Information Technology Infrastructure Library (ITIL 4) Overview

Get a comprehensive overview of ITIL 4, its history, & all the components of how it betters IT service delivery

Introduction: What is ITIL 4?

The ITIL acronym stands for Information Technology Infrastructure Library.
But where does ITIL come from? To answer that, we must first start with the difference between ITSM and ITIL.1
IT Service Management (ITSM) is the professional discipline that manages IT operations as a service and has an international standard called ISO 20000. The International Organization for Standardization (ISO) published the service management standard in 2005.
The definition of ITIL is a best-practice framework or set of best practices that guide ITSM.
ISO 20000 has specific process and management requirements, while ITIL has guidelines rather than specific requirements.
This article is about ITIL and ITIL guidance. ITIL does not prescribe what to do; it guides IT organizations in best practices.

When did ITIL originate, and why is ITIL important?

It all started in the 1980s with the British government asking the same questions businesses ask today:
  1. Why does IT (Information Technology) cost so much, and
  2. What am I getting out of it?
IT management was at a loss in explaining these simple questions. So, the British government commissioned a project to find the answers. They recruited consulting firms from around the British commonwealth to assist.
In the 1980s, the United Kingdom included Canada, Australia, New Zealand, and Singapore as part of a global presence of 49 countries. These consulting firms went anywhere UK IT departments existed to observe and document how they conducted the business of supporting IT services.
After gathering data, they met in London to report on their observations. The conclusion was obvious why IT costs were high:
  • No Standard Operating Procedures (SOPs) for anything
  • No knowledge tools, increasing the cost of training and repeatedly making the same mistakes
  • No standard or shared databases, making each IT department an island
  • And not even a common vocabulary. For example, with problem events that occurred, some would use the term "incident", some "request", some "issue", and some "failure"

Out of the chaos, the path to IT best practices

The investigation did not stop there. The British government said the current situation was not sustainable and desired a direction to best practices. This government mandate made possible the most brilliant decision in the history of IT.
The insight they garnered was that there were highly successful businesses, but few remained leaders in their niche through good times and bad. What made these businesses stand out was that business leaders made the right decisions at the right time because they had accurate, easily accessible information at their fingertips. The consultants suspected visionary IT departments made this possible.

What companies had visionary IT departments?

Innovative businesses had visionary IT departments. Therefore, the next project goal was to visit these IT departments to find out how they did it.
They found that these departments had just ordinary CIOs but were flourishing because of solid underlining practices and fundamental dynamics embedded within the organizations. They all devoted themselves to continuous improvement and setting "big hairy audacious goals" (BHAGs)2.
Returning to London to debrief, the consultants documented their findings. The Central Computer and Telecommunications Agency (CCTA) published GITIM, Government Information Technology Infrastructure Management, the official name of the first ITIL publication. It was a massive 30-volume framework of ITIL best practices.

ITIL Continuous Improvement evolution

The Year 2000 - ITIL v2 - Continuous Improvement of best practices

About ten years after the first publication, CCTA had changed its name to the OGC (Office of Government Commerce), and after many suggestions for improvement, the OGC published ITIL v2.
To simplify, they had only two books, Service Strategy and Service Delivery. Within the two books were ten processes (later changed to "practices"). ITIL had now become the standard for IT service management.

The year 2011 - ITIL v3 - A merging with Service Lifecycle Management

ITIL v3 expanded best practice documentation to 26 practices. ITIL v3 presented these practices in 5 books, Service Strategy, Service Design, Service Transition, Service Support, and Continuous Improvement3.
In 2013, AXELOS Ltd received the rights to market ITIL from the OGC of the British government.

The year 2019 - ITIL v4 - Running IT like a business

Up to this time, ITIL was mainly about the operations side of IT. In November 2019, Axelos released ITIL 4 as a guide for running IT like a business4.
Axelos does not call this new ITIL a version change but a new way of running the IT service delivery business.
The ITIL 4 Foundation course is the introductory certification course for ITIL v4. There are other more advanced courses available, but they all require successful passing of ITIL 4 Foundation.

ITIL Concepts: What components does ITIL use for success?5

ITIL 4 Component Purpose
The Four Dimensions Encouraging holistic thinking
The Service Value System Takes opportunities and demands and turns them into value in the form of products and services
Seven Guiding Principles Guidance for IT behavior
Organization Governance Business - IT alignment
Service Value Chain (SVC) Project Management
34 Practices A set of organizational resources designed for performing work or accomplishing an objective
Continuous Improvement Aligning the IT organization's practices and services with changing business needs
ITIL Practices
Organizational resources:
  • 14 General management practices
  • 17 Service management practices
  • 3 Technical management practices
For ITIL optimization, all practices should be operational. Not having 100% of the practices prevents service organizations from realizing their potential. The prevailing myth is that you need a large staff to support all 34 practices, but the truth is quite the contrary. People with defined roles, knowledge management, practice owners, service owners, and written documentation can support most or all practices
The following table6 shows all the ITIL practices with a brief description of responsibilities and dependencies. The dependencies show some key inputs and outputs of each practice. When an IT department chooses not to activate an ITIL practice, inefficiency and costs go up.

General Management Practices

Practice Description Dependencies
Service Desk The Service Desk is the single point of contact for all IT. The Service Desk owns all incidents and service requests. The IT organization must not allow any user to contact IT other than the Service Desk. The Service Desk's effectiveness depends on all IT departments providing training, tools, and knowledge articles to reduce the need for escalations.
Service Request Management Supports the agreed quality of service by handling all pre-defined, user-initiated service requests. All other departments must provide training, tools, and knowledge articles to reduce the need for escalations.
Sets clear business-based targets for service performance and service delivery assessment, and monitors and manages against these targets. Every practice performance, directly or indirectly, relates to service delivery and Service Level Management. All services must have a Service Level Agreement (SLA). All IT functional teams must have Operational Level Agreements (OLAs) defining roles and responsibilities between them.
Incident Management Incidents are defects, and incident record accuracy is the first step in Continuous Improvement. Every incident must link to problems by the service category. Incident Management is closely linked to Service Design because the root cause of all incidents is poor design.
Problem Management Problem Management's role is to take incident input, find the root cause, and eliminate them from happening again. PM relies on Incident Management's incident record accuracy.
Change Enablement Sole responsibility is to maximize the number of successful IT changes by evaluating risks, authorizing changes to proceed, and managing the change schedule. They do this by matching the three types of changes with the three change authorities. Depends on all personnel to follow the cardinal rule that nothing can change in the live environment without an approved Request for Change (RFC). Actively supports the IT department's goal to maximize the number of "Standard" changes.
IT Asset Management Supports and manages the full lifecycle of all IT assets to help the organization maximize value, control costs, manage risks, support decision making about the purchase, reuse, and retirement of assets, and meet regulatory and contractual requirements. Works with all other IT departments that manage IT assets.
Service Catalog Management Provides a single source of consistent information on all services and service offerings. Works with all service owners, service level management, and practices to ensure greater efficiency in delivering and supporting service offerings.
Release Management Makes new and changed services and features available for use, maintaining the Definitive Media Library (DML) and other places of storing these types of entities. Works closely with Change, Service Validation and Testing (SVT), and Deployment Management, including service owners and project managers.
Availability Management Ensures that services deliver the agreed levels of availability to meet customer and user needs. As one of the warranty practices, it works closely with Service Design, Change, Problem, Incident, and Continuous Improvement.
Capacity & Performance Management Ensures that all IT services achieve the agreed and expected performance levels cost effectively, satisfying current and future demand. Works with all other IT departments ensuring they work together to maximize throughput.
Service Continuity Management Ensures that services achieve agreed and expected performance cost effectively and satisfy current and future needs. Works with all practices and service owners to provide IT services to support business requirements.
Monitoring & Event Management Systematically observes services and service components, and records and reports selected changes of state identified as events. All practices and organizational units should benefit through monitoring and event management
Service Configuration Management Ensures that accurate and reliable information about the configuration of services and the Configuration Items (CIs) that support them is available to all. Depends on all practices adhering to Service Configurations requirements with 100% accuracy.
Business Analysts The purpose is to analyze a business, define its associated needs, and recommend solutions to address these needs. Works with all service owners, practice owners, and business units to ensure high business productivity and service value levels.
Service Design Designs products and services that don't break (i.e., cause incidents) and support users' productivity. SVT tests all releases to ensure no defects. Service Design works with all practices, particularly Project Management.
Service Validation & Testing Ensures that new or changed products and services meet defined requirements. Works closely with Project Management, Release, and Deployment to ensure zero deployment-related incidents.
Deployment Management Moves new or changed hardware, software, documentation, processes, or other components to live environments. Service owners, IT departments, and all IT operational services such as the Service Desk, Incident, Request Fulfillment, Knowledge Management, Service Catalog, any other teams that support users, and transition teams.
Infrastructure & Platform Management Oversees the infrastructure and platforms used by an organization. They deal with monitoring technology solutions available to the organization, including the technology of external service providers. All support teams, Problem Management, Incident, Change Enablement, Service Desk, and practice owners.
Software Development & Management Ensures that applications meet internal and external stakeholder needs in terms of functionality, reliability, maintainability, compliance, and auditability. Requires inputs from all service owners, users, Incident Management, Continuous Improvement, Service Design, Knowledge Management, Capacity, Availability, Security, and others to ensure users receive the highest standards of reliability and performance.
Continual Improvement Alignment of practices and services with changing business needs. All other practices, SVC, and the 4 Dimensions.
Information Security Protects the information needed by the business to conduct its business. All other practices and Service Design.
Relationship Management Formal links between IT and business leaders at strategic and tactical levels. All other practices and SVC.
Supplier Management Manage suppliers and their performance. All other practices.
Architecture Management Includes business, service, information, technology, and environmental architectures. Every aspect of business and IT.
Knowledge Management Maintains and improves the effective, efficient, and convenient use of information and knowledge across the organization to minimize the need to re-learn. KM manages storage, ensures knowledge integration, and is the keeper of KM templates. All practices and individuals contribute to knowledge articles across the enterprise.
Measurement & Reporting Supports good decision making and continual improvement by decreasing the levels of uncertainty. All practices should utilize approved tools and shared results.
Organizational Change Management Ensures that IT can implement organizational changes smoothly and successfully by managing the human aspects of the changes. An essential part of all Project Management initiatives as part of the SVC.
Portfolio Management Ensures the organization has the right mix of programs, projects, products, and services to execute its strategy within its funding and resource constraints. Integrates with all services as an integral part of initiating retirement. Understands how the business uses services, by whom, why, and the consequences of unavailability.
Project Management Ensures all projects are successfully delivered by following PM practices throughout the organization. Project Management provides guidance, training, and improvement of PM use throughout the organization.
Risk Management Ensures that the organization effectively handles risks and follows ISO 31000. Part of all practices' SOPs.
Service Financial Management Supports the organization's strategies and plans for service management by ensuring the effective use of resources. Supports all practices and projects by requiring sound financial practices.
Strategy Management Assists with the formulation of organization goals and adoption. Advises courses of action and resources necessary to achieve those goals. Strategy management ensures continuous improvement projects in alignment with Strategy.
Workforce & Talent Management Ensures that the organization has the right people, skills, knowledge, and correct roles in supporting business objectives. Supports all practices and organizational units.

ITIL tools supporting best practices

We have introduced you to the history and evolution of ITIL. In the early days, tool selection was slim. There have always been several specific tools for specific jobs, but the challenge was integration.
Then as ITIL v3 became an IT standard, vendors made integration simpler by consolidating Practices and tools into a single platform. Usually, these had a standard suite of Practice tools and optional ones that a company could activate by paying a license fee and turning them on. The advantage is pre-integration. As you saw in the Practices tables above, each Practice depends upon other Practices and sharing of data across Practices.
Because ITIL is the dominant guidance in most IT departments, many excellent tools for specific tasks have built-in integration. Some examples are Monitoring/Event Management, Service Catalog, Knowledge Management, Configuration Management System, and Project Management. Always ensure the vendor integrates with your entire system.
It is not our purpose in this article to compare and contrast the different ITIL suites. However, let's look at some high-level technology considerations.

Generic Requirements for all ITSM toolsets7

  1. Self-help
  2. Workflow or process engine
  3. Integrated Configuration Management System (CMS)
  4. Discovery/deployment/licensing technology
  5. Remote control
  6. Diagnostic utiliities
  7. Reporting
  8. Dashboards
  9. Integration with business practices
  10. Software as a Service (SaaS) technologies
  11. Knowledge management support

Event Management

  1. Direct interface into the organization's incident management processes
  2. Each Practice will have its requirements for events and customized responses

Incident Management

  1. Incident matching
    1. The most crucial feature of an incident management tool is the ease of creating or matching an incident to a problem!
    2. Problem Management must have these links to identify the root cause
    3. Problem Management is key to user productivity and getting out of firefighting
  2. Integrated ITIL technology
    1. Logging
    2. Integral to CMS to determine priority and possible solution
    3. Process flow engine to allow processes to be predefined
    4. Automated alerting and escalation
    5. Interfacing with event management tools
  3. Workflow and automated escalation
  4. Integrated incident ticket audit for quality assurance
  5. Incident reporting capability for lost user productivity costs

Request Fulfillment

  1. Integrated to Incident Management
  2. Integrated to Change Enablement for standard changes
  3. Front-end self-help
  4. Workflow engine with Service Catalog integration and authorization

Problem Management

  1. Integrated service management technology linking to incident management for matching the incident to problems via the service desk
  2. A Change Enablement link to get permission to fix the root cause once identified
  3. Problem Management integrated into the CMS to shorten the investigation phase and increase productivity
  4. Known Error Database (KEDB)
  5. Links to stored workarounds
  6. Integration with Problem Management analysis tools:
    1. Kepner and Tregoe
    2. Ishikawa diagrams

Knowledge Management

  1. Interfaces with every other service management Practice
  2. The Service Knowledge Management System (SKMS) can only be effective if all practices use it to store and manage their information and data
  3. The knowledge management tool selection will likely impact tool selections for all other service management practices
  4. Links maintained and audited between Problem Management's KEDB and the CMS
Service Knowledge Management System (SKMS) Diagram

Access Management

  1. Linking to HR management technology
  2. Directory services technology
  3. Change Enablement integration
  4. Request fulfillment linking
  5. Linking to standard changes

Service Desk

  1. Integration of Automated Call Distribution (ACD) system
  2. Messaging integration
  3. Remote access
  4. Knowledge management and incident-solving technology
  5. Complete telephony integration
  6. Support tools integration
  7. Known Error Database (KEDB)
  8. Workaround access from the problem database
  9. Diagnostic scripts to assist service desk staff
  10. Self-help web interface:
    1. Password change capabilities
    2. Software fix downloads
    3. Software repairs
    4. Requests to remove the software
    5. A download of additional software packages
    6. Advance notice of any planned downtime
    7. FAQs
    8. "How to" search and integrated recordings, videos, documents, etc.

Project Management

  1. Integration with service portfolio
  2. Service Financial Management integration
  3. Support different methodologies (e.g., Waterfall, Agile, Lean)
  4. Links to value chain activities
  5. Integration to progress reporting
  6. Knowledge Management Practice
  7. Service Knowledge Management System (SKMS)
  8. Service portfolio
  9. Configuration Management System (CMS)
  10. Standard operating procedures
  11. Improvement plans
  12. Linking projects to Financial Management for better cost management
  13. Business cases
  14. Policies and plans
  15. Service Design Packages (SDPs)
  16. Release plans
  17. Deployment plans
  18. The ability to generate management reports
  19. Service reports
  20. Linked to the Definitive Media Library (DML)
  21. Warranty (e.g., availability, capacity/performance, service continuity, and security management systems)
  22. SLAs
  23. IT Service Continuity Management (ITSCM) plans

Continual Improvement Register (CIR)

  1. Ability to link each IT department's CIR to one another
  2. Ability to prioritize suggestions
  3. Links to monitoring and event management
  4. Track and manage improvement ideas from identification through to final action

Relationship Management

  1. CRM to address stakeholders' needs and drivers at the strategic and tactical level
  2. Linked to Project Management for updates
  3. Linked to Service Level Management for operational support

Conclusion: ITIL fundamentals and best-practices framework

The ITIL framework, in support of an international best practice and standard ISO 20000, has had 30-plus years of experience supporting the changing needs of IT departments worldwide. It continues to mature and adapt to the changing digital landscape. As we have seen, it is a balanced approach to supporting business. To optimize service support, we cannot pick and choose which processes we want and expect the best results.
Not following ITIL and its driving practice of continuous improvement leaves businesses with IT incidents. Each incident is a loss of user productivity and, thus, a loss of revenue. The incident/productivity connection is not something that most IT departments calculate and follow. To do so would make it evident that the quality of IT services and support are critical for successful businesses.
Visionary IT departments live and breathe continuous improvement. Stopping all recurring incidents releases the company's full potential to exploit opportunities when they arise.
Footnotes:
  1. ITIL® Service Operation, The Stationary Office (TSO), 2011 edition, Forward and p.3
  2. Jim Collins, Good to Great, Why Some Companies Make the Leap and others Don't, 2001 adopted to discovering ITIL best practices for running IT organizations
  3. Ibid, ITIL Service Operations, pp 6-7
  4. ITIL Foundation ITIL 4 Edition, AXELOS 2019
  5. Ibid, pp 3-4
  6. Ibid, ITIL 4 pp. 77-167
  7. Ibid, Service Operations, pp. 217-223
Bart Barthold
Bart Barthold LinkedIn

About the Author

Bart Barthold

Bart Barthold is an independent senior ITIL instructor with years of experience in combining ITIL knowledge with practical expertise in running a world-class support organization. He has earned the certificate for the highest level of ITIL training - IT Service Manager, holds an MBA, and he has taught various ITIL certifications and hundreds of students since 2004.
Bart is known for his outstanding performance in IT service management and is a recipient of the Help Desk Institute's prestigious Team Excellence Award in 1998. He also finished second in 1997, making him one of the most decorated IT service managers in the industry.
Request a Live Demo
See It In Action
Assess Your Needs
Get the Tool
Try Giva's 30 Day Trial
Sign Up Today