The IT Skeptic's Unofficial List of ITIL Version 3 Processes

ITIL V3 shies away from the whole concept of processes. They are avoided and obfuscated, sometimes called elements, jumbled up with functions. And most of all, the "complete" lists are all different! in an effort to get a grasp on this, here is the IT Skeptic's cross reference of them all and hence the resulting IT Skeptic's Unofficial List of ITIL Version 3 Processes (ta daaah!)
[Updated July 2010: added ITIL Lite]

Other posts on this blog you may also be interested in:
Note: the IT Skeptic isn't trying to sell you anything except my own books and the ads on these pages. Advice on anything else is impartial and not aligned with any vendor or organisation.

V3 certification
All about ITIL V3 Certification / qualifications / training

free V3 exams
ITIL Version 3 certification: eight sources of free ITIL V3 Foundation practice exams, and some ITIL Version 2 sources too!

Pass the ITIL V3 Foundation exam in six easy and free steps
If you know something about IT operations (not just development) and your IQ is in triple figures then passing the ITIL V3 Foundation exam should be no big deal and no big investment. Follow these steps.

V2 to V3 diagram
A visualisation of how ITIL Version 3 transforms ITIL version 2

Which V3 books?
Which ITIL V3 books to buy and on what media?

V3 book errors
26 errors you need to know about in the ITIL Version 3 books

ITSM library for $211
How to assemble all the ITSM reference library you need for $211

Free V3 books
How to refer to the ITIL V3 books online for free

Questions for ITIL vendors
There are some obvious criteria for a reasonable person's definition of ITIL compliant. Here are some searching questions to ask your prospective tools vendor, from the IT Skeptic

or see all the page links to the right under "About",

or try these threads:
All about ITIL on this website
All about Version 3 on this website

If you found this post useful, and you are a Facebook user, please Like this blog :

The sources cross-referenced are

0 The five ITIL V3 Core books
A Official introduction to ITIL Lifecycle p150, ISBN 9780113310616
B Official introduction to ITIL Lifecycle p154, ISBN 9780113310616
C Official introduction to ITIL Lifecycle p169, ISBN 9780113310616
D official ITIL V3 process map
E ITIL V3 qualification scheme Nov 2007 elements p6
F itSMF's An IntroductoryOverview of ITIL® V3, p41, ISBN 0-9551245-8-1
G ITSM Library Foundations of ITSM Based on ITIL V3, ISBN 978-90-8753-057-0
H 5 x ITIL V3 Key Element Guides
I ITIL LITE, ISBN 9780113312122 [10]

The minimal set they can all agree on

Financial Management
Demand Management
Service Portfolio Management
Service Catalogue Management
Capacity Management
Availability Management
Service Level Management
(Information) Security Management
Supplier Management
((IT) Service) Continuity Management
(Transition) Planning and Support
Change Management
Service Asset & Configuration Management
(Service) Validation & Testing Management
Release & Deployment Management
(Service) Evaluation (Management)
(Service) Knowledge Management
Event Management
Request Fulfillment
Incident Management
Problem Management
Access Management

The maximal set listed by at least one source

Strategy generation
Financial Management
Demand Management
Service Portfolio Management
Service Catalogue Management
Capacity Management
Availability Management
Service Level Management
(Information) Security Management
Supplier Management
((IT) Service) Continuity Management
(Transition) Planning and Support
Change Management
Service Asset & Configuration Management
(Service) Validation & Testing (Management) | (Service) Testing & Validation [12]
Release & Deployment Management
(Service) Evaluation (Management)
(Service) Knowledge Management
Event Management
Request Fulfillment
Incident Management
Problem Management
Access Management
Service Desk
(IT) Operation(s) Management [2] | Operational Process Activities [6]
Operational Change [6]
Technology Management
Service Measurement
Service Analysis
Interpreting and using metrics
Service Reporting
Assessments and baselines
(Service | 7-step | CSI) Improvement [4]
ROI [5]
Business Questions for CSI
Monitoring and Control
Technology Considerations
Application Management
Risk Management
Organizational Considerations
Managing the Planning and Implementation
Management of Strategic Change
Lifecycle Project Assessment

The cross-reference

0 A B C D E F G H I
Strategy generation [8] x x x x x x x x
Financial Management x x x x x x x x x x
Demand Management x x x x x x x x x x
Service Portfolio Management x x x x x x x x x x
Service Catalogue Management x x x x x x x x x x
Capacity Management x x x x x x x x x x
Availability Management x x x x x x x x x x
Service Level Management x x x x x x x x x x
(Information) Security
x x x x x x x x x x
Supplier Management x x x x x x x x x x
((IT) Service)
Continuity Management
x x x x x x x x x x
(Transition) Planning
and Support
x x x x x x x x x x
Change Management x x x x x x x x x x
Service Asset &
Configuration Management
x x x x x x x x x x
Release & Deployment
x x x x x x x x x x
(Service) Validation
& Testing (Management)
x x x x x x x x x x
(Service) Evaluation
x x x x x x x x x x
(Service) Knowledge
x x x x x x x x x x
Event Management x x x x x x x x x x
Incident Management x x x x x x x x x x
Request Fulfil(l)ment x x x x x x x x x x
Problem Management x x x x x x x x x x
Access Management x x x x x x x x x x
Service Desk x x x [11]
(IT) Operation(s) Management [2]

| Operational Process Activities [6]
x x x [6] x x x [11]
Operational Change [6] x
(Technology|Technical) Management x x x x x [11]
Service Measurement x[9] x x x x x x x
Service Analysis x
Interpreting and using metrics x
Service Reporting x x x x x x x x x
Assessments and baselines x
(Service | 7-step | CSI)
Improvement [4]
x x x x x x x x x
ROI [5] for CSI x x
Business Questions for CSI x
Monitoring and Control x x
Application Management x x [11]
Risk Management x
Managing the Planning and
x [3]
Management of Strategic Change x [3]
Lifecycle Project Assessment x [3]


  1. Names are inconsistent, which is shown by the brackets around parts of the names that come and go.
  2. The ITIL V3 official final qualification scheme on p6 shows both "IT Operations" and "Operations", but the duplication is not repeated later in the document so it must be an error
  3. In the same document, the "Managing Across the Lifecycle" module includes the "organizational Considerations" element listed on page 6 and also includes a number of other elements not on that list that are pretty clearly processes:
    • Managing the Planning and Implementation
    • Management of Strategic Change
    • Lifecycle Project Assessment
  4. The Official Introduction on p169 refers to both "Improve" which produces a Service Improvement Plan and a supporting element of "7 Step improvement" - are these two distinct processes? You read the CSI book and tell me.
  5. ...and then the official ITIL V3 process map modifies that last list by replacing "Improve" with "ROI", which I guess makes ROI an official process
  6. The Official Introduction on p169 also refers to "Operational Change" as an "element" which si replaced in the almost identical official ITIL V3 process map by "Operational process activities" which I'm guessing equates to "IT Operations". Anyone?
  7. The recent Mapping of ITIL v3 With COBIT® 4.1 doesn't even attempt to list the ITIL V3 processes - it just references the Official Introduction on page 150
  8. The only mention of Strategy Generation in the actual Service Strategy book is in Figure 4.19, clearly not as a process
  9. Both the Service Design and CSI Core books lay claim to Service Level Measurement as a process
  10. ITIL Lite tries to reduce ITIL to subsets, but it lists 26 processes and four functions of the full ITIL on the very first page, figure 1.1.
  11. Identified by ITIL Lite as a function, not a process
  12. So is it Service Validation and Testing or Service Testing and Validation? Service Transition manages to use both terms multiple times in section 4.5.

© Copyright Two Hills Ltd All rights reserved



Hi Skep,

'been enjoying reading your blog with the comment trail often being very informative. I have just finished studying for the Service Capability OSA exam with Marco at Charles Sturt University and highly recommend it.

You wrote: "ITIL V3 .... processes .... are avoided and obfuscated, sometimes called elements, jumbled up with functions." My experience of the ITILV3 SO book is in line with this. The SO book is a "dog's breakfast" with mixing of categories and inconsistent usage of terminology. Your post on processes above showed me that the issues are not limited to the SO book!

I am puzzled. ITIL is now in its third generation. How is it possible that these kinds of issues exist?

  • Is it lack of resources?
  • Lack of interest in consistency? Is there a benefit to the publisher in confusion?
  • Is it a symptom of lack of unity of governance in the ITIL development process?

Is the ITIL jumble a feature or a bug?

OGC outsourced the writing

Agree with your comment.

I believe the outsourcing was the problem. Five different companies created very different books and ignored each other. Reviewers had very little time to comment and generally they saw only one book. The number of stupid errors proves that the review was not very efficient. I suppose at that time it was a question of lack of time, they were already delayed.

In the end Sharon Taylor & co had to publish a mess and declare it a success. By that time the Industry (training & consulting) were selling the new stuff so there was no way anobody could back out. I see a glimmer of light in the new 3.4 Foundation curriculum which tries to sort out the material in to valuable, useful and scrap.


unfortunately have to agree

Unfortunately the lack of homogeneity and differing maturity levels in V3 go along with a lot of inconsistencies which cause a lot of additional problems and misunderstandings during process "real life" implementations and usually lead to a very time consuming process of re-co-ordination ....


Very true. Here is one more example: (I'm again trying again to write V3 Foundation which seems to be a never ending story.)

Did you know that Capacity Management has a reactive part that does Monitoring and Event Management?

"The reactive activities of Capacity Management should include:
■ Monitoring, measuring, reporting and reviewing the current performance of both services and components
■ Responding to all capacity-related ‘threshold’ events and instigating corrective action"

The lifecycle concept of separating design and operation was not clear to the authors. I mean the route should be more like: Event & Incident management -> Problem management -> Change management -> Capacity management.


You can make it fit, sort of.

As usual we could debate whether capacity management as referred to here is a process,a function or capability. Incidentally is it just me or has the move to thinking about capabilities in v3, which I thought was a real advance, been quietly forgotten about by everyone who doesn't get it?

Anyway someone has to monitor the operational capacity levels - functionally I suppose that is Operations operating with procedures provided by capacity management, which could include needing to refer it back to capacity management as part of event management - and if the event is an "exception" then they get involved as part of the incident management process.

They are talking about process

That chapter is about process activities. If we were talking about a capability, then it would be ok. But is there any talk about capabilities outside Service Strategy book? I have a strong suspicion that the authors of the books did not have access to the other books.

Maybe it could even work as a function but I would not have two functions monitoring Ops.


The new training scheme

Even a process centric view would allow capacity management to do the monitoring and detection part of incident management, wouldn't it? Functionally I would see ops doing the actual monitoring with capacity management, as a technical team, intervening when required to take corrective action or promote changes.

With four out of nine of the new intermediate courses based around capabilities I hope somebody understands they are important.

Clarity, please

No, I think there are quite enough operational processes in there without capacity management getting in. Monitoring is a ops job and reacting is event management. And who can say that a capacity event is a capacity issue? Let's look at an example. Critical application runs out of disk space during backup operation. Ops fixes situation and documents the incident. The situation repeats and a problem tickect is created. Problem management finds an error in application code. Code is fixed by change. What is the role of capacity management here?

This is not straight ITIL V2 or V3 but I think it would make a lot of sense to have capacity management in a pure planning role. It should be a function and/or a capability which ensures that there is enough capacity to run the business and also to handle unusual situations. It's connections to ops would be via problem and change management. Nothing prevents the capacity expert acting in an incident or problem management role if necessary but they should then be following the rules of that process.


The role of capacity

Ops aren't going to know what to monitor without someone telling them what is important, but even then they rely upon the specialist knowledge of capacity management to know how to react - for instance you don't want to end up with a domino failure.

As for your example - well I can see lots of reasons for capacity management involvement.

a) Capacity management should have determined the capacity requirements for the back ups and been receiving reports to let them know if their estimates of the space required and the space available were still valid.

b) The first time it happens should have triggered some capacity management activity to determine whether or not there was a potential problem, rather than just waiting for it to happen again.

c) "Problem management finds an error" Do they? Do you know problem managers who carry out code reviews? The problem management investigation, which will involve capacity management in this case, will find an error, but problem management is reliant on the relevant specialists to do the investigating.

d)Capacity management will obviously need to be involved in testing and approval of the new change to ensure it has eradicated the adverse impact on capacity management, and has not introduced new ones. They would also probably want to reconsider the trigger points for event management.

All right

All your points are good but somehow we seem to have a different view on the outcome, interesting.

a) yes, but this is planning
b) yes, I suppose so but not just capacity, there could be several reasons, thats why we have PM.
c) yes, I mean problem management, the process. As Diarmid pointed out, these are management processes, not doing processes
d) yes, capacity is involved in change

My point was that it should be a planning process and not an operational activity. It will be involved in planning event management and other operational activities but not be managing those activities 24/7.

I agree with you too, partly you are saying the same as James, or he is repeating you as you were first;-) I would say that these processes are primarily planning processes but naturally they have to react if plans go wrong. In my opinion that does not make them operational processes as ITIL describes. Operational reaction is different from a quick update of plans. Or am I splitting hairs?


ITIL v3 Fanboy


You know what a big fan of v3 I am ;-)

I don't think ITIL says they will be managing it 24/7, but there are times when they have to intervene/ assist either because they have the specialist skill needed to carry out a non routine activity or, and this argument is stronger, they have the DIKW needed to make or contribute to an informed decision. What you don't want, I agree, is for them to be swamped by routine events.

I suppose there is an argument about the expected skill levels within operations on a par with the usual one about skill levels of the service desk.

I've never forgiven the operator who loaded the same tape twice when I was running London's crime statistics one month.


Whic processes need to be 24/7


With the fresh shared pain of studying for V3 Expert exam I think I know how you feel about it. You are again right, ITIL does not say capacity management must be running 24/7. That was my interpretation and me being a foreigner could have misunderstood the meaning. I suppose we better leave it at that, I may have got the wrong impression but I suppose neither of us are very keen to start studying the damned books.

But this discussion leads to an interesting question. Which ITIL processes and functions need to be working 24/7 if the SLA requires that services run 24/7?


Threshold and exception

Hi Aale,

I think there is a slightly difference in scenarios where the ITIL description fits in:

it says : "Responding to all capacity-related ‘threshold’ events and instigating corrective action"
So in the same scenario what you have described, let me add this perspective:
Capacity management has put in place thresholds for the disk space on the critical server - let us say 75% - on reaching that they need to (proactively) plan and implement upgrade to the server. Thus they can avoid an incident (and associated business impact) from occuring.
Now, they pass it on to event management to monitor. Once the event has occured, (i.e, the disk utilization reaches or crosses 75%), event management process will understand the significance and alert Capacity managment - so that they can plan and upgrade the disk space (or do some tuning/optimization, if feasible). So the actual response to this event is happening within Capacity management.
i think in this scenario, the flow of process will be: Event management --> Capacity management --> Change management.

The example that you mentioned is an 'exception' scenario, and hence it is moving to Incident management. The scenario I am adding above is a 'threshold' event scenario which (in my interpretation) is the intention of the above responsibility mentioned by ITIL.

Considering such scanrios (there are many), I dont think processes like capacity , availability, continuity and security can simply be restricted to planning perspective alone...


ITIL processes and functions categorized

The 2009 syllabus edition of ITIL V3 Foundation handook gives a list of V3 processes and Functions and what is best: it categorizes them in three classes, Key, Required and Pass.

The processes to be passed are these:
7-step Improvement process
Service Measurement
Service Portfolio Management
Service Reporting
Service Validation and testing
Service Strategy
Transition Planning and Support

Important processes and functions are these:
Change Management
Incident Management
Problem Management
Configuration Management
Service Desk

I would have added one or two to the Pass list but I think this is actually a great step forward and I fully agree with list of important processes.

The ITIL authors opinion on processes.

The only source I've seen where the 10 authors of the five core publications clearly has stated what they think are the processes is in the 5 Key Elemet Guides. The sum is 26 (SS 4, SD 7, ST 7, SO 5 and CSI 3). In addition the 4 functions.

CSI Process Elements?

Hmmm. Which are the three processes in CSI KEG then? There are five headings under section 4.6 CSI Process Elements.


Maybe we should apply a process (or a function) to work it out - maybe some CSI perhaps!

There are 35 'subject areas'

Can't resist this - the ITIL Qualification Scheme documents 35 subject areas, most of which can easily be confused with 'processes'. I urge you to contact an examination institute, APMG, or OGC/TSO support and lodge a question on how many processes if it is important to your professional career. This after all should be the process given the IQS is in fact a system sold to us punters on it providing feedback mechanisms....

I also highly recommend you take similar queries, concerns and items of confusion back to the source. The carbon footprint of the effort put in by joe public and volunteers to attempt to address misunderstandings and confusion regarding ITIL would shame the UN and Al Gore.

Why do professionals in the field assume its for us to solve - after all - its a commercial product offering.

Syndicate content