menu
menu
In this article
Only 2% of businesses have implemented firm-wide cyber resilience at a time when the average data breach exceeds $3 million USD. The Information Technology Infrastructure Library (ITIL) framework is an essential way to get secure.
The ITIL framework is a set of best-practice procedures and processes for IT and digital service management. It is a framework used by a huge range of organizations to ensure IT services are fully aligned with an organization's key goals. It's a vital tool in the modern digital workplace and provides a clear structure for achieving digital transformation. Its latest edition — version 4 — was launched in 2019, with requirements added in 2023, ensuring the framework provides solutions to the reality of today's IT service industry.
This article explores:
ITIL framework definition: A set of practices for delivering IT services that align with business needs.
The ITIL framework is a collection of best practices that offers structured guidance on managing the IT service lifecycle, including service strategy, design, transition, operation and continual improvement. Organizations can use the adaptable models and procedures to improve efficiency while delivering quality services.
The ITIL Framework helps an organization:
It is used to improve core IT service processes and is flexible to each organization’s unique requirements. A modular structure means implementation and improvements can be made in stages.
ITIL was created in the 1980s by the UK’s Central Computer and Telecommunications Agency (CCTA), a government agency providing IT support to other departments. It was originally created to standardize the processes for IT support and service management. It consisted of a group of IT service management processes outlined in a library of books. ITIL is now owned by a partnership between the UK Cabinet Office and Capita called AXELOS.
Over the years, the ITIL Framework has been streamlined and adapted to reflect a rapidly changing digital landscape. It has evolved alongside changes in technology and IT services and is currently in its fourth iteration. ITIL 4 provides organizations with the tools needed to deal with rapidly changing and varied digital technology.
Today, the ITIL Framework is one of the most popular IT service frameworks in the world. It's recognized internationally for setting the standard for IT service delivery. The ITIL framework is aligned with international quality system standards such as the ISO 20000 standards. Because of its widespread adoption, ITIL definitions and concepts act as a common language between IT service providers.
Organizations can use the ITIL framework to assess and improve their end-to-end delivery of digital services and products. It encourages a holistic approach to improving processes across the entire organization. These procedures can support digital change, introduce new ways of working and streamline current IT service processes.
The third version of the ITIL framework, ITIL 3, introduced a more lifecycle-based approach to IT service management, focusing on five key stages:
ITIL v3 emphasized aligning IT services with business goals and improving service delivery and customer satisfaction. Although it’s largely been succeeded by ITIL 4, many organizations still use ITIL 3 as a foundation for their ITSM practices.
ITIL 4, a version of the ITIL framework, was launched in 2019 and has built on the success of the previous version. ITIL 3 had streamlined IT service management processes and was aligned with international service management standard ISO 20000.
ITIL 4 has a renewed focus on customer experience and digital transformation. It engages with the reality of modern-day IT governance, such as cloud-based services or machine learning. Digital technology is rapidly changing, and ITIL 4 provides the tools and insight to react to and mitigate risk. The ITIL Framework helps organizations create an environment of efficiency and quality, delivering IT services at speed. It is a vehicle for change, as organizations can also use it to understand and implement new ways of working, like DevOps, Lean and Agile.
ITIL 4 ensures IT services are aligned with wider business aims through the principle of a Service Value System. The system highlighted in ITIL 4 is called the Service Value Chain. It gives organizations an operating model to deliver and improve an effective IT service. The Service Value Chain is a flexible model for planning the journey between customer demand and delivery of service. This system is key to good IT governance, as it develops a resilient organization that is responsive to change.
ITIL 4 consists of 34 different practices, focusing on refining technical management, service management, and general management. Organizations gain processes and functions for all areas of service delivery, including risk management, workforce development, and asset development.
ITIL 4 introduces four dimensions to be considered when delivering a service or product. This ensures that the full organization is taken into account, avoiding inefficient processes. It encourages organizations to map the four dimensions whenever they are designing a service or product, providing a framework for strategic-level planning. The four dimensions replace the Four Ps found in the previous version, ITIL 3 (Products, People, Partners, Processes).
The four dimensions of ITIL 4 are:
1. Organizations and people — This dimension focuses on the structure and governance of the organization and the people involved in every aspect of the service. This includes suppliers, customers, employees, managers and the board. Organizations should consider how teams are connected, the level of training, and the type of organizational culture.
2. Information and technology — This dimension denotes the tools, technology, and information needed to support both product delivery and IT governance and management. Considerations may include the capabilities and capacity of the support service and the technology required for the service.
3. Partners and suppliers — This element centers around the external suppliers and partners that help organizations deliver products and services. The comparison of in-house versus outsourced capabilities is a key part of this dimension. Organizations should consider and compare the cost of outsourcing, as well as reliability, performance, and capacity.
4. Value Streams and processes — This dimension is all about how services and products are delivered. ITIL 4 introduces the concept of a Service Value Chain, the operating model to deliver services or products. The Service Value Chain will be explored in more detail later in the article but can be used for an incident response as well as product development.
The main aspect of ITIL 4 is the introduction of the Service Value Chain, a model for service delivery. It focuses on the concept of a value stream and replaces the Service Lifecycle system found in ITIL 3.
A value stream is a journey between receiving a request (or demand) and delivering a product or service (or value). In this instance, the model is based on six flexible activities that can be rearranged to create value streams for specific purposes. It's very flexible, as the value stream doesn't need to be linear. The order of activities is able to dynamically shift to fit the requirement. An example could be creating an incident response process as part of a risk management strategy.
The Service Value Chain naturally brings different areas of the whole organization together, with IT services as the link. This concept is an integral part of ITIL 4, as each activity can draw on a procedure or practice outlined elsewhere in the framework. A holistic approach to high-level IT governance is promoted, allowing for informed strategic planning. The six activities found within the Service Value Chain are:
Today, organizations face a rapidly changing digital environment. A variety of IT systems and services are interwoven throughout the company’s structure and operations. The ITIL 4 Framework has evolved to meet these changes and can provide best-practice procedures for all IT services. Organizations also gain a framework to guide them through digital transformation and new ways of working to improve service efficiency.
The key benefits of ITIL 4 include:
As an internationally recognized framework for IT services, the concepts presented by ITIL 4 help to elevate an organization to international quality standards. ITIL 4 is shaping how organizations run their business across the world. The concepts and definitions within the ITIL Framework are a common language between international partners.
ITIL 4 has a modular structure, with baseline concepts outlined in the Foundation section. This allows organizations and individuals to get a well-rounded idea of the ITIL Framework before moving on to supplementary sections. This approach helps to create an environment of continuous, staged improvements within the organization. The stage-by-stage progression is reflected in ITIL 4 certification, with different levels providing support for each step of an IT service professional's career. ITIL certification will be explored in detail later in this article.
Learn how to run an IT compliance program that keeps up with complex threats and regulatory environments.
IT governance, risk management and the ITIL framework are interconnected. Adopting the ITIL framework provides the structured processes, clear accountability and continuous improvement practices that strengthen IT services compliance.
IT governance seeks to align IT investments and services with business goals, value creation and regulatory compliance. ITIL furthers these aims by:
The above governance benefits are hand-in-hand with risk management. Having ITIL in place enhances your IT risk management by:
In essence, ITIL best practices overlap with the practices that bolster governance, reduce IT-related risks and ensure that IT services consistently support business success.
The ITIL framework delivers measurable results across industries. But what does it look like in practice? ITIL can be particularly influential in industries like financial services, where system reliability, regulatory compliance and customer trust are essential.
Consider a regional financial services firm. The firm faces inconsistent IT processes, frequent service disruptions and poor communication between technical teams and business units. Imagine a system going down and the team scrambling to resolve the issue; without clear procedures, fixes are reactive, temporary and undocumented.
Now imagine the firm adopted ITIL best practices. The ITIL framework introduced standardized workflows for incident, change and problem management. It also pushed the firm to establish a single point of contact to streamline requests and improve response times. The IT team began holding post-incident reviews to uncover root causes and prevent repeat issues.
Broadly speaking, with ITIL:
The full introduction of the ITIL Framework takes time, especially if it means a root-and-branch change to the current way of working. It can take up to a year or more for a complex project to be fully implemented. Most organizations will introduce it in stages and may take some time to bring internal IT stakeholders on board through a proper engagement campaign. There are many steps ahead of implementation, from project alignment, the assignment of roles, an internal audit, and the designing of processes.
To begin with, organizations may use it to combat limitations or issues within current support processes. After issues are improved, organizations can move on to driving improvements to wider IT infrastructure or services. The aim should be to get key stakeholders and managers ITIL certified, allowing them to be the driving force behind the implementation of the framework. Because of the nature of ITIL 4, there will be an environment of continuous improvement which becomes the new normal.
ITIL is best suited for organizations that:
ITIL can stand alone, but it also works as a companion to other IT governance and risk management frameworks. It often serves as the operational layer that helps implement broader governance objectives.
The ITIL framework is globally recognized as a leading ITSM standard. Organizations across industries leverage ITIL to deliver consistent, high-quality IT services.
ITIL’s international reach makes it a trusted framework in both regional and multinational organizations. Companies in over 150 countries use its best practices, and it’s been translated into multiple languages, making it a go-to resources for global IT teams. Major sectors including financial services, healthcare, manufacturing, telecommunications and government agencies rely on ITIL to structure their IT operations.
ITIL’s alignment with global standards like ISO/IEC 20000 and its compatibility with other governance frameworks like COBIT and NIST further its role as a unifying tool for IT governance, risk management and service delivery on an international scale.
For multinational organizations, managing IT services consistently across regions can be challenging. Different countries may have unique processes, service expectations and communication protocols, which can lead to fragmented IT operations, service gaps and inefficiencies.
The ITIL framework helps unify services across borders by providing:
One of ITIL’s key strengths is its scalability. Whether an organization is a small startup or a global enterprise, ITIL provides a flexible framework that can scale up or down to meet its size, resources and complexity.
SMBs often need to improve their IT service management without the capacity for large, complex governance structures. ITIL can be right-sized for SMBs by focusing on key, high-impact processes.
SMBs can use ITIL by:
Large enterprises often face more complex IT environments, multiple service providers and geographically dispersed teams. These organizations benefit from ITIL’s comprehensive structure and its ability to unify services across regions and business units.
Enterprises can use ITIL for:
Artificial intelligence (AI) has quickly become a critical enabler in ITIL-centric environments. For governance, risk and compliance (GRC) professionals, AI offers powerful tools to strengthen process control, enforce compliance, manage risk proactively and optimize IT workflows at scale.
With the launch of ITIL 4 came a new certification scheme. ITIL certification is for individual IT professionals managing digital services within an organization. There are four certification options within ITIL 4, developing different levels of IT governance skills. From foundation to master's level, certification will boost an individual’s knowledge and skills throughout their career.
ITIL certification is for individuals, not organizations. However, a key part of each certification is practical and useful knowledge of the ITIL Framework. Individuals will gain insight into the proper implementation of the ITIL Framework into a business or organization.
There are also transition modules to transfer ITIL 3 certified professions onto the new ITIL 4 certifications. Here we explore the different options for ITIL certification.
The ITIL 4 Foundation certification was launched in early 2019 and is the building block for a key understanding of ITIL. As the name suggests, it acts as an introduction to the key concepts of the ITIL Framework. ITIL Foundation deals with the best-practice models for the delivery and improvement of IT services and digital products.
The training usually consists of two to three days of training by an accredited ITIL training provider, followed by the ITIL Foundation exam. This level of certification is integral for key stakeholders within an organization who are in charge of implementing the ITIL Framework. ITIL Foundation certification is the prerequisite for the later levels, as it leads on to the ITIL 4 Managing Professional and ITIL 4 Strategic Leader certifications.
This certification is for IT professionals seeking practical processes for managing digital teams, IT services, and product workflows. It is for IT professionals responsible for the delivery and operation of digital products and IT services within a range of industries. The ITIL Foundation certification is earned after completing all modules, which are taught by an ITIL accredited trainer. Individuals must have completed the ITIL Foundation certification before beginning ITIL Managing Professional certification.
ITIL Foundation consists of four modules:
1. Create, Deliver and Support — The ITIL 4 Specialist Create, Deliver, and Support module provides fundamental insight into the creation and delivery of IT services and digital products. Individuals will gain an understanding of methods and systems to ensure the continuous improvement of IT services.
2. Drive Stakeholder Value — The ITIL 4 Specialist Drive Stakeholder Value module gives IT professionals key insight into customer and partner engagement strategies. It provides a framework for relationship management with key organizational partners and customers, with a focus on achieving stakeholder satisfaction.
3. High Velocity IT — The ITIL 4 Specialist High-Velocity IT module gives digital managers the skills to develop and deliver digital services in a fast-paced environment. It deals with different working practices and technologies to ensure rapid product delivery. This is particularly important in an industry that often requires rapid deployment of solutions to IT service issues.
4. Direct Plan and Improve — The ITIL 4 Strategist Direct Plan and Improve is a core module for both the ITIL 4 Managing Professional certification and the ITIL 4 Strategic Leader certification. It develops core skills in delivering continuous improvement, with a focus on effective IT governance.
The ITIL 4 Strategic Leader certification focuses on high-level strategic planning and IT governance, using digital services as a driver to achieve business aims. It promotes the ITIL Framework as a key connection between IT operations and services with the organization’s overall business strategy.
Modules are taught by accredited ITIL training providers, much like the ITIL 4 Managing Professional certification. Individuals need at least three years of IT management experience to complete the modules and gain certification. The ITIL Foundation certification must be completed before starting the ITIL 4 Strategic Leader certification.
The ITIL 4 Strategic Leader certification consists of two modules:
1. Direct, Plan, and Improve — The ITIL 4 Strategist Direct, Plan, and Improve module focuses on developing an efficient and effective digital service. It provides a framework for strong IT governance and explores the merits and impact of different working methods. It is also a core module for the ITIL 4 Managing Professional certification.
2. Digital and IT Strategy — The ITIL 4 Leader Digital and IT Strategy module aligns IT governance and strategy with the broader digital business aims. It covers the risk management of disruptive technology and promotes a flexible and proactive approach to changes in the digital environment. It takes strategies and processes from the ITIL Framework and positions them at the strategic level for key stakeholders.
The ITIL 4 Master certification proves an individual has expert knowledge of the ITIL Framework and has applied this knowledge to their organization. Individuals must prove how their personal application of the ITIL framework has resulted in positive outcomes for their organization. It is the ITIL Framework’s top certification level. Individuals need to have been a leadership-level IT professional for at least five years, with extensive hands-on ITIL experience. The nature of the certification is unique to an individual’s personal experience. An accredited examination institute will guide an individual through preparation.
The benefits to an individual are huge, as ITIL certification is recognized worldwide. It develops and improves an individual’s IT governance capabilities, and in the case of the ITIL 4 Master, proves mastery of the ITIL Framework.
Certification suits different levels of experience, with a clear progression from the foundation level onwards. This means ITIL certification can be a guiding force throughout an individual's career in IT or digital service management.
Although certification is for individuals, the benefits for organizations are clear. The ITIL Framework itself can enhance IT services through international standards of procedure and ways of working. Certification will ensure that an individual within the organization is an expert in ITIL. This ensures that ITIL principles are implemented across the organization, leading to the improvement of digital service delivery.
Benefits of ITIL certification include:
At its core, the ITIL Framework will drive real change in the organization by improving inefficient processes, and organizations can save the operation time and money. ITIL 4 provides a toolset to mitigate risks and deliver value. The ITIL 4 is a framework for leaders to make positive strategic decisions, and plan and prepare for wider risks and changes. New ways of working and an atmosphere of continuous improvement will bring meaningful change to services.
ITIL 4 can deliver:
Diligent’s robust platform solutions, implementation expertise and process automation have supported organizations in combining and integrating multiple frameworks, including ITIL, NIST and ISO.
For example, Daikin Australia’s internal audit team managed compliance with local regulations, J-SOX (the Japanese equivalent of SOX) and multiple ISO standards. Aligning and operationalizing these independent frameworks was a constant challenge.
Using the Diligent platform, the team:
Diligent empowers IT and business leaders to modernize service management, streamline compliance and drive continual improvement across their technology landscape. Whether your goal is greater IT-business alignment, automated audit trails, resilient risk controls or progress towards ITIL or ISO/IEC 20000 standards, Diligent’s integrated solutions provide the workflows, data visibility and reporting you need to accelerate digital transformation at scale.
Request a demo today to see how Diligent’s IT governance platform can help you turn best practices into real-world results.
Topic: The essential guide to Governance, Risk and Compliance
Who is it for: Board members, General Counsel, GRC professionals
Resource type: Guide
Summary: Better manage your organization’s risks, ensure regulatory compliance and create value. Download the guide for practical actions and proven strategies to help you succeed in GRC.
Link: Governance, risk and compliance
—------------------------------------------------------
Topic: What is compliance monitoring?
Who is it for: Board members, General Counsel, GRC professionals
Resource type: Blog
Summary: Learn how to build your own compliance monitoring plan to ensure compliance with ITIL and other frameworks.
Link: Compliance monitoring
—------------------------------------------------------
Topic: Integrating AI with confidence
Who is it for: Board members, General Counsel, GRC professionals
Resource type: Guide
Summary: Regulations are evolving, risks are multiplying and pressure is rising. Learn how to choose and evaluate AI tools to boost impact and become your organization’s AI superhero.
Link: Artificial intelligence
—------------------------------------------------------
Topic: Implementing frameworks for risk management
Who is it for: Board members, General Counsel, GRC professionals
Resource type: Blog
Summary: Revisit a special podcast series where Tom Fox of the Compliance Podcast Network discusses accounting, risk management and compliance with Diligent Client Partner Nicholas Latham.
Link: Risk management and compliance frameworks
The Information Technology Infrastructure Library (ITIL) framework is a globally recognized set of best practices for managing IT services. It helps organizations deliver reliable, efficient and customer-focused IT services that align with business needs. ITIL is important for modern IT organizations because it promotes standardized processes, improves service delivery, supports continual improvement and enhances risk management. By using ITIL, businesses can reduce downtime, improve customer satisfaction and build IT operations that scale with organizational growth.
ITIL aligns IT operations with business goals by providing structured processes that prioritize service quality, value delivery and continuous improvement. It ensures that IT services are designed, delivered and managed to directly support business objectives, customer needs and regulatory requirements. Through practices like service strategy, service design and continual improvement, ITIL helps IT teams focus on delivering outcomes that drive business success, not just managing technology.
ITIL 4 introduces a modern, flexible framework built around the Service Value System (SVS) and the Four Dimensions Model. Key components include:
No, ITIL is scalable and works for organizations of all sizes. Small and medium-sized businesses (SMBs) can adopt ITIL selectively, focusing on high-impact processes like incident management or change control. Large enterprises may adopt ITIL across the full service lifecycle. Whether you’re a growing startup or a global company, ITIL can be tailored to your size, resources, and IT maturity.
Yes, ITIL can absolutely coexist with Agile, DevOps, and other modern IT delivery frameworks. ITIL 4 is designed to be flexible and works well alongside fast-paced, iterative models. ITIL provides governance, stability and service management discipline, while Agile and DevOps focus on rapid development and deployment. Together, they help organizations balance speed, risk and service reliability.
Organizations that adopt ITIL typically see:
ITIL also helps reduce costs over time by eliminating inefficient processes and minimizing unplanned outages.
Implementing ITIL in an existing organization involves:
Adoption can be incremental; many organizations start small with areas like incident management and grow from there.
Certification is not required to adopt ITIL, but training and certification can greatly improve implementation success. Having ITIL-certified professionals helps ensure your team understands the framework’s principles and can apply them consistently. Certifications like ITIL Foundation are especially useful for building a shared language and baseline knowledge across IT teams.
The first step is to evaluate your organization’s current IT service management maturity and identify areas where structured processes could create the most value. CIOs and directors should also build executive buy-in, engage key stakeholders and consider initial ITIL training for their teams. Starting with an ITIL maturity assessment or a focused improvement area (like incident management or change control) can help demonstrate quick wins and build momentum for broader adoption.
