ITIL® MALC - Key Concepts of the Service Lifecycle Tutorial

Welcome to the first chapter of the ITIL MALC tutorial (part of the ITIL Managing Across the Lifecycle Certification Course).

In this module, we would be revisiting some of the basic concepts of ITIL which you have learned during the ITIL foundation and intermediate courses.


In this chapter, we will cover the following topics:

  • ITIL library constituents

  • Service lifecycle

  • Value creation and realization

  • Risk management and knowledge management

Let us look into the different constituents of ITIL.

ITIL The Library Constituents

As you are well aware, ITIL stands for information technology infrastructure library and is a globally recognized best practices framework for IT service management. This library consists of core publications, complementary guidance, and web support services. We will be discussing all of these in detail.

Let’s first begin with core publications.

Core Publications

Core publications are a set of best practice guidance applicable to all types of organizations who provide IT services to a business or customer.

This set consists of five publications covering:

  • Service strategy

  • Service design

  • Service transition

  • Service operation

  • Continual service improvement

The core is iterative and multidimensional and is structured in the form of a lifecycle. It is expected to provide structure, stability, and strength to service management capabilities, with durable principles, methods, and tools. This serves to protect investments and provide the necessary basis for measurement, learning, and improvement.

The complementary guidance provides guidance relevant to industry sectors, environments and organization types. These include white papers; pocketbooks; working templates; case studies; and governance methods.

The complementary guidance provides flexibility to implement the core in a diverse range of environments. Practitioners can select complementary guidance as needed to provide traction for the core in a given business context. Web support services provide online and interactive services wherein users can access time with ITSM experts to answer questions; discuss issues or seek advice.

These support services include:

  • A glossary of terms and definitions

  • Interactive service management model

  • Online subscriber services

  • Case studies

  • Templates

In the next section, we will discuss further what the term ‘service’ means in service management.

Preparing for a career in ITIL? Check out our Course Preview on ITIL MALC here!

Managing Services and Service Management

ITIL is a service-oriented, customer focused and process-based framework. Adopting ITIL enables IT service providers to deliver quality services focused on meeting current and future requirements of its customers. In this lesson, we'll talk about the key concepts of IT service management, the first being "service."


A service is a means of delivering value to customers by facilitating outcomes customers want to achieve without the ownership of specific costs and risks.


Value is delivered to customers when the required functionality, features and performance levels are provided to enable them to perform the intended transactions, tasks or activities. The service provider owns the costs and risks related to the provision of the services, and the customer would specialize in the outcomes from the services utilized.

Services can be discussed regarding how they relate to one another and their customers.

They can be classified as core services, enabling services and enhancing services.

Core Services

Core services deliver the primary outcomes desired by one or more customers. A core service provides a specific level of utility and warranty. Customers may be offered a choice of utility and warranty through one or more service options.

Enabling Services

Enabling services are ones that are needed to deliver a core service. Enabling services may or may not be visible to the customer, but they are not offered to customers in their own right.

Enhancing services are offered additionally with a core service to make it more attractive to the customer. Enhancing services are not essential to the delivery of a core service but are used to encourage customers to use the core services or to differentiate the service provider from its competitors.

Service Assets

Service assets are a combination of capabilities and resources. The ability to transform capabilities and resources into valuable services is the essence of service management.

Service Management

Service management is a set of specialized organizational capabilities utilized for providing value to customers in the form of services. Service management capabilities are a combination of processes and functions. The maturity level of service provider’s capabilities represents their ability to consistently meet customer requirements in a timely and cost-effective manner.

Specialized Organizational Capabilities

There are specific skills required for defining the strategy, developing the designs, building, testing and implementing the solution, delivering and supporting the services and finally ensuring continual improvement during the life of the service. Hence these are termed as ‘specialised organizational capabilities.’

Service provider organizations should develop and continuously improve their capabilities to ensure alignment to changing business requirements and objectives.

IT organizations are IT service providers. Hence, these organizations should adopt the principles of service management to ensure that they deliver the outcomes required by their customers.

IT service management is concerned with the implementation and management of quality IT services that meet the needs of the business. IT service management is performed by IT service providers through an appropriate mix of people, process, and information technology.

The diagram in the following section explains the service lifecycle.

The Service Lifecycle

The diagram below represents the integration across the service lifecycle.

service lifecycle

While we shall discuss all the lifecycle stages and processes in the next few sections, let us look at the integration aspect now.

Integration Aspects

Following are some of the integration aspects that is followed across the service lifecycle.

Integration of lifecycle stages

The service provider organization has to ensure seamless integration of the lifecycle stages and processes to support and achieve the service management objective for business value realization.

Integration across the service lifecycle stages

The service knowledge management system is one important tool that enables integration across the service lifecycle stages. This system is the repository of knowledge, information, and data required for designing, developing, implementing and managing the services.

Continual feedback from one lifecycle stage to the other stages

Another important integration aspect is the continual feedback from one lifecycle stage to the other stages. This feedback ensures that service optimization is managed from a business perspective and is measured regarding the value the business derives from services at any point in time during the service lifecycle.

In the next section, we will discuss service strategy and its different processes.

Service Strategy and Process

We shall now take a high-level view of the service lifecycle. The service lifecycle consists of five stages namely – service strategy, service design, service transition, service operation and continual service improvement.

Service strategy is at the core of the lifecycle. It defines the perspective, position, plans, and patterns that a service provider needs to execute to meet an organization’s business outcomes. This stage establishes policies and principles that provide direction and guidance for the entire service lifecycle.

There are five processes discussed within the service strategy guidance.

Strategy Management

Strategy management for IT services process is responsible for defining and maintaining an organization’s perspective, position, plans and patterns about its services and the management of those services. It is also responsible for ensuring that it achieves the intended business outcomes.

Service Portfolio Management

Service portfolio management process ensures that the service provider has the right mix of services to meet required business outcomes at an appropriate level of investment. Service portfolio management considers services regarding the business value that they provide.

Financial Management for IT Services

Financial management for IT services process is responsible for managing an IT service provider’s budgeting, accounting and charging requirements. Financial management for IT services secures an appropriate level of funding to design, develop and deliver services that meet the strategy of the organization cost-effectively.

Demand Management Process

Demand management process is responsible for understanding, anticipating and influencing customer’s demand for services. Demand management works with capacity management to ensure that the service provider has sufficient capacity to meet the required demand.

Business Relationship Management

Business relationship management process is responsible for maintaining a positive relationship with customers. Business relationship management identifies customer’s needs and ensures that the service provider can meet these needs with an appropriate catalog of services.

We understood the service strategy and its different processes now we will proceed to service design and its processes.

Service Design and Process

Service design stage takes care of the design of the services, governing practices, processes and policies required to realize the service provider’s strategy and to facilitate the introduction of services into supported environments.

All aspects required for transitioning and operating the new or changed services are documented in the service design package.

Service design adopts a holistic approach by considering all five aspects, namely;

  • Services
  • Management information systems and tools 
  • Technology architectures 
  • Processes 
  • Measurement methods and metrics.

The service design guidance discusses eight processes.

Design Coordination Process

The design coordination process ensures that the goals and objectives of the service design stage are met by providing and maintaining a single point of coordination and control for all activities and processes within the design stage of the service lifecycle.

Service Catalog Management

Service catalog management provides a single source of consistent and accurate information on all operational services and those being prepared to be run operationally and ensures that the service catalog is widely available to those who are authorized to access it.

Service Level Management

Service level management is responsible for ensuring that all current and planned IT services are delivered to the agreed achievable targets. This is accomplished through a constant cycle of negotiating, agreeing, monitoring, reporting on and reviewing IT service targets and achievements and through the instigation of actions to correct or improve the levels of service delivered.

Availability Management Process

Availability management process ensures that the level of availability delivered in all IT services meets the agreed availability needs and service level targets in a cost-effective and timely manner. Availability management focuses on meeting both the current and future availability needs of the business.

Capacity Management Process

Capacity management process is responsible for ensuring that the capacity of IT services and the IT infrastructure can meet the agreed capacity and performance related requirements in a cost-effective and timely manner.

Capacity management considers all resources required to deliver an IT service and is concerned with meeting both the current and future capacity and performance needs of the business.

Capacity management includes three sub-processes - business capacity management, service capacity management and component capacity management.

Service Continuity Management

IT service continuity management supports the overall business continuity management process by managing the risks that could seriously affect IT services and thereby ensure minimum agreed business continuity-related service levels.

Security Management Process

Information security management process tries to align IT security with business security and ensure that the confidentiality, integrity, and availability of the organization’s assets, information, data and IT services always matches the agreed needs of the business.

Supplier Management Process

Supplier management process is concerned with obtaining the value for money from suppliers and to provide seamless quality of IT service to the business by ensuring that all contracts and agreements with suppliers support the needs of the business and that all suppliers meet their contractual commitments.

Next, let us learn about service transition and its various processes.

Service Transition and Process

Service transition ensures that new, modified or retired services meet the expectations of the business as documented in the service strategy and service design stages of the lifecycle.

This stage is also responsible for the transition of an organization from one state to another while controlling risk and supporting organizational knowledge for decision support.

There are seven processes covered under the service transition guidance.

Transition Planning and Support

The first process, transition planning, and support provides overall planning for service transitions and facilitates coordination of the required resources.

It is mainly concerned with ensuring that all relevant plans for service transition are in place and the support and coordination activities are taken care of and ensure smooth and successful transitioning of new, changed or retired services.

Change Management

The second process, change management, is responsible for controlling the lifecycle of all changes, enabling beneficial changes to be made with minimum disruption to IT services.

It ensures that changes are systematically managed to optimize risk exposure, minimize impact, make implementations successful at the first attempt and to keep all stakeholders informed promptly.

Service Asset and Configuration Management

The third process, service asset and configuration management, ensures that the assets required to deliver services are properly controlled, and that accurate and reliable information about those assets is available when and where it is needed. This information includes details of how the assets have been configured and the relationships between them.

Release and Deployment Management

The fourth process, release and deployment management, is responsible for planning, scheduling and controlling the build, test, and deployment of releases and to deliver the new functionality required by the business while protecting the integrity of existing services.

Service Validation

The fifth process, service validation, and testing ensures that new or changed IT service matches its design specification and will meet the needs of the business. Service validation and testing is the ’quality assurance’ part of the service solution. The utility and warranty of services delivered in live environment reflect the efficiency and effectiveness of this process. While validation ensures meeting business requirements, testing is concerned with meeting specifications.

Change Evaluation

The sixth process, change evaluation, provides a consistent and standardized means of determining the performance of a service change in the context of likely impacts on business outcomes and on existing and proposed services and IT infrastructure. This information enables change management to take appropriate decisions.

Knowledge Management

The last process, knowledge management, ensures systematic gathering, categorizing and storing data, information, and knowledge. It enables availability of information and data in the right place at the right time for taking informed decisions and improves efficiency by reducing the need to rediscover knowledge.

Now that we have learned about service transition, the next section is service operation and its processes.

Service Operation and Process

Service operation stage coordinates and carries out the activities and processes required to deliver and manage services at agreed levels to business users and customers.

Service operation also manages the technology that is used to deliver and support services. It is at this stage that the actual value of the service is realized by the business, customers, and users. Thus, this stage is responsible for sustaining, maintaining and continually improving the active services – in line with the customer expectations.

There are five processes discussed under service operation guidance.

Event Management Process

Event management process is concerned with detecting events, making sense of them and determining the appropriate control action. It also forms the basis for operational monitoring and control and can help in automating many routine operations management activities.

Incident Management Process

Incident management process is responsible for restoring normal service operation as quickly as possible and minimizing the adverse impact on business operations. In doing so, incident management ensures that the agreed levels of service quality are maintained.

Request Fulfillment Process

Request fulfillment process provides a channel for users to request and receive standard services for which a predefined authorization and qualification process exists. It also provides information to users and customers about the availability of services and the procedure for obtaining them.

Problem Management Process

Problem management process is concerned with managing the lifecycle of all problems from initial identification through further investigation, documentation and eventual removal of these problems. It strives to minimize the adverse impact of incidents and problems on the business that is caused by underlying errors within the IT infrastructure and to proactively prevent recurrence of incidents related to these errors.

Access Management Process

Access management process is responsible for allowing users to make use of IT services, data or other assets. Access management helps to protect the confidentiality, integrity, and availability of assets by ensuring that only authorized users can access or modify them.

Access management implements the policies of information security management and is sometimes referred to as rights management or identity management.

We will now move on to the concept of continual service improvement in the next section.

Continual Service Improvement

Continual service improvement ensures that services are aligned with changing business needs by identifying and implementing improvements to IT services that support business processes.

The performance of the IT service provider is continually measured and improvements are made to the processes, IT services, and IT infrastructure to increase efficiency, effectiveness and reduce cost.

This stage of the service lifecycle enables creating and maintaining value for customers through better strategy, design, transition and operation of services. It also enables achieving incremental as well as large-scale improvements in service quality, operational efficiency, and business continuity.

More importantly, it takes care so that the service portfolio continues to be aligned with business needs.

The seven-step improvement process is covered as part of the continual service improvement guidance.

The seven-step improvement process is responsible for defining and managing the steps needed to:

  • Identify
  • Define
  • Gather
  • Process
  • Analyze
  • Present
  • Implement improvements.

Opportunities for improvement are recorded and tracked in the CSI register.

The concept of service value is represented in a diagram which we will discuss below.

Concept of Service Value

We have earlier seen that a ‘service is a means of delivering value to customers.’

Value is a combination of utility and warranty. We shall now do a quick recap of these two terms. The utility of service represents its functionality and features. It denotes whether the service can meet its desired outcomes.

In other words is it ‘fit for purpose’?

The utility also represents aspects that support the performance of business assets or removal/reduction of constraints faced. Thus, the utility has a positive effect on the activities/tasks associated with the desired business outcomes.

Warranty, on the other hand, is concerned with the performance efficiency of the service. It represents the level of availability, capacity, continuity, and security of the service. In other words is the service ‘fit for use’? It must be noted that warranty is a representation of all the four factors together and not any one of them or a few of them. 

A customer will be able to effectively achieve the desired outcomes only when all the required features and functionality are available, and all aspects of the performance also match the business requirements.

concept of service value

In this section we discussed the concept of service value, now let’s move on to the different characteristics of value.

Characteristics of Service Value

Let us now look at the characteristics of value.

The primary characteristic of ‘value’ is that it is defined by customers.

The value of a service is determined by the person who receives or uses the service rather than the provider of the service. In other words, it is the customers who will decide what they will do with the service, what return and objectives they will achieve by utilizing the service. Thus the ultimate decision as to whether a service is valuable or not rests with the customers.

The second characteristic of ‘value’ is that it is an affordable mix of features. Customers normally select the service that has the best mix of features and functionality, meeting their requirements, at the price they are willing to pay.

The third characteristic is that ‘value’ represents the achievement of objectives. While some commercial organizations focus on achieving financial objectives, non-commercial or government organizations focus on other objectives.

From this perspective, the value of service is determined by measuring how far the service supports the achievement of stated objectives.

The fourth characteristic is that ‘value changes over time and circumstances.’ With changing business needs, objectives, and environmental factors, a service that is valuable today may not be valuable at a later point in time.

We will move on to the concept of service strategy.

Value of Business Service Strategy

Service strategy stage is concerned with defining a strategy for delivering services to meet the customer’s business outcomes as well as managing those services. In this direction, some benefits are derived from business from adopting and following the service strategy guidance and best practices.

Let us discuss these benefits now.

  • The first benefit of service strategy is that it supports the ability to link activities performed by the service provider to outcomes that are critical to internal or external customers.

  • The service provider will contribute to the value of the organization and not just focus on the costs incurred in providing the services.

  • Service strategy also enables the service provider to have a clear understanding of what types and levels of service will make its customers successful and then organize itself optimally to deliver and support those services.

  • Service strategy enables the service provider to respond quickly and effectively to changes in the business environment, ensuring an increased competitive advantage over time.

  • Analysis, decision making, approval and charter of new services or changes to existing services become a regular feature when the IT organization’s perspective, position, plans, and patterns are established.

  • Support the creation and maintenance of a portfolio of quantified services that will enable the business to achieve a positive return on its investment in services.

  • It represents the service provider’s commitments and investments across all customers and market spaces.

  • Service strategy facilitates functional and transparent communication for a clear understanding between the service provider and the customer.

This is mainly achieved through a well-designed and maintained service portfolio. This stage provides the means for implementing and delivering services efficiently and effectively. It ensures that all the guidelines, policies and controls are in place for the overall service management.

There is a diagrammatic representation in the next section which will help you to understand service strategy better.

Value to Business Service Strategy(contd.)

In general terms, the value of a service is measured by ’how much the customer is willing to pay for the service.’ This, in turn, depends on the extent to which the service meets the customer’s expectation. However, the value of a service needs to be looked at beyond the financial perspective.

As shown in the diagram, the value needs to be defined based on three important components.

components of value

These three components are:

  • The business outcomes achieved

  • The customer’s preferences

  • The customer’s perception of what was delivered.

Business outcomes

Business outcomes may take various forms of profitability, market share, innovation, customer satisfaction, etc.

Businesses execute various business processes, activities, plans and projects to achieve these outcomes. And these processes, projects, and activities are supported by services. Hence, an important component of value is how far the services enable and support achievement of the business outcomes.


The second component is ‘perceptions.’ Perceptions about a service are influenced by the attributes of the service.

The features, functionality, performance, and responsiveness experienced currently, or compared to previous experiences, or those compared to similar services provided by competitors also play an important role in determining the value of a service.


The third component is ‘preferences’ which are mostly influenced by perceptions. To what extent a service meets these customers preferences also influences the value of a service. Further, these preferences keep changing over time, and the service provider should align the services to these changing preferences.

In summary, apart from supporting the business outcomes, service providers have to influence the customer’s perceptions about the services provided and also respond to customer’s preferences.

The diagram to follow shows the value of service.

Curious about the ITIL MALC course? Watch our Course Preview for free!

Value to Business Service Strategy(contd.)

The diagram below depicts how customers perceive the value of a service.

value of a service

Reference Value

The ‘reference value’ represents the initial value as perceived by the customer based on do-it-yourself or existing arrangements analysis. The service provider should obtain this value through market information, discussion with the customer or from other sources.

Positive Difference

The positive difference represents the additional benefits and gains expected to be delivered by the service provider.

These are based on the additional features, functionality, and performance – the ‘utility’ and ‘warranty’ of the service when compared to the reference value service.

Negative Difference

The negative difference represents the aspects of the service that the customer has to forego or lose by investing in the service. It is essential that the service provider gathers information on customer’s requirements and meets them during service provision.

Net Difference

The net difference is the difference between positive and negative values perceived by the customer. It could be better or worse, and it is this net difference that drives the customer’s investment decision for the service.

Total Value

The final aspect is the ‘economic value of service’ which represents the total value – that is the net difference plus the reference value, of the service. This is further analyzed about the service’s ability to meet desired business outcomes and objectives.

The next section gives a diagrammatic representation to understand the IT value chain better.

Value to Business Service Strategy(contd.)

The diagram below represents a simple IT value chain.

Simple IT value chain

Value Chain

A value chain is a sequence of processes that creates a product or service that is of value to a customer.

In this example, the IT organization spends money on procuring, developing and maintaining various components required by relevant departments – in this case, the database administration department, the application management department and the application hosting department. These departments further incur amounts by way of salaries, office expenses, and overheads to manage and deliver the services.  

The database combined with applications and hosting, deliver more value than that of individual components. It is important to note that when the value is added at each step, the value of the service must grow at a higher rate than the amount spent.

Now let us look at some important rules on value addition:

Rule 1

The first rule is that the amount of value added can only be calculated once the value has been realized, that is, only after the service has achieved the desired outcome.

Rule 2

The second rule is that the value realized has to be greater than the money spent. And the third rule is that if the value realized is not greater than the money spent; then the service provider has not added any value. Rather they have simply spent money.

Hence, if IT organizations have to demonstrate that they have added value, then they must link their activities to services and then link those services to business outcomes.

Let us move on to the different responsibilities of service operation stage.

Realizing Business Value in Service Operation

It is through the service operation lifecycle stage that the business directly sees and receives value from its IT investments. Now we shall discuss the responsibilities of service operation stage from various angles.

The main responsibility of service operation is to focus on managing day-to-day activities and technology. However, it is important to understand that service operation has got a greater role to play over and above managing the day-to-day activities.

As part of the service lifecycle, the service operation is responsible for executing and performing processes that optimize the cost and quality of services and enabling the business to meet its objectives.

As part of the world of technology, the responsibilities include effective functioning of components that support services and executing operational control activities to manage and deliver services.

As part of the overall business, the responsibilities are delivering services efficiently and at an acceptable cost, delivering services within prescribed service levels and maintaining user satisfaction for IT services provided.

We will proceed further and discuss the different service operation related challenges that may put the business value at risk.

Service Operation Challenges

It is important to pre-empt challenges and take appropriate steps to overcome them.

The service operation related challenges that may put the business value at risk are as follows.

Cost of a project

It is effortless to quantify the costs of a project, but very difficult to quantify what the service will cost after three years of operation.

When organizations do not consider the costs of on-going management of services, it will impact the budgetary and return on investment targets, and hence the business perception of the value of the service may diminish.

Funding during the operational stage

It is difficult to obtain funding during the operational stage, to fix design flaws or unforeseen requirements. This is left to incident and problem management to resolve – as if it is purely an operational issue.

There could be instances where the service design might have to be reviewed and changes made requiring additional investments. If these are ignored, the value of the service, as well as customer satisfaction, is bound to deteriorate.

Funding for Tools

It is difficult to obtain additional funding for tools or actions aimed at improving the efficiency of service operation.

When all the five aspects of service design are not considered, there is a possibility of missing out on some non-functional requirements of the service. When these come up later in the lifecycle, the question arises on further funding.

Also, the fast pace of technology change may prompt further funding requests.

Lastly, where services are stable after introduction in a live environment, their performance becomes a baseline for business expectations.

Services are taken for granted, and any action to optimize them is perceived as ‘fixing services that are not broken.’ Business does not see any value added in improving or optimizing such services.

We will move on to discuss change evaluation and its impact in detail.

Service Value in Service Transition

Let us now look at how the change evaluation process within service transition stage contributes to or enhances service value.

Change evaluation, by its very nature, is concerned with value. It tries to determine the performance of a service change in the context of likely impacts on business outcomes and existing and proposed services and IT infrastructure.

Also, risks and issues related to the change are identified and managed. Change evaluation ensures that a service change will be fair, consistently and objectively evaluated. This enables establishing the use made of resources regarding delivered benefit. This information will allow a more accurate focus on value in future service development and change management.

Change evaluation also identifies and analyses the intended and unintended effects of the new or changed service. It also compares the actual performance with predicted performances. The evaluation reports support decision making by change management.

Continual service improvement can derive a great deal of intelligence for initiating further improvements to the change process as well as the predictions and measurements of service change performance.

The use of service measurement and monitoring to support lifecycle is discussed in the following section.

Using Service Measurement and Monitoring to Support Lifecycle

Monitoring and measurement are essential to manage, improve or control a service.

We shall now look at how these two aspects support the service lifecycle.

Operational monitoring

Operational monitoring forms the basis for continual service improvement. However, monitoring, measurement, and reporting can help in identifying opportunities for improvement in all lifecycle stages and all processes.

Effectiveness of a service

Next, monitoring focuses on the effectiveness of a service, process, tool, organization or configuration item. The emphasis is on identifying where improvements can be made to the existing level of service or IT performance.

Monitoring should focus on detecting exceptions and resolutions.

For instance, improvement activities are not interested in whether an incident has been resolved; instead, they focus on determining if it has been resolved within the agreed time and whether future incidents can be prevented.

If a service level agreement is consistently met over time, the continual service improvement activities may also be interested in determining whether that level of performance can be sustained at a lower cost or whether it needs to be upgraded to an even better level of performance.

We will now look into the diagrammatic representation of the process and its components in the next section.

Components of Process

This is a simple diagrammatic representation of a process and its components.

process and its components

A process consists of a set of activities.


Inputs are data and information used by the process and maybe the output from another process.


The output produced by a process has to conform to operational norms that are derived from business objectives.


A process, or an activity within a process, is initiated by a trigger. A trigger may be the arrival of input or another event.

A process includes roles, responsibilities, tools and management controls required to deliver the outputs reliably.

A process may define policies, standards, guidelines, activities and work instructions if they are needed.

Processes, once defined, should be documented and controlled.

Process measurement and metrics can be built into the process to control and improve the process.

A process is owned by a process owner, who is responsible for ensuring that the process is followed; it is reviewed and improved regularly, and to achieve the process objectives.

Let us now define the term ‘process.’

Organizing IT Service Management Process Definition

Now, let us look at the definition of the term ‘process.’

A process is a set of coordinated activities combining and implementing resources and capabilities to produce an outcome, which, directly or indirectly, creates value for an external customer or stakeholder. It is also defined as a structured set of activities designed to accomplish a specific objective.

A process takes one or more inputs and turns them into defined outputs. A process includes all of the roles, responsibilities, tools and management controls required to reliably deliver the outputs.

A process-oriented approach is becoming an integral part of all management and quality frameworks. Processes play a significant role in achieving and improving organizational performance and objectives.

We will move on to learn about the characteristics of a process.

Characteristics of a Process

Processes are defined with a set of objectives, and a well-defined process can improve efficiency and productivity within and across organizations and functions.

There are four key characteristics of processes.


Processes are measurable. They are performance driven, and various people derive relevant measurements for the processes executed.

For example, managers may be interested in measuring cost, quality, and other variables while practitioners may be interested in duration and productivity.

Deliver Specific Results

Processes deliver specific results. Processes are designed and implemented with the sole objective of achieving specific results.

Results to Customers

Processes deliver primary results to customers. Processes are implemented with a key focus on meeting customer’s requirements and expectations.

Response to Event

Processes respond to a specific event. Processes are initiated by specific triggers or events. They may be on-going or iterative, but every instance is traceable to a specific trigger or event.

We looked into the different characteristics of the process, let’s proceed further and discuss the different terms relating to organizational structure.

Organizing IT Service Management Organization Structure

In an organization, the most commonly used terms are ‘functions’ and ‘roles.’

Let us do a quick recap of these two terms.


A function is a team or a group of people and the tools or other resources they use to carry out one or more processes or activities. Functions are units of organizations specialized to perform certain types of work and are responsible for specific outcomes. They are normally self-contained organizational units constituting resources, capabilities, and tools.

Based on the size of an organization, functions may be further divided into departments or teams. Service desk, application management, technical management and IT operations management are the four functions detailed in-service operation publication of ITIL.


A role is a set of responsibilities, activities, and authorities granted to a person or team. A role is defined in a process or function. Roles should not be confused with job titles and designations as one person may play different roles in different contexts.

For example, a service delivery manager may perform the roles of change manager, service level manager and continuous improvement manager. It is important to note that while assigning more than one role to a person, there should be no conflict of interest concerning responsibilities assigned to these roles.


A group is informal organizational structures with people performing similar activities. It is possible that the members of the group may work on different technologies or report into different organizational structures or may even belong to different companies.


A team is a more formal type of group comprising of people working together to achieve a common objective. Teams are generally formed for dealing with a situation of a temporary or transitional nature. The people in the team may not be in the same organizational structure.


Departments are formal organizational structures which exist to perform a specific set of defined activities on an on-going basis. Departments have a hierarchical reporting structure with managers who are usually responsible for the execution of the activities and also for day-to-day management of the staff in the department.


A division is a self-contained unit with some departments grouped by geography, product line or some other criteria.

The next section deals with connecting with processes and functions with RACI matrix.

Connecting with Processes and Functions RACI Matrix

A key element of process designing is detailing the roles and responsibilities as clearly as possible. As services, processes and their component activities run through an entire organization, the individual activities should be mapped to well-defined roles.

RACI model is an effective way of defining the roles and responsibilities of processes and activities. It provides a compact, concise, easy method of tracking who does what in each process and enables decisions to be made quickly and with confidence.

The acronym RACI stands for:

Responsible: The person or people responsible for getting the job done.

Accountable: The person who has ownership of the quality and the result of the activity. Only one person can be accountable for each task.

Consulted: The people who are consulted and whose opinions are sought—especially subject matter experts and senior management.

Informed: The people who are kept up-to-date on the progress of the activities.

Some organizations have added more roles and have come up with some variations of RACI.

One such variation is RACI-VS. Where the additional ‘v’ stands for ‘verifies’: The person or group that checks whether the acceptance criteria have been met; and ’S’ stands for ‘signs off’: The person who approves the verified decision and authorizes the product hand-off. This could be the accountable person also.

Another variation is RASCI. Where the additional ‘s’ stands for ‘supportive’: The person or group that provides additional resources for conducting the work or plays a supportive role in implementation.


Service owner







Chief Architect



Create a framework for defining IT services







Build an IT service catalog







Define SLA for critical IT services







Monitor and report SL performance







Review SLAs, OLAs, and UCs







Review and Update IT service catalog







Create service improvement Plan







We will learn about the different aspects of risk management now.

Risk Management

We shall now discuss some basic concepts of risk management.


A risk may be defined as uncertainty of outcome, whether a positive opportunity or negative threat. It is the fact that there is uncertainty that creates the need for attention and formal management of risk. The purpose of formal risk management is to enable better decision-making based on a sound understanding of risks and their likely impact on the achievement of objectives.

There are two distinct phases to support risk-related decision making – Risk assessment and Risk management.

Risk Assessment

Risk assessment is concerned with gathering information about exposure to risk so that the organization can make appropriate decisions and manage risk in a right way. It includes analyzing the value of assets to the business, identifying threats to those assets and evaluating how vulnerable each asset is to those threats.

Risk Management

Risk management is concerned with the identification, selection, and adoption of countermeasures justified by the identified risks to assets regarding their potential impact on services if a failure occurs and the reduction of those risks to an acceptable level.  

It involves having processes in place to monitor risks, access to reliable and up-to-date information about risks, the right balance of control in place to deal with those risks and decision-making processes supported by a framework of risk analysis and evaluation.

There some risk management frameworks developed and established by various organizations and institutions.

The key ones are:

  • Management of Risk (M_o_R)

  • ISO 31000

  • ISO/IEC 27001

  • Risk IT

We shall briefly discuss these frameworks in the next few sections. We will start with management of risk in the next section.

Management of Risk(M o R) Framework

Let us start with management of risk framework. ‘Management of risk’ also known as M_o_R in the short form, is the OGC methodology for managing risks.

It guides organizations to put in place an effective framework for risk management. It also details the activities required to identify and control the exposure to risks, which may have an impact on the achievement of organization’s business objectives.

The diagram below illustrates the ‘management of risk’ framework.

MoR framework

This framework is based on four core concepts which we shall discuss now.

M_o_R principles.

These are high-level and universally applicable good practices that are fundamental to the development and maintenance of a good risk management practice in an organization.

M_o_R approach.

Establishing the approach involves adapting and adopting the general principles to suit organizational requirements. This approach needs to be agreed and defined within the risk management policy, process guide, and strategies.

M_o_R process.

The process consists of four steps:

  • Identity
  • Assess
  • Plan
  • Implement

Each step describes the inputs, outputs, tasks, and techniques involved to ensure that the overall process is effective.

Embedding and reviewing M_o_R

This ensures that the established approach and process are consistently applied across the organization and that their application undergoes continual improvement for them to be effective.

Communication is at the core. The principles, approach, process and improvement actions need to be communicated to all concerned to ensure the effectiveness of ‘management_of_risk.’

We shall now look into the diagrammatic representation of the ISO 31000 in the next section.

ISO 31000 Risk Management Approach

ISO 31000 is a process-oriented approach to risk management. It provides a broad scope for organizations to adopt the high-level principles and tailor them to meet their specific needs and circumstances. ISO 31000 defines risk as ‘the effect of uncertainty on objectives.’

The diagram below illustrates the risk management approach.

risk management approach

The initial steps under this risk management approach are as follows.

  • The designing of a framework for managing risk across all levels of the organization.

  • Gaining an understanding of the organization and its context.

  • Establishing risk management policy Once the framework has been established and the context understood, risk assessment is undertaken.

The risk management approach consists of three steps:

  • Risk identification

  • Risk analysis

  • Risk evaluation

Risk Identification

The risk identification step is intended to create a comprehensive list of risks based on those events that might create, enhance, prevent, degrade, accelerate or delay the achievement of the organization’s objectives.

Risk Analysis

Risk analysis involves developing a full understanding of the risks as an input to risk evaluation and the decisions regarding the plan for treating the risks.

Risk Evaluation

Risk evaluation is performed to make decisions about which risks require treatment and the relative priorities amongst them.

Risk treatment involves the modification of risks using one or more approaches.

These approaches are not necessarily mutually exclusive and may include:

  • Avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk

  • Taking or increasing the risk to pursue an opportunity

  • Removing the risk source

  • Changing the likelihood

  • Changing the consequences

  • Sharing the risk with another party or parties

  • Retaining the risk by informed decisions.

Let us understand more about ISO/IEC 27001.

ISOIEC 27001

ISO/IEC 27001 is an information security management system intended to bring information security under explicit management control. Though ISO/IEC 27001 is a security standard, the risk management methods described in this standard may be applied to general risk management activities and overall service provision.

This standard suggests that management should:

  • Systematically examine the organization’s information security risks, taking account of the threats, vulnerabilities, and impacts

  • Design and implement a coherent and comprehensive suite of information security controls and other forms of risk treatment, such as risk avoidance or risk transfer, to address those risks that are deemed unacceptable

  • Adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an on-going basis.

The risk management steps recommended by this standard include:

  • Defining the risk assessment approach of the organization;

  • Identifying the risks,

  • Assets and the owners of the assets;

  • Identifying the threats to these assets;

  • Identifying the vulnerabilities that might be exploited by the threats;

  • Analysing and evaluating the risks and assessing the business impacts on the organization;

  • Estimating the levels of risk and determining which are acceptable and require treatment

  • Identifying and evaluating options for the treatment of risks.

Let us look into the diagrammatic representation of the different principles of risk IT.

Risk IT

Risk IT provides a framework for effective governance and management of IT risk and is published by ISACA.

The key principles of risk IT are that IT risks governance and management should always connect to the business objectives, and management of IT-related business risk should be aligned with overall enterprise risk management.

The framework constitutes three domains namely -

  • Risk governance

  • Risk evaluation

  • Risk response

Risk Governance

Risk governance ensures that IT risk management practices are embedded in the enterprise, enabling it to secure optimal risk-adjusted return.

Risk Evaluation

Risk evaluation ensures that IT-related risks and opportunities are identified, analyzed and presented in business terms.

Risk Response

Risk response ensures that IT-related risk issues, opportunities, and events are addressed in a cost-effective manner and line with business priorities.

The diagram below illustrates the  frameworks involved in risk management

frameworks involved in risk managemnet

We will move on to discuss more knowledge management.

Want to check out our course preview of ITIL MALC? Click here to watch!

Knowledge Management and SKMS

Knowledge management can be represented by the ‘Data-Information-Knowledge-Wisdom’ structure. It is also popularly known as the DIKW structure. Data is a set of discrete facts.

Organizations capture various types of data relating to people, process, activities, performance, etc. Data is generally stored in structured databases for further use. Processed data or meaningful data is known as information. Information comes from providing context to data.

The key knowledge management activity around information is managing the content in a way that makes it easy to capture, query, find, re-use and learn from experiences so that mistakes are not repeated, and work is not duplicated.

Following are some of the characteristics of knowledge management.

  • Knowledge is gained from analysis of information.
  • It also includes the experiences, ideas, insights, values, and judgments of individuals.
  • Knowledge is dynamic and context-based.
  • Knowledge puts information into an ‘ease of use’ form, which can facilitate decision-making.
  • Wisdom is the ability to make informed decisions by knowledge gained.

All the data, information and knowledge captured and processed at various stages of the lifecycle, from various processes and activities are essentially used to make decisions - ranging from simple to complex situations or circumstances.

Knowledge management system

The following section diagrammatically represents the service knowledge management system.

Knowledge Management and SKMS(contd.)

Service knowledge management system or SKMS is a set of tools and databases that are used to manage knowledge, information, and data.

It includes the tools for collecting, storing, managing, updating, analyzing and presenting all the knowledge, information and data that an IT service provider will need to manage the full lifecycle of IT services.

The service knowledge management system includes the configuration management system, as well as other databases and information systems.

The diagram in this section illustrates the relationship between service knowledge management system, configuration management system and the configuration management database.

The SKMS will contain different types of data, information, and knowledge.

These include:

  • Service portfolio

  • Agreements

  • Contracts

  • Policies

  • Plans

  • Reports

Many of these knowledge and information assets are configuration items. Changes to configuration Items must be under the control of the change management process, and details of their attributes and relationships will be documented in the configuration management system.

The key purpose of the service knowledge management system is to support the delivery of services and to make informed decisions.

We will now learn more about knowledge management in the next section.

Knowledge Management and SKMS(contd.)

Implementing a service knowledge management system enables effective decision support and reduces the risks that arise from a lack of knowledge or information.

The diagram in this section illustrates the service knowledge management architecture.

service knowledge management architecture

The four layers and components within these four layers are shown in a clear way.

Presentation Layer

The presentation layer enables searching, browsing, retrieving, updating, subscribing and collaboration. The different views can be enabled for meeting the requirements of different audiences.

Each view should be protected to ensure that only authorized people can see or modify the underlying knowledge, information and data.

Knowledge Processing Layer

The knowledge processing layer is where the information is converted into useful knowledge that enables decision-making.

Information Integration Layer

The information integration layer that provides information that has been gathered from data from multiple sources in the data layer.

Data Layer

The data layer includes tools for data discovery, data collection, and data items in unstructured and structured forms. This architecture applies to many of the management information systems, including availability management information system and the capacity management information system.

With that we have successfully concluded chapter 1, let us summarise what we have learned so far.


We have come to an end of the chapter 1 which dealt with the key concepts of the service lifecycle. Let’s look into the key points that we have learned so far:  

  • ITIL –Library Constituents

  • Definition of Service and Classification of Services

  • Service Management and IT Service Management

  • The Service Lifecycle

  • Service Strategy and processes

  • Service Design and processes

  • Service Transition and processes

  • Service Operation and processes

  • Continual Service Improvement and processes

  • Service Value –Utility and Warranty

  • Characteristics of Value

  • Value to Business and Service Strategy

  • Realizing Business Value in Service Operation

  • Service Value in Service Transition

  • Using Service Measurement and Monitoring to support lifecycle

  • Definition and characteristics of Process

  • Functions, Roles, and RACI

  • Risk Management : M_o_R, ISO 31000, ISO/IEC 27001 & Risk IT

  • Knowledge Management and SKMS


Next, in the second chapter, we will learn about Communication and Stakeholder Management.

  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Request more information

For individuals
For business
Phone Number*
Your Message (Optional)
We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Work Email*
Phone Number*
Job Title*