Skip main navigation

Introduction to ITIL

The ITIL standard is designed to help IT teams implement and utilise best practice concepts in the delivery of their IT services.
© Coventry University. CC BY-NC 4.0
The ITIL standard is designed to help IT teams implement and utilise best practice concepts in the delivery of their IT services. It is designed to work alongside and to enhance existing IT practices. As such, it can be implemented to help improve the running of the SOC.


This is the previous version of the standard and is the one that is most commonly used. Published in 2007 and updated in 2011, the standard looks at the lifecycle of a service from the viewpoint of the following five stages (each stage is covered by its own volume).

Service strategy

The starting point. This covers understanding who the IT customers are, the service offerings that are required to meet the customers’ needs, the IT capabilities and resources that are required to develop these offerings and the requirements for executing them successfully.

Service design

Ensuring that new and changed services are designed effectively to meet customer expectations. This includes technologies and processes.

Service transition

The design is built, tested and moved into production to enable the business customer to achieve the desired value. This phase addresses managing changes.

Service operation

Service delivery on an ongoing basis, overseeing the daily overall health of the service.

Continual service improvement (CSI)

Surrounds everything else and is concerned with measuring and improving services.
ITIL service life-cycle as described above
The ITIL service lifecycle is adapted from ITIL Service Design 2011
Services themselves can be categorised as:
  • Core services
    These services deliver the basic outcomes desired by one or more customers. They represent the value that the customer wants and for which they are willing to pay.
  • Enabling services
    These are needed in order for a core service to be delivered. Enabling services may or may not be visible to the customer, but the customer does not perceive them as services in their own right.
  • Enhancing services
    These are services that are added to a core service to make it more exciting or enticing to the customer.
Another key ITILv3 concept is the process, which is defined as ‘a structured set of activities designed to accomplish a specific objective. A process takes one or more defined inputs and turns them into defined outputs.’ ITIL processes are structured using the process model which is a simple way of designing and mapping a process and must:
  • Be measurable – we need to see how successful our processes are
  • Deliver specific results – the results of a process need to be identifiable, measurable and countable
  • Deliver to a customer or stakeholder – these can be external or internal, but they are the driving force
  • Respond to specific triggers – processes must have a defined start point
The final key ITILv3 concept is that of a role, which is defined as ‘a set of responsibilities, activities and authorities granted to a person or team. A role is defined in a process or function. One person or team can have multiple roles’. The RACI model is often used to help determine roles and categorises them as follows:
  • A responsible person who is involved in carrying out a task. There can be any number of these and they will report to…
  • An accountable person who has the authority and is accountable for the task. There is only one accountable person.
  • Both responsible and accountable people might consult a knowledge store. This can be a person or another source of information.
  • Some people need to be informed of the task. These will normally be stakeholders.
The RACI model may be extended with these two additional roles:
  • A verifier checks to see that acceptance criteria have been met. This can be a person or a group.
  • When something has been verified, there needs to be somebody to sign off on the decision. This is often the accountable person.

Service strategy

In ITIL, a strategy is a plan that outlines how an organisation will meet a set of specific objectives. In most cases, this can be viewed as a set of complex, planned, state changes. A service strategy specifically defines how a service provider will use services to achieve the business outcomes of its customers, thereby enabling the service provider (whether internal or external) to meet its objectives. An IT strategy focuses on how an organisation intends to use and organise technology to meet its business objectives. An IT strategy typically includes an IT service strategy.
Key aims of the service strategy stage are:
  • Understanding what strategy is
  • Understanding what services are, and who the organisation’s customers are
  • Understanding how value is created and delivered
  • Creating a service provision model to show how services will be delivered and funded
  • Understanding if the organisation is capable of delivering the strategy
  • Identifying opportunities to offer services and being able to act on them
  • Understanding what service assets make up services and managing them appropriately
  • Putting processes in place to make sure the strategy is delivered

Service design

Once a strategy has been designed (and communicated) we are in a position to start designing services. In service design, we are trying to design services that meet our strategic goals and align with business need. Service design must also have service improvement embedded in the activities.
When undertaking the service design stage, we need to consider the following five key aspects:

Service solutions for new or changed services

The requirements for new or changed services must be obtained (these should be stored in the service portfolio which is created as part of the service strategy). Each requirement is analysed, documented and agreed, and a solution design is produced that is then compared with the strategies and constraints from service strategy to ensure that it conforms to corporate and IT policies.

The management information systems and tools, especially the service portfolio

The management information systems and tools should be reviewed to ensure they are capable of supporting the new or changed service.

The technology architectures and management architectures

Do the technology and management architectures support the new or changed service? If not then the service or architectures will need to be revised.

The processes required

Do the processes, roles, responsibilities and skills have the capability to operate, support and maintain the new or changed service? If not, the design of the new service will need to be revised or the existing process capabilities will need to be revised.

The measurement methods and metrics

Can our existing measurement methods measure the new or changed service? If not, the measurement methods will need to be enhanced or the service metrics will need to be revised.

Service transition

Service transition is about ensuring that changes to the service meet the business needs set out in the service strategy and service design and do not impact adversely on other services. Service transition is concerned with new, modified or retired services – the retirement of services being something that is often overlooked.
Service transition has three processes (change management, service asset and configuration management, an knowledge management) that support all service life cycle stages that are particularly relevant to the SOC:

Change management:

Often considered to be the key component in many ITIL implementations, this is one that we will often have to engage within the SOC. In particular, change management is concerned with:
  • Change proposal: This is defined as ‘a document that includes a high-level description of a potential service introduction or significant change, along with a corresponding business case and an expected implementation schedule’
  • Change: This is the ‘act of adding, modifying or removing anything that could have an effect on IT services’
  • Request for change (RFC): This is ‘a formal proposal for a change to be made’, normally made in a standardised manner
  • Change record: A change record contains the details of a change, including rejected changes

Service asset and configuration management (SACM):

The SACM is the process that controls any and all assets require to deliver a service. It also ensures that accurate and reliable information about these assets is available when needed.

Knowledge management:

This process is concerned with the sharing of knowledge, ideas and information to help maintain and improve services.

Service operation

Service operation is concerned with the running of a deployed service and ensuring that it is meeting the organisational needs. It is concerned with:

Event management

The purpose of event management is to be able to detect, analyse and take appropriate action in relation to events. ITIL defines an event as ‘any change of state that has significance for the management of a configuration item or a service’. Events are communicated by alerts. An alert is ‘a notification that a threshold has been reached, something has changed or a failure has occurred’.

Request fulfilment

The formal request by a user for something to be provided to them.

Access management

Related to request fulfilment, access management is a user request to be granted access to a particular resource or service. This is normally linked to your information security management policies.
  • Incident management. In ITIL, an incident is ‘an unplanned interruption to an IT service or a reduction in the quality of an IT service’. In the context of the SOC, these will normally be security incidents.
  • Problem management. In ITIL, a problem is ‘the underlying cause of one or more incidents’. Problem management is the process of resolving problems from first identification to final removal. Problem management is also concerned with preventing problems.

Continual service improvement

The purpose of continual service improvement (CSI) is to ensure that all services and service management are continually being improved. CSI has a number of objectives that will vary from organisation to organisation but typically include:
  • Ensuring that suitable metrics are in place to enable CSI, and the metrics function as expected
  • Working to improve all stages of the service life cycle (including CSI)
  • Carrying out reviews and analysis of services, service management processes and service-level performance
  • Identifying improvements to IT services, service management processes and cost-effectiveness
  • Implementing improvements without having a negative impact on customer satisfaction
  • Applying quality management to CSI


ITILv4 is a major overhaul of ITIL to make the framework more agile and to incorporate ideas from other, modern, ITSM frameworks. Although a lot of it is the same, there are a number of key differences. The most significant of these is the change of focus away from the service life cycle that provided the framework for ITILv3. That’s not to say that the service life cycle has been removed, but rather that it is presented in a different way.
Instead of the focus on the service life cycle, ITILv4 introduces the concepts of the service value system and the four dimension model. The ITIL 4 service value system includes five components:

Guiding principles:

Universal recommendations that can guide organisations in many situations, such as ‘work holistically’ and ‘keep it simple and practical’.


The governance component of the ITIL 4 service value system is about directing and controlling the organisation. (in ITILv3 this was part of service strategy).

Service value chain:

These are the key activities needed to give value to the activities. The six activities are:
  • Plan
  • Improve
  • Engage
  • Design and transition
  • Obtain/build
  • Deliver and support

Continual improvement:

Similar to the ITILv3 CSI stage.


The new name for processes. Whereas ITILv3 had 26 processes, ITILv4 presents 34 practices as ‘sets of organisational resources designed for performing work or accomplishing an objective’.
The four dimension model is the four dimensions that should be considered in ITILv4 services. These are:
  • Organisations and people
  • Information and technology
  • Partners and suppliers
  • Value streams and processes

Further reading

AXELOS (2011) ITIL Service Lifecycle Publication Suite. available from [31 July 2019]
(recommended to read if you have access, not to buy)
AXELOS (2019) ITIL Foundation [online] 3rd edn. available from [31 July 2019]


Hunnebeck, L., Rudd, C., Lacy, S., Hanna, A., and Lloyd, V. (2011) ITIL Service Design. 2nd edn. [online] London: TSO. available from [15 July 2019]
© Coventry University. CC BY-NC 4.0
This article is from the free online

Security Operations

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education