The Open Guide is currently producing a glossary of terms used with respect to ITIL and ITSM. This is a brand new initiative, and of course an open project, meaning that you are invited to contribute. Please add your own terms and definitions to the list below.

IT Accounting is responsible for monitoring how the IT organization spends its money. It is involved in determining costs for each customer, service, activity, etc.

This method of accounting starts with collecting all the overhead costs in an organization then allocating the costs of the activities to the products and services that necessitated

these activities.

Determining the hardware or network capacity needed to support new or modified services and the predicted future workload.

Asset Management is an accounting process for monitoring assets whose purchase price exceeds a defined limit. Records include the purchase price, depreciation, business unit and location.

Component of a business process. Assets can include people, accommodations, computer systems, networks, paper records, fax machines, etc.

Formal examination of an organization's accounts or activities

Official permission or approval

Ability of a component or service to perform its required function at a stated instant or over a stated period of time. It is usually expressed as the availability ratio, i.e., the proportion of time that the service is actually available for use by the customers within the agreed service hours.

The process of ensuring the appropriate deployment of resources, methods and techniques, to support the availability of IT services agreed with the customer. Availability Management addresses issues such as optimizing maintenance, and the design measures to minimize the number of incidents.

This is an acronym for Business IT Alignment. It relates to how IT services can support business objectives and visions.

The process of predicting and controlling spending within the organization. The process consists of a periodic negotiation cycle to set budgets, and the day to day monitoring of spending.

This proactive process is involved with understanding the current and future needs of the business.

Determination of the impact on the business in the event of a loss or disruption of service.

A group of business activities undertaken by an organization in

pursuit of a common goal. Typical business processes include receiving orders, marketing services, selling products, delivering services, distributing products, invoicing for services, accounting for money received. A business process usually depends upon several business functions for support, e.g., IT, personnel, and accommodation. A business process rarely operates in isolation, i.e., other business processes will depend on it and it will depend on other processes.

There are two call categories: 1- Error reports; regarding true faults and complaints about the service 2- Service requests; questions, requests for information, status, documentation, advice, passwords, batch job runs, file restores, requests for consumables.

A set of databases containing the appropriate capacity information for: networks, systems, etc.

Capacity Management is the process of optimizing the cost, timing of acquisition, and deployment of IT resources to support agreements made with the customer. Capacity Management addresses resource management, performance management, demand management, modeling, capacity planning, load management and application sizing. Capacity Management emphasizes planning and alignment to demand, to ensure that the agreed Service Levels can also be fulfilled in the future.

The act of developing a Capacity Plan, based on the Capacity

Management Database, analyzing the current situation and predicting the future use of the IT infrastructure and the resources needed to meet the expected demand for IT services based on various scenarios.

Classification of a group of Configuration Items, change documents or problems.

The CCTA was the 'Central Communications and Telecommunications Agency'. This was a UK government agency, which originally developed ITIL, and later became the OGC.

This model supports effective contingency planning by taking a phased approach. Assets, Threats and Vulnerabilities are identified, and then countermeasures in the form of prevention and/or recovery are developed for each risk.

A single point of contact for all users, in some cases a separate

Service Desk may be located close to the users for specific business applications.

Stands for Component Failure Impact Analysis This method uses an availability matrix with the strategic components and their roles in each service with relationships between services and production resources being clearly.

The addition, modification or removal of approved, supported

or baselined hardware, network, software, application, environment, system, desktop build or associated documentation.

A group of professionals within an organization who can give expert advice to Change Management on the implementation of changes. This Board should be made up of representatives from all areas or departments within IT and representatives from business units within an organization.

Process of controlling changes to the infrastructure or any

aspect of services, in a controlled manner, enabling approved changes with minimum disruption.

The process of establishing charges as they relate to business units, and raising the relevant invoices for payment by customers.

CI level describes the level of detail (attributes) that will be recorded in the CMDB. The highest level is the overall IT infrastructure itself; the lowest level is the most detailed level at which control must be exercised.

Process of formally grouping Configuration Items by type, e.g., software, hardware, documentation, environment, application. Process of formally identifying changes by type e.g., project change request, infrastructure change request. Process of formally identifying incidents, problems and known errors by origin, symptoms and cause.

Stands for Configuration Management Database. It contains all information about the users, assets, incidents, problems, etc.

This method uses an availability matrix with the strategic components and their roles in each service with relationships between services and production resources being clearly

identified.

As it relates to Security Management - protecting information against unauthorized access and use.

Configuration of a product or system established at a specific point in time. The CB captures both the structure and details of the product or system, and enables that product or system to be rebuilt at a later date. Although the position may be updatedlater, the baseline remains unchanged and available as a reference of the original state and as a comparison against the current position (PRINCE2 project management methodology).

Any infrastructure component that is under the control of Configuration management.

The process of identifying and defining the Configuration Items in a system. CM is also responsible for recording and reporting the status of Configuration Items and Requests For Change, as well as verifying the completeness and correctness of Configuration Items.

A database which contains all relevant details of each CI and details of the relationships between CIs.

There are several forms of Cost Plus, all of which are based on charging the costs incurred plus a profit margin.

The customer (is the person who is authorized to conclude an agreement with the IT organization about the provision of IT services and is responsible for ensuring that the IT Services are paid for.

The Definitive Hardware store contains spares and stocks of hardware. These spares are components and assemblies that are maintained at the same level as their counterparts in the live environment.

The definitive Software Library is where the authorized versions of all software CIs are stored and protected.

Demand management is involved in controlling and influencing user demand.

An event that affects a service or system such that significant

effort is required to restore the original performance level.

Total period that a service or component is not operational, within agreed service times.

Elapsed time is the interval between a trigger and a second event.

Normally implemented as a temporary fix for a problem or known error which could bypass the normal release process.

Error control consists of monitoring and managing known errors until they are successfully resolved. Error control raises a Request For Change to Change Management and evaluates the changes in a Post Implementation Review (PIR).

If an incident can not be resolved by first-line support within the agreed time, then more expertise or authority will become involved as a result of escalation.

This type of Service Desk has specialist knowledge of the full

IT infrastructure and the expertise to resolve most incidents immediately.

From a Security Management perspective, exploitation is taking advantage of security vulnerability.

Failure is typically used to describe a disruption in service. Not all faults result in a service failure as there may be redundancy built into the infrastructure.

A fault is reported when a CI is no longer performing as intended.

A technique used to identify the chain of events leading to the failure of an IT service. A separate fault tree is drawn for every service, using Boolean symbols.

Financial Management for IT Services addresses the prudent

provision of IT services.

Service Desk call logging and resolution (for agreed areas of support).

Contains details of all the approved changes and their proposed implementation dates. Once approved, the Service Desk communicates to the user community any planned additional downtime arising from implementing the changes.

Stands for Fault Tree Analysis, A technique used to identify the chain of events leading to the failure of an IT service. A separate fault tree is drawn for every service, using Boolean symbols.

All components of the Release unit are built, tested, distributed and implemented together.

Functional Escalation (horizontal) means involving personnel with more specific skills, time or access privileges to resolve the issue.

The rate for services is comparable with similar internal organizations.

Previously called ‘cold stand-by,’ this is applicable to organizations that do not need immediate restoration of business processes and can function for a period of time (possibly up to 72 hours or longer) without re-establishment of full IT facilities. This typically includes a stand-by facility where an organization can quickly install its own computer equipment in a disaster situation.

The primary purpose is to manage, coordinate and resolve incidents as quickly as possible and to ensure that no request is lost, forgotten, or ignored.

Hierarchical escalation engages a higher level of organizational authority when it appears that the current level of authority is insufficient to ensure the incident will be resolved in time and/or satisfactorily.

Impact describes the measure of the business criticality of an incident. Impact is often based on the extent to which an incident leads to distortion of agreed or expected Service

Levels.

Hot start, or hot stand-by. This option provides an immediate or very rapid recovery of services (e.g. less than 24 hours).

Any event which is not part of the standard operation of a service and which causes, or may cause, an interruption to, or a reduction in the quality of that service.

The Incident Management process aims to resolve the incident and quickly restore the provision of services.

As it relates to Security Management – integrity refers to the accuracy, completeness, and timeliness of the information.

Previously called ‘warm stand-by,’ this typically involves the re-establishment of critical systems and services within a 24 to 72 hour period. This approach is used by organizations that need to recover IT facilities within a predetermined time to prevent impacts to the business process.

As it relates to users - an interruption is the loss of a service during a time when the service is expected to be available.

The internationally accepted set of standards concerning quality management systems. It is structured in 8 chapters, as follows; chapters 1 to 3: General description, chapter 4: Management system, chapter 5: Managers responsabilities, chapter 6: resources management, chapter 7: Making up of product, chapter 8: Measurement, analysis and improvement

The sum of an organization’s IT related hardware, software, data, telecommunication, facilities, procedures and documentation.

A described set of facilities, IT and non-IT, supported by the IT

Service Provider that fulfils one or more needs of the customer and that is perceived by the customer as a coherent whole.

This process addresses the preparation and planning for disaster recovery measures for IT services in the event of a business interruption. This is the process of planning and coordinating the technical, financial and management resources needed to ensure continuity of service after a disaster (as agreed with the client).

The objectives of IT Service Management are to align IT services to the current and future needs of the business and its clients, to improve the quality of the IT services delivered, and to reduce the long-term cost of service provision.

Key performance indicators or KPIs are parameters for measuring progress relative to key objectives or Critical Success Factors (CSF) in an organization.

A Problem becomes a Known Error when the root cause is known and a temporary workaround or permanent alternative has been identified.

Local (distributed Service Desks) are located across a number of sites. This approach is often more difficult to manage.

The activities needed to keep the service in operation and to restore it when it fails. Maintainability considers preventative maintenance and scheduled inspections.

Prices that match those charged by external suppliers.

The act, manner, or practice of managing; handling, supervision, and/or control

Mean time between the recovery from one incident and the occurrence of the next incident, also know as uptime. This metric relates to the reliability of the service.

Average time between the occurrence of a fault and the service recovery, also known as the downtime. It is the sum of the detection time, and the resolution time. This metric relates to the recoverability and serviceability of the service.

Mean time between the occurrences of two consecutive incidents. The MTBSI is the sum of the MTTR and the MTBF.

Using analytical, simulation or trending models to determine the capacity requirements of services then determining the best capacity solutions.

The act of observing, supervising, reporting or controlling the activities of another entity.

When the customer re quests a new service, a negotiation determines whether the customer will bear all the investment costs, or only a portion.

An internal agreement covering the delivery of services which support the IT organization in their delivery of services.

A Package Release is a bundle of Full and/or Delta Releases of

related applications and infrastructure that are released at longer time intervals. The Package Release results in longer periods of stability for users.

Measuring, monitoring, and tuning the performance of IT infrastructure components for optimum performance.

Post implementation review is the process of evaluating the success of the implemented change: What was done well? What was done badly? How can we do it better next time? How can we prevent recurrence of the failure?

PRINCE stands for 'Projects in Controlled Environments', a project management method, like ITIL, created by the CCTA and owned by the OGC. PRINCE2 is an updated and generalized version.

Priority is the sequence in which an incident or problem needs to be resolved, based on impact and urgency.

Proactive Problem Management is concerned with the quality of the services and infrastructure. This involves trend analysis and identification of potential incidents before they occur.

A Problem is the unknown underlying cause of one or more Incidents. It becomes a Known Error when the root cause is known and a temporary workaround or permanent alternative has been identified.

Problem control focuses on transforming Problems into Known Errors.

The objective of Problem Management is to resolve the underlying root cause of incidents and consequently prevent incidents from recurring.

A procedure is a description of logically related activities, and who performs these activities.

A process is a logically related series of activities conducted toward a defined objective.

The quality of a service refers to the extent to which the service fulfills the requirements and expectations of the customer.

Quality Assurance is the complete set of measures and procedures used by the organization to ensure that the services provided continue to fulfill the expectations of the customer as described in the relevant agreements.

Quality Control involves measures and procedures to ensure that services are predictable and reliable.

This option can be used as an IT Service Continuity Management option when two organizations have similar hardware and agree to provide each other with facilities in the event of a disaster.

Service has been restored to the user. Note that Recovery includes activities such as configuration and initialization

A logical or natural association between two or more things.

The objective of Release Management is to ensure that only tested and correct versions of authorized software and hardware are released, distributed, and installed.

Release Policies cover release levels, types, units, identification, frequency and phasing.

Release Unit describes the portion of the IT infrastructure that is normally released together.

An attribute of any system that consistently produces the same results, while meeting or exceeding its specifications.

This formal part of the Change Management process is used to record details of a request for a change to any Configuration Item (CI) within an infrastructure, or to services, procedures and items associated with the infrastructure.

This process is used to determine and understand the use of the IT infrastructure and components. Examples of RCM are: network bandwidth, processing capacity, and disk capacity. RCM will actively monitor trends as a part of this process.

The time required from detection of an incident until the service is restored to the user.

A measure of the exposure to which an organization may be subjected. This is a combination of the likelihood of a business disruption occurring and the possible loss that may result from the business disruption.

As it relates to Release Management – the deployment of a new release. The Rollout plan includes the detailed schedule, list of tasks, required human resources, CI’s affected,purchasing plans, and management communication.

Support that is provided once the incident has been referred to a technical support department for further diagnosis and action (software developers, architects, etc.)

Security works to ensure services are not vulnerable to known risks and is involved in avoiding unknown risks where possible. Security is also involved in the management of confidentiality, integrity and access of the IT systems.

Security Awareness is a Security management activity which involves the active communication, education and assessment of security matters across the organization.

The notification or detection of a security violation or intrusion.

Security Level is set by the customer and is part of the Service Level Agreement.

Security Management is essential to maintaining the uninterrupted operation of the IT organization. The objectives of Security Management are to meet the security requirements of service level agreements, contracts, legislation and externally imposed policies.

The security section of the SLA should address issues such as the General Information Security policy, a list of authorized personnel, asset protection procedures, restrictions on copying data, etc.

A set of related functions provided by IT that are seen by the customer as a self-contained entity. A service is a business enabling function provided by one or more IT systems. Email is an example of a service.

Serviceability relates to the contractual obligations of external service providers. Contracts should define the support to be provided for outsourced services.

Assess and understand customer use of IT services by analyzing peak loads to ensure that service agreements can be delivered.

Written statement of IT services, default levels and options.

A Service Desk is the central point of contact between the User and the Information Technologvy Service management. They handle Incidents and Requests, and provide an interface for other activities such as Change, Problem, Configuration, Release, Service Level, and IT Service Continuity Management

A formal project undertaken within an organization to identify

and introduce measurable improvements within a specified work area or process.

The expression of an aspect of a service in definitive and quantifiable terms.

Written agreement between a Service Provider and the customer(s) that documents agreed Service Levels for a service.

The process of defining, agreeing, documenting and managing the levels of service that are required and cost justified.

Service Level Requirements serve as the blueprint for designing a service and its associated SLAs. They include the detailed customer needs, and are used to develop, modify and initiate services.

A service request is a request from a user for support, delivery, information, advice or documentation, which is not related to a failure in the IT infrastructure.

Service Operation A stage in the Lifecycle of an IT Service. Service Operation includes a number of Processes and Functions and is the title of one of the Core ITIL publications.

A stage in the Lifecycle of an IT Service. Service Transition includes a number of Processes and Functions and is the title of one of the Core ITIL publications.

Skilled Service Desk has greater skills and experience than a Service Desk. It typically uses documented solutions to resolve many incidents, while more complex incidents are routed to the support teams.

A Configuration Item excluding hardware and services.

The overall approach or game plan that will be followed.

A technique that can be used to identify the cause(s) of a fault. It is used to investigate the effectiveness of the IT organization and its processes, and to present proposals for improvement.

The specific actions taken to accomplish and acheive a strategy.

Services whose price was determined in advance.

Specialists with elevated skills such as developers, architects, or contracted third-party support engineers.

An indication of an unwanted incident that could impinge on the system in some way. Threats may be deliberate (e.g., willful damage) or accidental (e.g., operator error).

Tuning optimizes systems for actual or expected workload based on the analysis of monitoring data.

A contract with an external supplier covering delivery of services that support the IT organization in their delivery of services.

Calls are documented in general terms, with the majority being routed for resolution.

Measure of the business criticality of an incident or problem based on the business needs of the customer.

Urgent changes are very important and must be carried out as soon as possible. Urgent Changes have their own process for authorization and for the level of testing required before the change is made.

The user is the person with “hands on the keyboard.” They use the IT services for their routine activities.

An identified instance of a Configuration Item within a product breakdown structure or Configuration Structure for the purpose of tracking and auditing change history. Version is also used to identify Software Configuration Items as they are released.

Virtual Service Desk is used where the location is immaterial due to the use of communications technology.

A version number, version date, or version date/time stamp.

A weakness of the system and its assets, which could be exploited by security threats.

Method of avoiding an incident or problem, either from a temporary fix or through access to an alternative service.

Work instructions define how one or more activities in a procedure should be carried out.

In the context of Capacity Management Modeling, this is a set of forecasts which detail the estimated resource usage over an agreed planning horizon. Workloads generally represent discrete business applications and can be further sub-divided into types of work (interactive, time sharing, batch).

Note: Page temporarily locked due to vandalism. Please contact us to edit.