know for your examination, which you’ll find at the bottom of the ‘8 ITIL practices’
topic.

ITIL® is a registered trade mark of AXELOS Limited, used under permission of

AXELOS Limited. The Swirl logo™ is a trade mark of AXELOS Limited, used under
permission of AXELOS Limited. All rights reserved.
Copyright© AXELOS Limited 2019. Used under permission of AXELOS Limited. All
rights reserved.

2
Contents
8 ITIL® practices 4

Continual improvement 9

Change enablement 13

Incident management 16

Problem management 19

Service request management 22

Service desk 24

Service level management 27

3
8 ITIL®
PRACTICES

Information security
management
The information security management practice
ensures that the organization’s information is
protected through the prevention, detection and
correction of any information security incident.

Relationship management

Strong relationships form the basis for success in

any organization. The relationship management
practice ensures that these are built and
maintained between the organization and its key
stakeholders.

4
 Supplier management

An organization’s primary purpose is to co-

create value with its customers. The supplier
management practice ensures that the
organization’s suppliers are managed effectively
so that the organization can continue to deliver
quality products and services.

IT asset management

IT assets are some of the most important assets

in an organization. The IT asset management
practice ensures that these assets are planned for
and managed for their full lifecycle.

Monitoring and event

management
Over time, things inevitably change. The
monitoring and event management practice
ensures that services and service components
are systematically observed so that important
changes to infrastructure, services, business
processes and information security events are
recorded and reported.

5
 Release management

The release management practice ensures that

new services and features are efficiently released
to customers.

Service configuration
management
Services, as well as the CIs that support them,
are often complex. The service configuration
management practice ensures that accurate
and reliable information about the configuration
of these services is available when and where
they’re needed.

Deployment management

As services develop, new requirements are

identified. The deployment management
practice ensures that “new or changed hardware,
software, documentation, processes, or any other
component” are successfully transitioned to live
environments.

6
Definitions

IT asset
Any financially valuable component that can contribute
to the delivery of an IT product or service.

Event
Any change of state that has significance for the
management of a service or other configuration
item (CI). Events are typically recognized through
notifications created by an IT service, CI, or monitoring
tool.

Configuration item
Any component that needs to be managed in order to
deliver an IT service.

Change
The addition, modification, or removal of anything that
could have a direct or indirect effect on services.

7
Problem
A cause, or potential cause, of one or more incidents.

Known error
A problem that has been analysed but has not been
resolved.

Incident
An unplanned interruption to a service or reduction in
the quality of a service.

8
CONTINUAL
IMPROVEMENT

An overview of continual
improvement
Customer and organizational needs are
constantly changing. The continual improvement
practice ensures that the organization’s products,
practices and services are aligned with these
changing requirements through an ongoing
focus on their improvement.

Continual improvement focuses on developing

improvement-related methods and techniques
that foster a continual improvement culture
across the organization. While there may be
a small group of people who focus only on
continual improvement, it’s really everyone’s
responsibility.

Continual improvement should also be included

in contracts with external suppliers and
contractors to ensure quality expectations are
clear for them too.

9
 There are many methods that can be used to
identify areas for improvement, including SWOT
analysis, balanced business scorecards and
maturity assessments. However, it’s important
not to commit to too many of these – it’s best to
select a few key methods to investigate in more
detail.

The Continual Improvement Register (CIR) tracks

and manages improvement opportunities from
identification through to final action using a
database of structured documents. As new ideas
are documented, CIR’s are used to re-prioritize
improvement opportunities.

There can be more than one CIR in an

organization, and they can be used at the
individual, team, departmental, business unit and
organizational levels.

10
Key activities
for continual
improvement
There are a number of key activities that are a part of
the continual improvement practice:

Encouraging continual Securing time and Identifying and

improvement across the budget for continual logging improvement
organization improvement opportunities

Assessing and Making business cases Planning and

prioritizing improvement for improvement action implementing
opportunities improvements

Making decisions on Measuring and Co-ordinating

accurate and carefully evaluating improvement improvement activities
analyzed data results across the organization

11
The continual
improvement model
The continual improvement model acts as a high-level guide
to support improvement initiatives. It enables a strong focus on
customer value and ensures that improvements can be linked back to
the organization’s vision.

The model supports an iterative approach and the steps don’t need
to be carried out in a linear order. Logic and common sense should
always be applied when using the model.

12
CHANGE
ENABLEMENT
An overview of change
enablement
Services and products change over time. The
change enablement practice ensures that IT
changes are effective and efficient by assessing
risks, authorizing changes, and managing the
change schedule.

Change control balances the need to make

changes that will deliver value with the need to
protect customers and users from the adverse
effects of changes.

There are three key areas of change enablement.

The first area is the scope of the change. While

the scope of change enablement is defined
by each organization, it will typically include
infrastructure, applications, documentation,
processes, and supplier relationships.

13
 The second key area of change enablement is
change authority.
After the risks and benefits are assessed, the
change needs to be authorized by individuals
with the appropriate level of responsibility.

The third key area of change enablement is

the change schedule. This element captures
information about the proposed changes to help
plan their implementation, avoid conflicts and
assist in communicating the change.

14
Types of change
enablement

Standard change

These are low risk, and pre-authorized changes that

are well-understood, fully documented and can be
implemented without additional authorization.

Normal change

These are changes that need to be scheduled, assessed

and authorized following a pre-determined process.

Emergency change

These are changes that must be implemented as

soon as possible, such as resolving an incident or
implementing a security patch. Emergency changes
may require additional change authority.
15
INCIDENT
MANAGEMENT

An overview of incident
management
Naturally, incidents will occur. The incident
management practice ensures that, when they
do, any potential negative impact is minimized by
restoring normal service operation as efficiently
as possible.

A log of all incidents should be recorded using

a suitable tool that provides links to related
configuration items, changes, problems, known
errors and other information to enable quick and
efficient diagnosis and recovery.

It should also provide automated matching of

incidents, problems or known errors.

16
There should also be a formal process for
logging and managing incidents. However, this
doesn’t need to include detailed procedures for
diagnosing, investigating and resolving incidents.

There should also be a separate process for

managing major incidents and information
security incidents. If required, the disaster
recovery process should be used to resolve the
issue.

17
The five key
elements of incident
management

Incidents must always be
resolved in a time that meets
the expectations of the
customer and user.
Target resolution times are
agreed, documented and
communicated in a service
level agreement.
Incidents are prioritised,
based on agreed
classification, to ensure those
with the highest business
impact are resolved first.

Correct categorization of an Collaboration techniques

incident is important so it can
be directed to the appropriate
internal or external support
area for diagnosis and
resolution.
such as swarming can help
to manage and overcome
incidents when they occur.

18
PROBLEM
MANAGEMENT
An overview of problem
management
If possible, it’s best to prevent a problem or
incident rather than fixing it after it’s occurred.

The problem management practice ensures that

the causes of problems are identified, as far as
possible, before they happen. This help reduce
any potential negative impact.

Problems are related to incidents but they’re

different. An incident has an impact on users or
business process and must be resolved so that
normal business activity can continue. A problem
is the actual cause of an incident.

While problem management exists to identify

problems, fixing the problems is outside the
scope of this practice. In order to fix the problem,
change enablement must be initiated.

Instead, outputs of problem management

include information and documentation about
workarounds for known errors and identifying
where further improvement opportunities are.

Of course, in some instances, problem solutions

can be treated as improvement opportunities,
which can be added to the Continual
Improvement Register.

19
The three phases of
problem management
Problems are often complex and need investigation and analysis
to identify the causes of the incident, to develop workarounds, and
recommend long term resolutions. By solving problems, future
incidents can be avoided. Problem management involves three
distinct phases:

Problem identification
The problem identification phase
involves identifying and logging
problems.

Activities include analysing information

received from suppliers, partners, and
internal software developers; identifying
a risk that the incident could reoccur as
a part of major incident management;
and performing trend analysis from
incident records.

20
 Problem control
The problem control phase includes
problem analysis and documenting
workarounds and known errors. Problem
analysis is based on the risk the problem
poses, which is assessed by the potential
impact and probability of the incident
reoccurring.

If a problem can’t be resolved quickly,

a workaround must be found and
documented in the Problem Record.
Once a problem has been successfully
analysed its status is changed to ‘known
error’.

Error control
The error control phase manages known
errors, including the identification
of potential permanent solutions. If
a permanent solution is identified,
a Request for Change for the
implementation of the solution should
be raised.

If no permanent solution can be found

and the workaround solution becomes
permanent, the problem will remain
as a known error. The error control
phase is also used to regularly re-assess
the status of all known errors that are
unresolved, as well as the effectiveness
of any workaround.

21
SERVICE
REQUEST
MANAGEMENT
An overview of service
request management
Customers will have specific expectations of
the quality of a service. The service request
management practice ensures that their
expectations are met “by handling all pre-
defined, user-initiated service requests in an
effective and user-friendly” way.

Service requests are a normal part of service

delivery as every request is pre-defined and
pre-agreed (they are standard changes). Service
requests are normally initiated by a user or an
authorized representative of a user, not the
customer.

Some service requests will require authorization

as a consequence of financial, information
security or other policies. In these cases, it’s
important that this authorization is achieved
before any changes are made. This practice is also
particularly useful as it supports managing user
feedback, compliments and complaints.

22
Guidelines for service
request management
There are a number of guidelines that can be used to
aid successful request management:

Well-designed processes A high degree of Established policies for

and procedures automation and approvals
standardisation

Clearly agreed and A focus on automation Established policies for

realistic fulfilment and reduced fulfilment dealing with service
timescales timescales requests that are
actually incidents or
changes

Established workflows for new

service requests (which should
use existing workflows as a
starting point where possible)

23
SERVICE DESK
An overview of the service
desk
The service desk practice ensures that the
demand for incident resolution and service
requests is met. It’s also the main way that the
organization communicates with its users.

Regardless of whether a service desk is physical

or virtual, its primary focus should be on
supporting people and the business, and not just
on technology. This means that the service desk
must have an intimate understanding of the
business, and to collaborate with other teams.

24
 The service desk must be able to classify and
own queries and requests from users. To do so,
they need appropriate supporting technology,
including telephony, workflow systems,
knowledge bases and remote access tools. Many
of these processes should be automated to allow
staff to focus on the customer experience when
personal contact is needed.

With increased automation through things like

AI, robotic process automation and chatbots,
service desks tend to provide self-service logging
and resolutions directly through online portals
and mobile applications. There are many contact
channels that can be used including telephone,
online chat and chatbots, email, corporate social
media, mobile and walk-in services.

25
Key skills for the
service desk
Organizations need to decide on the specific level of
technical proficiency its service desk staff must have.
However, there are skills required for anyone who works
on a service desk, including:

Excellent customer Business awareness Service awareness

service skills

Technical awareness (to Emotional intelligence Awareness of relevant

the level required by the processes and
organization) procedures

Incident analysis and The ability to use

prioritisation skills support tools

26
SERVICE LEVEL
MANAGEMENT
An overview of service level
management
Defining business targets for service levels is
critical for an organization to succeed. The service
level management practice ensures that this is
done, so that “the delivery of services is properly
assessed, monitored and managed”.

The service level management practice focuses

on the definition, documentation and active
management of service levels. It does this
through establishing a shared view of the services
and service levels with customers and then
ensuring the organization meets these through
the collection, analysis, storage and reporting of
metrics for specific services.

Service levels are maintained through service

reviews which ensure that services continue
to meet the needs of the organization and
its customers. The service level management
practice also captures and reports on service
issues including monitoring performance against
defined service levels.

27
Key skills for service
level management
Service level management must engage and listen
to the requirements, issues, concerns and needs of
customers. There are four key skills that can enable this:

Business liaison Business analysis Relationship Commercial/supplier

management management

Service Level
Agreements
Service Level Agreements (SLAs) must be:

Related to a Related to defined Reflect Simply written

defined service outcomes – not just agreement and easy to
operational metrics between the understand for
provider and all stakeholders
consumer

28
ITIL® is a registered trade mark of AXELOS Limited, used under permission of
AXELOS Limited.

Based upon AXELOS® ITIL® materials. Material is used under licence from AXELOS
Limited. All rights reserved.

29
30