ITIL and service management: a short introduction

| Sieuwert van Otterloo | Security

ITIL, the standard for service management, is an important standard for people who want to understand how IT is used in practice. It is especially important for professionals that want to grow beyond software development into IT management, since it complements software development really well.

IT training at Motopp

This article was created based on the ITIL training at Motopp (MOTivation and OPPortunity). Motopp helps people new in The Netherlands, such as former refugees, start a career in IT. To get started they receive a 14 week intensive training program, with one week focused on service management. Many Motopp candidates will start as developers and testers and not in service management, but even in these roles it is important to understand all IT teams. Therefore the 14 week program not only covers development but also project management, requirements, design, security, privacy and service management.

ITIL history

ITIL started in 1989 as an abbreviation for Information Technology Infrastructure Library. It was originally an initiative to standardise IT management practices, such as incident management, infrastructure maintenance and change management. The latest version of ITIL is version 4. This version was released in 2019 and is maintained by Axelos, an independent foundation. Axelos publishes a lot of material and also offers certification. The best resource to understand ITIL is the “ITIL foundation”. Axelos is also repsonsible for maintaining the Prince2 standard for project management.

ITIL version 4 is different from previous versions. This standard has been rewritten in order to emphasise value creation, instead of just executing standard process. The standard has also been extended to cover all processes in the IT department, even areas such as project management and software. The extensions are good in principle, but make the standard harder to understand and use. I would recommend to read the standard out of order. It is useful to start reading on page 160 (Change control) and continue to incident management, IT asset management, problem management and service desk.

Core service management practices

The following services form the core of service management:

  • Service desk. The purpose of the service desk practice is to collect service requests and incident reports. Service desks should provide a clear path for users to report issues, queries, and requests, and have them acknowledged, classified, owned, and actioned. The service desk has a large influence on the overall user experience. The service desk may not need to be highly technical. In most organisations, the service desk is not a physical desk, but a team that receives digital requests via a ticketing solution such as Zendesk, Topdesk or Jira.
  • Change control: Changes in software or IT can bring new features or fix current issues, but are also risky. The role of service management is to make sure any changed is carefully planned and communicated to make sure risks are minimised. All changes should be planned in a change calendar and communicated clearly to users.
  • Incident management and problem management. ITIL distinguishes incidents (An unplanned interruption to a service or reduction in the quality of a service) and problems (A cause, or potential cause, of one or more incidents). It is important that incidents are not only resolved (e.g. by resetting a server) but also studied to prevent similar issues in the future.
  • IT asset management. It organisations often have many assets (Any financially valuable component that can contribute to the delivery of an IT product or service) such as laptops, phones, servers, routers, cables and databases. Organisations need to know who owns and who uses each asset and whether assets need to be updated and replaced, to minimise risks of data loss. Organisations typically have an asset register that contains this information.

These four practices are needed in most organisations that use IT, even if organisations do not develop software. Using ITIL makes sure these processes are properly designed and properly staffed and thus help the organisation use IT effectively.

Other service management practices

ITIL v4 has a total of 26 practices:

  • 14 general management practices, from architecture management to workforce and talent management
  • 17 service management practices, from availability management to service validation and testing
  • 3 technical management practices. These are deployment management infrastructure and platform management and software development and management

These practices cover the entire service life cycle from service strategy to service design, service transition, operation to continual improvement. The idea is that ITIL should not just cover service operations (the traditional service desk) but make sure that all IT aspects are covered. ITIL professionals should help design the right services and try to improve the service provisioning. One of the good things about the latest version of ITIL is that it helps people think more strategically about services, and challenges service desk employees and other IT staff to be more involved in service design and improvement.

Who should study ITIL

The ITIL standard is important for software developers that want to learn more about infrastructure and devOps, since ITIL describes many aspects that are important for the use of IT systems. ITIL is also essential for people interested in IT management, since ITIL provides a good overview of ITIL activities. ITIL, in small quantities, is also interesting to read for people involved in information security (ISO 27001) and privacy/GDPR. Many ISO 27001 technological controls overlap with ITIL best practices, but ITIL provides additional processes like service desk that are not mentioned in ISO 27001. ITIL is also an interesting framework for IT organisation research, as was shown in 2021 in the thesis project ‘Evaluation of the combination of ITIL and DevOps practices in organizations‘.


Author: Sieuwert van Otterloo
Dr. Sieuwert van Otterloo is a court-certified IT expert with interests in agile, security, software research and IT-contracts.