What is ITIL?
ITIL (Information Technology Infrastructure Library) is the world’s most widely adopted IT service management (ITSM) framework. Originally developed by the UK government in the 1980s, ITIL provides a practical, flexible framework for aligning IT services with the needs of the business. It has been adopted by organisations in over 180 countries and forms the basis of the ITIL certification scheme — one of the most widely held IT certifications globally.
What is ITIL 4?
ITIL 4, released in February 2019, is the most significant update to ITIL since version 3 in 2007. It shifted from a process-based approach to a holistic service management system — introducing the Service Value System (SVS), the Four Dimensions Model and 34 management practices. ITIL 4 was designed to work with modern delivery approaches including Agile, DevOps, Lean and cloud computing.
| Standard Body | AXELOS / PeopleCert |
| Current Version | ITIL 4 (2019) |
| Mandatory or Voluntary | Voluntary |
| Geography | Global |
| Official Resource | axelos.com |
The ITIL 4 Service Value System
The ITIL 4 Service Value System (SVS) describes how all components and activities of an organisation work together to facilitate value creation. It consists of five components.
| Component | Description |
|---|---|
| Guiding principles | Seven principles that guide decisions and actions — Focus on value, Start where you are, Progress iteratively, Collaborate, Think and work holistically, Keep it simple, Optimise and automate |
| Governance | The means by which an organisation is directed and controlled — board oversight of IT service management |
| Service value chain | Six interconnected activities that create value: Plan, Improve, Engage, Design and Transition, Obtain and Build, Deliver and Support |
| Practices | 34 management practices replacing the former ITIL v3 processes — covering general management, service management and technical management |
| Continual improvement | Ongoing improvement of services, practices and the SVS itself through regular review and adjustment |
The 34 ITIL 4 Management Practices
| General management practices (14) | |
|---|---|
| Architecture management | Continual improvement |
| Information security management | Knowledge management |
| Measurement and reporting | Organisational change management |
| Portfolio management | Project management |
| Relationship management | Risk management |
| Service financial management | Strategy management |
| Supplier management | Workforce and talent management |
| Service management practices (17) | |
| Availability management | Business analysis |
| Capacity and performance management | Change enablement |
| Incident management | IT asset management |
| Monitoring and event management | Problem management |
| Release management | Service catalogue management |
| Service configuration management | Service continuity management |
| Service design | Service desk |
| Service level management | Service request management |
| Service validation and testing | |
| Technical management practices (3) | |
| Deployment management | Infrastructure and platform management |
| Software development and management | |
Securitora Assessment
ITIL 4 is not a cybersecurity framework per se — it is a service management framework. However, it is deeply relevant to security professionals because it defines the processes (incidents, problems, changes, assets, continuity) that security controls must integrate with. Organisations with mature ITIL practices have a significant advantage when implementing security frameworks — the governance structures, process discipline and continuous improvement culture that ITIL instils are directly applicable to security management. ITIL 4’s information security management practice explicitly links to ISO 27001.
| Recommended for | IT and security teams in any organisation — especially those with managed services or complex IT environments |
| Difficulty to implement | Medium — cultural change required, not just process implementation |
| Best used with | ISO 27001 · COBIT 2019 · NIST CSF 2.0 |
| Official resource | axelos.com → |