ITIL - Service Design Processes Tutorial

Welcome to the seventh chapter of the ITIL Foundation tutorial (part of the ITIL® Foundation Certification Training). This lesson provides an overview of the processes involved in service design.


After completing this lesson, you will be able to:

  • Describe the eight processes of service design

  • List the aspects of governance resulting from design coordination

Service Catalog Management - Overview

Let us start with an overview of service catalog management.

Service catalog management is the first process of service design phase of IT Service Management.

The nearest analogy to the service catalog for IT services is the menu card of a restaurant. The service catalog is a written statement that mentions the IT services available, prices and identification of the business processes or customers who use these services.

It should be continually updated with correct, appropriate and relevant information. This helps to communicate and transact with customers.

Let us now focus on the purpose, objective and scope of service catalog management.


The purpose of the service catalog is to have a single source of information on all operating services as well as the services prepared to run operationally. This catalog is made available to authorized people.

Let us now understand the objective of service catalog management.


Service catalog management helps to manage the information contained in the service catalog. It also helps to maintain the current details of all services accurately. The details include the interface, status, and dependencies of these services. Only those who are approved can access the service catalog.


The scope of service catalog is to define, develop and maintain services and their packages. The scope also includes the production and maintenance of an accurate catalog. The service catalog should be aligned with the service portfolio.

Service Catalog Management Two View Structure

Now let us focus on the two view structure of service catalog management.

There are two types of views into the service catalog, namely, business and technical service catalogs.

Business service catalog

Following are the characteristics of the business service catalog.

  • It includes details of IT services, especially the relationship between business units and processes.

  • Business terminology is used to maintain the business catalog. Technical details should be explained in easy language.

  • It should always be visible to customers and users.

Technical service catalog

Following are the characteristics of travel service catalog.

  • It includes details of IT services required by customers, especially the relationship between shared services and support services.

  • It includes the records of configurations and components required for service delivery.

  • It is not visible to customers and users unless requested.

In many cases, the technical service catalog is created with the information available in the Configuration Management System or CMS.

Take a look at the two view structure image of service catalog management below.

service catalog 2 view structure in itil foundation

Service Catalog Management Three View Structure

Some organizations project the three view structure of a service catalog.

The three view structure of service catalog management includes the following:

Wholesale customer view

It includes the details of IT services offered to wholesale customers. It also comprises the details of the relationship between an organization and their customers.

This refers to customer-facing services.

Retail customer view

It includes the details of IT services offered to retail customers. It also includes the relationship between an organization and their customers.

This refers to customer-facing services.

Supporting services view

It comprises the details of IT support services, Configuration Items or CIs, components and so on. It also includes details of the relationship with customer-facing services underpinned by the organization providing IT services.

Preparing for a career in IT Service? Check out our Course Preview on ITIL Foundation here!

Service Catalog Management Three View Structure (contd.)

The image below illustrates the three view structure of service catalog management.

service catalog 3 view structure in itil foundation

It shows wholesale customers and retail customers with their respective services. These services are offered with the help of supporting level services described in the technical service catalog. Such a catalog is invisible to the customers.

This supporting level catalog is linked with the Configuration Management System so that it can get the information it requires.

Role of Service Catalog Manager

Let us now discuss the role of Service Catalog Manager.

The responsibilities of the Service catalog Manager are:

  • Produce and maintain the service catalog;

  • Ensure that all operational services are recorded in the service catalog;

  • Make sure that information in the service catalog is accurate and up to date;

  • Ensure that information in the service catalog matches the one in the service portfolio; and

  • Make sure that information in the service catalog is protected and has an appropriate backup.

Take a look at the example of service catalog below.

example of service catalog

Service Level Management-Overview

Service Level Management or SLM negotiates, agrees and documents appropriate IT service targets with representatives of the business. It monitors and produces reports on the service provider’s ability to deliver the agreed level of service.

The purpose, objective and scope of Service Level Management are explained here.


The purpose of Service Level Management is to:

  • Make sure that all existing and planned IT services are offered to the agreed targets; and

  • Improve the level of services offered.


The objectives of Service Level Management include:

  • Defining, documenting, agreeing upon, monitoring, measuring, reporting and reviewing the level of IT service offered;

  • Improving the communication and relationship of the IT service provider with the business and customers;

  • Making sure that active measures are implemented to improve the service wherever the cost permits;

  • Ensuring that specific and measurable targets are developed for all IT services.

Let us now discuss the scope of Service Level Management.


The scope of Service Level Management is to:

  • Provide a point of regular contact and communication with the customers and business managers of an organization in relation to service levels;

  • Manage the perception and exception of the business, users, and customers; and

  • Ensure that the quality of service delivered by the service provider is matched to those expectations and needs.

Service Level Management - Process Activities

We will now focus on the process activities in Service Level Management.

Unlike other processes in ITIL, Service Level Management exists equally in the service design and Continual Service Improvement phases of IT service management. It means that some activities of Service Level Management are carried out while designing services but others are executed as part of Continual Service Improvement.

In the service design phase, Service Level Management helps to perform the following tasks:

  • Determine the service level requirements

  • Design and plan the Service Level Management process and the Service Level Agreement or SLA

  • Negotiate and decide the relevant service level targets with customers to produce SLAs

  • Negotiate Operational Level Agreements or OLAs with the internal departments

  • Agree upon the underpinning contracts with external suppliers

The image below illustrates process activities involved in service level management.

process activities in service level mangement

In the Continual Service Improvement phase, Service Level Management helps to perform the following tasks:

  • Monitor service performance against SLA

  • Produce service reports

  • Conduct service reviews and instigate improvements within an overall Service Improvement Plan or SIP

  • Review and revise SLAs, service scope and underpinning agreements

In addition, Service Level Management develops contacts and relationships. It also enables you to collate, measure and improve customer satisfaction.

Service Level Management-Key Terms

Following are the key terms related to Service Level Management:

Service Level Requirements or SLR

It includes a detailed recording of the customer’s needs, which forms the basis of design criteria for a new or modified service.

Operational Level Agreement or OLA

It is an internal agreement with another function of the same organization that supports the IT service provider to deliver services.

Service Level Agreement Monitoring or SLAM

It is a chart used to monitor and report achievements against service level targets.

The relationship between Service Catalogs and Agreements

Now let us focus on the relationship between service catalogs and agreements.

The image below illustrates the relationship between business service catalog and technical service catalog with underpinning agreements. These agreements are the SLA, OLA and Underpinning Contract or UPC.

relationship between service catalog and agreements in itil foundation

The top section of the image refers to the business processes that support some of the business services such as payroll. The next layer refers to the IT services provided to support the business processes. The final layer is the infrastructure layer that supports the IT services.

Let us take the example of payroll as a business process.

Organizations have automated payroll systems to take care of their employees’ timely salary and other financial settlements. This payroll system requires a network service to relate data collected from different sources, for example, attendance from HR data.

The payslips are emailed, so an email service is a crucial component of the payroll process. The application running the payroll process is a service in itself.

The business process and their related IT services are a part of the business catalog visible to customers. The IT services underpinning the business processes are governed by IT processes and functions to meet the business requirements. These IT services are dependent on IT components such as routers, servers, and applications. The components are procured from external suppliers.

The IT services and supporting governance and delivery mechanisms form the technical service catalog. Internal agreements and external contracts are carried out in the form of SLAs, OLAs, and UPCs. This ensures that the business processes and underlying IT services help to attain business objectives.

Service Level Management Designing SLA Structures

We will now discuss how SLAs are structured. There are a number of ways in which SLAs can be structured. Following are the important factors to consider when choosing the SLA structure:

  • Does the SLA structure allow flexibility in the levels of service delivered to various customers?

  • Does the SLA structure require much duplication of effort?

  • Who is supposed to sign the SLA?

Service Level Management Designing SLA Structures (contd.)

Now we will focus on a diagrammatic representation of SLA structures. According to ITIL®, there are three types of SLA structures known as customer-based, service-based and multi-level or hierarchical SLAs.

Let us discuss each type in detail.

Customer-Based SLA

Customer-based SLA is an agreement between individual customer groups and an organization, which covers the services used by the former. Customers prefer such an agreement because all their requirements are covered in a single document. In this case, only one person needs to sign the SLA.

For example, an individual customer group can have an agreement with an organization’s finance department. This agreement may cover the payroll, accounting, IT and other systems used by customers.

Service-Based SLA

Service-based SLA is an agreement, which includes one service for all the customers of that service. For example, an organization may establish an SLA that includes their email service for all customers of that service. The problem that may arise here is that different customers may have specific requirements for the same service. In addition, different service levels may be offered.

For example, the staff at the headquarters may be connected through a high-speed LAN, whereas the local office staff may use a low-speed WAN. In this case, one SLA has different targets.

Another dispute that may arise is by whom the SLA should be signed in case of multiple targets. However, organizations ensure that they offer common levels of service across multiple areas of their business.

In the image below, customer A needs X, Y and Z services on a daily basis.

designing sla structures in itil foundation

So this is a customer-specific SLA that the service provider can sign with customer A and charge the offerings based on that. Now there is a service provider Z which offers services at a fixed price. Customers B and C can opt for service Z based on their needs. This is termed as service-based SLA.

Multi-Level SLA

A multi-level SLA structure includes corporate, customer and service levels. Let us now discuss each level in detail. All generic issues related to Service Level Management and pertaining to all customers throughout the organization are covered at the corporate level, for example, security SLAs at the organization level.

Every employee needs to have a password of eight characters and they have to change their password every 30 days, where 30 days is the SLA. Alternatively, every employee should have their ID cards ready within 2 days of their joining.

Customer level includes Service Level Management issues specific to a customer group or business unit.

For example, the financial department in an organization needs more security compared to the others.

All Service Level Management issues relevant to a specific service, which is related to a certain customer group, are covered in the service level.

For example, the email services for a particular department such as management, need encryption and secure backup.

When deciding upon the multi-level SLA, one need not worry about SLA customization. This is because SLA customization can be done using the main SLA. It ensures that customer requirements are met. This means that corporate level SLAs apply to everybody and every department in that organization. Whereas, customer level SLAs may not apply to every department.

The content of an SLA

Now we will discuss the content of an SLA. An SLA includes contents such as:

  • An introduction to the agreement and what it proposes

  • A description of the service supported by the SLA

  • Who is responsible for what part of the service

  • The scope of the agreement

  • Applicable duration for which the service is available according to the agreement

  • Reliability of the service.

Other components of an SLA are:

  • Service availability, that is, how much service is available during the service window and beyond it

  • Customer support arrangements

  • Contact points and escalation, which constitute a communication matrix

  • Service performance

  • Security measures

  • Costs and the charging method used.

The key criteria that determine whether a component should be included in an SLA are that it must be measurable. The language used should be simple, and the content must be concise.

Service Level Management-service Review

We will now focus on service review. Service review should be done in the following ways:

  • Conduct review meetings with customers at regular intervals, for example, on a quarterly or monthly basis

  • Monitor the service achievement in the previous period, and preview issues that are likely to come up

  • Take actions to improve areas where targets are not achieved

  • Focus on any SLA breach, including the causes and the measures that can be taken to prevent any recurrence

Service Improvement Program

We will now discuss the Service Improvement Program or SIP. A service provider should take the following measures under the Service Improvement Program or SIP:

  • Identify and take actions to restore service quality

  • Service Level Management should collaborate with problem management and availability management

  • Provide feedback to relevant people for improvement

  • Set up an up-front yearly budget to fund initiatives under the SIP

  • Ensure that any third-party contract should include a SIP clause

Interfaces To Service Level Management

Following are the interfaces to Service Level Management:

  • Business Relationship Management or IT service strategy identifies business needs and focuses on the relationship between customer and provider.

  • Incident management derives solution time criteria from Service Level Management.

  • Availability management, capacity management, continuity management and security management support Service Level Management. They provide support in deciding and agreeing to the required warranty for a service.

Service Level Management Vs. Business Relationship Management

The table provides a comparison between Service Level Management and Business Relationship Management.

Service Level Management

Business Relationship Management

Negotiates SLAs (warranty) with customers

Sets up and maintains business relationships

Ensures that all service management processes, Operational Level Agreements and contracts are appropriate for the agreed service level targets

Identifies customer needs (utility and warranty)

and ensures that the service provider can meet such needs

The focus is tactical and operational

Focus is tactical and strategic

The primary measure is achieving agreed levels of service (which leads to customer satisfaction)

The primary measure is customer satisfaction (including the willingness to recommend service to others)

Supplier Management - Overview

We will start with the purpose of supplier management and follow up with its objective and scope.


The purpose of supplier management is to:

  • Obtain value for money from suppliers and manage them;

  • To make sure that quality IT services are offered to businesses; and

  • To ensure that underpinning contracts and agreements with suppliers are aligned with business needs and meet their contractual commitments.


The objective of supplier management is to

  • Manage relationships and negotiate contracts with suppliers;

  • Manage the performance of the supplier; and

  • Maintain a policy and database for suppliers and their contracts via the Supplier and Contract Management Information System or SCMIS.

Let us now discuss the scope of supplier management.


The scope of supplier management is to:

  • Monitor suppliers and their contracts;

  • Ensure that suppliers meet their targets and provide value for money; and

  • Review supplier performance and develop a consistent relationship with suppliers.

Supplier And Contract Management Information System

Now we will focus on supplier and contract database.

The supplier management process is governed by a supplier strategy and policy. The Supplier and Contract Database or SCD is established to achieve consistency and effectiveness in the implementation of the policy. The SCD forms an integrated element of a comprehensive CMS or SKMS that is Service Knowledge Management System.

The SCD records the following:

  • All supplier and contract details that include the types of services, products and so on provided by each supplier

  • Details of relationships with other associated configuration items or components of IT services;

  • Information maintained in the service portfolio and catalog.

The services provided by suppliers form a key part of the service portfolio and the service catalog. The relationship between the supporting services and the IT and business services they support is the key to providing quality IT services.

activities of supplier management process

The image above shows the activities of supplier management process, which are:

  • Evaluating suppliers and contracts

  • Establishing new suppliers and contracts

  • Measuring the performance of suppliers and contracts in the service operation and Continual Service Improvement phases of the service lifecycle

  • Renewing or terminating contracts in service operation

  • Categorising suppliers and maintaining the SCMIS.

Although supplier management is included in the service design phase of the service lifecycle, some of the activities mentioned here are also performed in other lifecycle phases.

Supplier Management And Service Level Management

Now we will discuss how supplier management and Service Level Management are related.

Negotiating the SLAs and OLAs is the responsibility of Service Level Management. Supplier management is responsible for negotiating Underpinning Contracts or UCs with external suppliers.

Care should be taken so that the UC underpins the agreed SLAs and OLAs.

Service Level Management and supplier management must communicate to ensure that the UCs align with and support the SLAs in place.

The main objective of the supplier management process is to ensure that all targets in underpinning supplier contracts are aligned with the requirements of business and agreed on targets within SLAs. This is to ensure consistent delivery of quality IT services.

The supplier management process is aligned with all corporate requirements to ensure that the supporting supplier services fulfill the business needs. It also ensures that the business is able to obtain value from these services.

Supplier Categorization

We will now focus on supplier categorization.

Suppliers are classified based on the types of services they provide or support.

Strategic Supplier

Strategic suppliers are the ones with whom a potential partnering arrangement is identified and put in place. There should be a long-term contract between the purchasing organization and the suppliers.

An example of a strategic supplier is a network service provider offering global network service and support.

Tactical Supplier

Tactical suppliers are those who improve services by providing the resolutions for incidents.

An example of a tactical supplier is a hardware maintenance service provider offering solutions to server hardware problems.

Operational Supplier

Operational suppliers are involved in the daily maintenance of IT services.

An example of an operational supplier is a web hosting service provider, who offers space for hosting low-impact and low-usage websites or internally used IT services.

Commodity Supplier

Commodity suppliers are the ones who supply the materials to maintain IT services, for example, a printer cartridge supplier.

Value and impact of different suppliers versus the risk impact

The image below demonstrates the value and impact of different suppliers versus the risk impact associated with them.

supplier categorization in itil foundation

The strategic suppliers are at a high value and high-risk impact because they form an integral part of an organization. Such suppliers may sometimes force the client to re-strategize their business methods if the service is impacted.

Operational suppliers are just above medium value but they are at low-risk impact because all the operational activities are affected if operational suppliers are impacted.

Tactical suppliers are at medium value and medium risk impact. Whereas, commodity suppliers are at a low value and low-risk impact.

Role Of Supplier Manager

Now we will discuss the role of Supplier Manager.

The role of Supplier Manager includes the following tasks:

  • Ensuring that supplier management goals are met

  • Assisting in the development and monitoring of contracts and SLAs

  • Ensuring that IT suppliers and contracts provide value for money

  • Making sure that IT suppliers follow processes conforming to the standard terms and conditions

  • Maintaining and reviewing an SCD

  • Reviewing and executing risk analysis of all contracts and suppliers regularly

  • Ensuring that underpinning contracts and SLAs are aligned with customer needs

  • Finding out the scope of all supporting services and documenting them

  • Ensuring that all roles and relationships between the Supplier Manager and others are identified.

Capacity Management-Overview

Capacity management is the process that manages the right capacity, at the right location, at the right moment, for the right customer and against the right costs. We will start with the purpose and follow up with the objective and scope of capacity management.


The purpose of capacity management is to ensure that:

  • The IT capacity employed to offer IT services in all areas is cost-effective.

  • The IT capacity matches the existing and future business requirements.


The objective of capacity management is to:

  • Produce a capacity plan and keep it updated.

  • Guide the business and the IT team on issues related to capacity and performance.

  • Make sure that all service performance targets are met or exceeded.


The scope of capacity management is that it:

  • Helps in planning for short-term and long-term business requirements based on the resources available for IT service delivery.

  • Aids in scheduling staffing levels, human resources, skill levels and capacity levels.

Capacity management provides the predictive and ongoing capacity indicators needed to align capacity with demand. It helps to find the right balance between resources and capabilities, and demand. Too many resources and capabilities lead to increased cost. Whereas, fewer resources and capabilities result in decreased performance.

Capacity Management - Process Activities

We will now discuss the process activities related to capacity management.

The aim of capacity management is to balance the demand and capacity. It ensures that capacity is managed to fulfill the demand. Let us understand how capacity management performs this job.

The capacity management process starts with two activities.

Activity 1

The first activity is making adjustments to the capacity based on inputs from demand management and service strategy.

For example, a telecom provider wants to introduce video calling as a service. This requirement is forwarded to the IT department of the provider. The IT department arranges additional capacity to manage the demand for the new service.

Activity 2

The second activity in the capacity management process is ongoing measurement, monitoring, and tuning of IT components that support an IT service. This ensures that the current capacity does not affect the performance of services offered.

For example, if free space on the hard disk of a critical server approaches its limit, which can be found out through monitoring, the unnecessary files can be deleted to regain the free space.

The image below illustrates process activities of capacity management.

process activities in capacity management


The deletion of files to restore free space is called tuning.

The other activities of capacity management include application sizing and modeling. It means that if a business process or an application supporting a business process is introduced, the IT components should be designed to meet the requirements of that process or application.

Sizing requires modeling, which is forecasting the behavior of IT infrastructure under certain conditions. One such condition may be the users of a service being doubled. Such a change is usually planned, but sizing helps to create a buffer for unpredictable changes.

A key activity of the capacity management process is capacity planning.

Capacity planning

Capacity planning is typically a periodic activity aligned with the financial cycle and changing demands of the business. It includes an assessment of the current installed capacity and the future needs of the capacity.

A key activity in the capacity management process is reporting.


The Service Owner reports periodically on the demands made on the current capacity, performance of the service under these demands and other requirements of the users of that service.

All data from demand management forecasts, monitoring of capacity, performance reports and capacity plans are maintained in a database. This database is called Capacity Management Information System or CMIS.

The maintenance of this database is another activity of the capacity management process. It ensures that the information available to decision-makers is up-to-date and accurate.

Sub Processes in Capacity Management

We will now focus on the sub-processes of capacity management.

IT service delivery is logically divided into three layers such as business process, IT services, and IT components. Capacity is managed at all these layers to ensure that the business is provided with efficient and consistent IT services.

Each layer’s capacity is managed differently, so capacity management is divided into three sub-processes. These are business, service and component capacity management.

Let us know the sub-processes in detail.

Business Capacity Management

Business capacity management includes the following tasks:

  • Managing capacity to meet the future business requirements for IT services

  • Identifying changes in the business to assess how they can impact capacity and performance of IT services

  • Planning and implementing sufficient capacity in an appropriate timeframe

Service Capacity Management

Service capacity management includes the following tasks:

  • Managing and predicting the end-to-end performance and capacity of live services

  • Establishing baselines

  • Profiling the use of services, including components and subservience that affect user experience

Component Capacity Management

Component capacity management includes the following tasks:

  • Identifying and managing individual components of the IT Infrastructure, for example, CPU, memory, disks, network bandwidth, and server load

  • Evaluating new technology and ways to leverage it

  • Balancing loads across resources for optimum performance of services

All three sub-processes collate their data and report to Service Level Management and financial management.

Capacity Management - Capacity Plan

Let us now discuss the capacity plan. The capacity plan is used in all areas of the business and IT management. It is used as a basis for decision-making.

The capacity plan includes the following details:

  • Information on the current usage of service and components, and plans for the development of IT capacity to meet the needs of existing and new services

  • Details of the capacity of IT infrastructure

  • Planning input for multiple areas of the business and the IT service

Availability Management - Overview

We will now focus on an overview of availability management.

Availability is the percentage of agreed service hours for which the component or service is available. The availability and reliability of IT services can directly influence customer satisfaction and reputation of the business. This is why availability management is essential.

We will start with the purpose and follow up with the objective and scope of availability management.


The purpose of availability management is to:

  • Ensure that the level of service availability matches or exceeds the current and future needs of the business; and

  • Make sure that service availability is cost-effective and timely


The objective of availability management is to:

  • Provide a point of focus and management for all availability-related issues.

  • Create and maintain a service availability plan.

  • Ensure that proactive measures are implemented to improve the availability of services, wherever it is cost-justifiable to do so.


The scope of availability management is to:

  • Comprehend current business processes including their operation and requirement.

  • Get an idea of future business plans and requirements.

  • Understand the service targets and the current IT service operation and delivery.

Availability Management - Key Terms

Some of the key terms associated with availability management are availability, reliability, maintainability, and serviceability.


It is the percent time of agreed service hours for which the component or service is available.


It is a measure of how long a component or IT service can perform its agreed operation without interruption.


It is a measure of how quickly and effectively a component or IT service can be restored to normal working after a failure.


It is the ability of a third-party supplier to meet the terms of its contract that includes agreed levels of reliability, maintainability or availability for an IT service or component.

Vital Business Functions or VBFs

These are the business critical elements of the business process supported by an IT Service.

For example, in case of a mobile phone, the VBF is the ability to make or receive calls. However, instead of focusing to make the call experience better, resources may be spent on improving the camera quality or amount of memory supported by the phone.

In this case, the VBFs are not being addressed.

Service availability

It includes all aspects of service availability and unavailability, and the impact of component availability, or the potential impact of component unavailability on service availability.

Component availability

It includes all aspects of component availability and unavailability.

Availability Management - Expanded Incident Lifecycle

We will now discuss the expanded incident lifecycle related to availability management.

The expanded incident lifecycle enables the total IT service downtime for any given incident to be divided and mapped against the major stages that all incidents go through. To help you understand availability calculations, the concept of the expanded incident lifecycle is demonstrated by the image.

From the image below, it can be seen that an incident is divided into individual stages within a lifecycle that can be timed and measured.

expanded incident lifecycle in availability management

Let us take the example of a server for understanding the image.


The time the server is up and running is called uptime.


The moment the server goes down or is not available for processing, say the motherboard is not working properly, is called downtime.

Time to detect

An incident is said to happen the moment the server goes down. There is a time lag between the server going down and somebody detecting that the server has gone down. This time lag is called time to detect.

Time to record

The time to create a record for this issue is called time to record.

Time to repair

Once a record is created, it requires some time to diagnose what is wrong with the server. Once diagnosed, it takes some time to repair the issue. This is called time to repair.

Time to recover and Time to restore

Now, suppose there is a scenario where the motherboard is fixed but the server and the service dependent on it is non-functional.

In this case, the time taken after repairs to bring the server backup and restore the service is called time to recover and time to restore, respectively.

The image below refers to terms such as Mean Time Between Failures, Mean Time to Restore Service and Mean Time between System Incidents. These help to calculate availability.

Concepts Related To Expanded Incident Lifecycle

We will focus on defining the terms mentioned in the image in the previous section.

MTBF - Mean Time Between Failures

Mean Time between Failures or MTBF reports how long a service component performs its agreed function without interruption. It identifies and reports the number of disruptions along with their frequency. It is also called MTBSI.

MTBF = (Available time in hours – Total downtime in hours)/Number of breaks

MTBSI = Available time/Number of breaks

MTRS - Mean Time to Restore Service

Mean Time to Restore Service or MTRS reports how quickly and effectively a service component is restored to normal status after a failure. It includes the time from when the disruption starts till full recovery.

MTRS = Total downtime in hours/Number of breaks

MTTR - Mean Time To Repair

Mean Time to Repair or MTTR reports the time needed to repair a failed component. Repair refers to replacing the component by using the spare or asking the third party to replace it using the contract.

MTTR = Total maintenance time/Number of repairs

IT Service Continuity Management - Overview

The continuity or high availability of IT services is critical to the survival of a business. This is achieved by introducing risk reduction measures and recovery options. This is why IT Service Continuity Management or ITSCM is essential.

We will now discuss the purpose, objective and scope of ITSCM.


The purpose of ITSCM is to:

  • Support the overall Business Continuity Management or BCM process. This process includes strategies and actions needed to continue business activities in case of a disaster.

  • Ensure that the required IT technical and service facilities can be resumed within the agreed business timescale.

These facilities include computer systems, technical support, service desk and so on.


The objective of ITSCM is to:

  • Maintain a set of IT service continuity plans and IT recovery plans that support the overall business continuity plans.

  • Perform regular risk assessment and management exercises.

  • Conduct regular Business Impact Analysis or BIA that helps to identify the most important services for the organization. The BIA also enables the organization to plan their strategy.


The scope of ITSCM is to:

  • Focus on business disaster events.

  • Set critical requirements for survival of the business.

  • Maintain agreements on scope and policies.

  • Support IT service requirements.

IT Service Continuity Management - Key Terms

Following are the key terms related to IT Service Continuity Management:

Business Continuity Management or BCM

It deals with strategies and actions that can help continue business processes in the case of a disaster. It is essential that the ITSCM strategy is integrated into the BCM strategy.

Business Impact Analysis or BIA

It quantifies the impact that loss of IT service can have on the business. It identifies the most important services to the organization and is, therefore, a critical input to strategy.

IT Service Continuity Management - lifecycle Activities

Now we will discuss the activities in the ITSCM lifecycle.

ITSCM is a cyclic process, which ensures that service continuity and recovery plans are aligned with business continuity plans and priorities.

ITSCM is driven by the business risk identified by business continuity planning. It ensures that the recovery arrangements for IT services are aligned with the identified business impacts, risks, and needs.

ITSCM supports the activities in the initiation and requirements stages of Business Continuity Management. It helps to understand the relationship between the business processes and the impact of the loss of IT service on these processes. This is where the ITSCM strategy is initiated.

Once the strategy is approved, the IT service continuity plans should be produced in line with the business continuity plans. This is the implementation stage.

The ITSCM plans are developed to enable the necessary information for critical systems, services, and facilities to start or continue operating within an acceptable period of time.

Another activity in the ITSCM process is ongoing operations. This stage is about being aware and prepared for eventualities. This awareness is developed through training, reviews and audits of recovery plans, and periodic testing of those plans.

When the disaster is already declared and ITSCM plans need to be applied, it is termed as Invocation. Once the plans are put into practice and business is recovered, the IT teams incorporate the learnings into the next plan.

lifecycle activities in IT service continuity management

The image above describes the lifecycle activities involved in IT service continuity management.

Information Security Management - Overview

Information Security Management or ISM is a management activity within the corporate governance framework. It provides the strategic direction for security activities.

The term ‘information’ refers to data stores, databases, and metadata.

We will now focus on the purpose, objective and scope of Information Security Management.


The purpose of Information Security Management is to align IT security with business security. It ensures that information security is effectively managed in all service and IT Service Management activities.


The objective of ISM is to:

  • Protect the interests of those relying on information; and

  • Guard the systems and communications that deliver the information.

The protection is offered against any harm resulting from the failures of availability, confidentiality, and integrity.


Availability refers to the accessibility of information at an agreed time, for example, service desk hours and resilient systems.


Confidentiality refers to protection of information against unauthorized access and uses, for example, passwords and firewalls.


Integrity implies the accuracy, completeness, and timeliness of services and data information systems, for example, rollback mechanisms and audits.


The scope of Information Security Management is to:

  • Gather input from business security policy and plans.

  • Get an idea of the current business operation and its security requirements.

  • Understand future business plans and requirements.

  • Get a know-how of the legislative and regulatory requirements.

  • Interpret the obligations with regard to security contained within SLAs.

  • Understand the business and IT risks and their management.

Information Security Framework

Now we will focus on the information security framework.

Information security framework includes the policies, processes, standards, and tools that help an organization fulfill their objectives related to Information Security Management.

The information security framework includes the following components:

  • Information strategy closely linked to the business objectives, strategies, and plans

  • Information security organization and organization structure

  • Information Security Management System or ISMS that includes the information security policies, processes, and controls

components of information security framework

The image above shows the components invovled in information security framework.

IT Security Policy

We will now discuss the contents of an IT security policy.

Information Security Management activities are driven by an overall information security policy and a set of supporting security policies. The security policy should cover all areas of security. It should be appropriate and meet the needs of the business.

It includes the following components:

  • An overall information security policy

  • Use and misuse of IT assets policy

  • An access control policy

  • A password control policy

  • An email policy

  • An Internet policy

  • An antivirus policy

  • An information classification policy

  • A document classification policy

  • A remote access policy

  • A policy regarding the supplier’s access to IT service, information, and components

  • An asset disposal policy

The security policy is available to all customers and users. Compliance with this policy is mentioned in all service level requirements, SLAs and contracts. The policy is authorized by top executive management within the business and IT. Compliance with the policy is endorsed on a regular basis.

Curious about the ITIL Foundation course? Watch our Course Preview for free!

Information Security Management System

Now we will focus on Information Security Management System or ISMS.

Information Security Management System is based on the Plan-Do-Check-Act or PDCA cycle. It provides a basis for the development of a cost-effective information security programme that supports the business objectives.

It involves the 4 P’s including people, process, products, and technology as well as partners and suppliers. This is to ensure that high levels of security are in place.

The image below shows an ISMS that is widely used. This ISMS is based on the advice and guidance described in many sources, including ISO 27001.

information management system in itil foundation

The ISMS includes the following stages:


This is when you plan the scope of the CI, documents and important data that should be kept confidential. The documents that help to understand what needs to be secured are listed on the image.


This is when you implement the plan by introducing policies and procedures. You need to create an awareness and classify the security as given in the image.


In this stage, you perform a compliance check using different audit methods. Once the plans are implemented, you have to perform different types of audits mentioned in the image. This helps to know the compliance level to address gaps.


In this stage, you ensure that the plan and compliance check are conducted at regular intervals to maintain the level of security achieved. Once the compliance level is checked, address the gaps and improve the plan to implement it again.

Design Coordination - Overview

Design coordination is responsible for coordinating the design activities carried out by other service design processes. Let us understand the purpose, objective and scope of design coordination.


The purpose of design coordination is to:

  • Ensure that the objectives of the service design phase are met.

  • Provide and maintain a single point of coordination and control for all activities and processes in the service design phase.


The objective of design coordination is to:

  • Ensure consistent design of services to meet current and evolving business needs.

  • Coordinate all design activities across projects, changes, suppliers and support teams.

  • Maintain governance.


The scope of design coordination is to:

  • Coordinate all design activities.

  • Make sure that new or changed service solutions are designed for transition into the live environment or retirement.

Design Coordination And Governance

Now we will focus on design coordination and governance. Following are some aspects of governance that design coordination can bring:

  • Assisting and supporting each project through all activities and processes

  • Maintaining policies and guidelines for service design activities

  • Planning and forecasting resources for future demands

  • Ensuring that all the requirements are appropriately addressed during service design


Let us summarize what we have learned in this lesson:

  • Service Level Management negotiates, agrees and documents appropriate IT service targets.

  • Service Improvement Program helps to identify and take actions for improving the service quality.

  • ITSCM is essential for maintaining the continuity and high availability of IT services for the survival of a business.

  • Design coordination helps to maintain policies and guidelines for service design activities.


Next, we will look at the eight chapter - Service Transition.

  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Request more information

For individuals
For business
Phone Number*
Your Message (Optional)
We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Work Email*
Phone Number*
Job Title*