5.1 General Management Practices

Key Takeaways

  • Continual improvement's purpose is to align an organization's practices and services with changing needs through ongoing improvement of any element involved in managing products and services.
  • The continual improvement register (CIR) is a structured database or document used to capture, assess, and track improvement ideas from identification through to action; an organization can hold several CIRs.
  • Information security management protects the confidentiality, integrity, and availability (the CIA triad) of the information the organization needs to do business.
  • Relationship management establishes and nurtures links between the organization and its stakeholders at strategic and tactical levels.
  • Supplier management ensures suppliers and their performance are managed to support the seamless provision of quality products and services.
Last updated: July 2026

General Management Practices

ITIL groups its management practices into two families for the Version 5 Foundation exam: general management practices, adopted from general business management and applied to service management, and service management practices, developed specifically for the service world. A practice is a set of organizational resources designed for performing work or accomplishing an objective. For most general practices you only need to recall the purpose — a short statement of why the practice exists.

Continual improvement is the exception: it is a detail practice you must understand thoroughly, so it is covered here in most depth.

Continual Improvement (detail practice)

The purpose of continual improvement is to align the organization's practices and services with changing business needs through the ongoing improvement of products, services, practices, or any element involved in the management of products and services. It is not a one-off project; it is woven into every part of the ITIL Value System and every value chain activity, and it maps directly to the guiding principle progress iteratively with feedback. A key exam idea: continual improvement is everyone's responsibility — it is not owned solely by an improvement team, even though a small team may coordinate and promote it.

ITIL provides the continual improvement model, a seven-step logical flow that keeps improvement focused on value:

StepQuestion it answers
1What is the vision?
2Where are we now?
3Where do we want to be?
4How do we get there?
5Take action
6Did we get there?
7How do we keep the momentum going?

Step 2 (Where are we now?) is an honest baseline assessment and echoes the guiding principle start where you are. Skipping the baseline is a classic trap — you cannot measure improvement without one. Step 6 (Did we get there?) verifies results against the metrics defined earlier, and step 7 embeds the change so gains are not lost.

The Continual Improvement Register (CIR)

To manage improvement ideas without losing them, ITIL uses a continual improvement register (CIR) — a database or structured document used to capture, document, and track ideas for improvement from identification through to action. Because ideas arrive from many sources (users, staff, incidents, feedback, audits, AI-generated insight), the CIR keeps them prioritized and prevents good ideas from being forgotten.

Two exam-relevant facts: an organization may maintain more than one CIR (for example, per team or per service), and items in the register are prioritized, not all actioned at once — this reflects keep it simple and practical and focus on value.

Continual improvement in practice

Continual improvement draws on established approaches such as Lean, Agile, and DevOps, and it relies on measurement and metrics so improvements can be verified rather than assumed. Worked example: a support team notices rising complaint volumes. They set a vision (faster, kinder resolutions), baseline the current mean resolution time (step 2), agree a target, log candidate improvements in the CIR, action the top-priority item, then measure again at step 6 to confirm the gain and keep the momentum. This disciplined loop, tied to real data, is what separates genuine continual improvement from ad hoc firefighting.

Information Security Management

The purpose of information security management is to protect the information the organization needs to conduct its business. This covers the CIA triad — confidentiality (only authorized access), integrity (information is accurate and complete), and availability (information is accessible when needed) — plus supporting concepts such as authentication and non-repudiation. Good security balances prevention, detection, and correction, and it must balance protection against the need for the business to move quickly. Over-protecting information can be as damaging as under-protecting it, because it blocks value.

Relationship Management

The purpose of relationship management is to establish and nurture the links between the organization and its stakeholders at strategic and tactical levels. It identifies, analyses, monitors, and continually improves relationships with and between stakeholders. This is broader than customer contact: stakeholders include internal teams, partners, and communities. Strong relationships surface needs early, reduce conflict, and improve collaboration — supporting collaborate and promote visibility.

Supplier Management

The purpose of supplier management is to ensure that the organization's suppliers and their performance are managed appropriately to support the seamless provision of quality products and services. Activities include creating collaborative relationships with key suppliers, negotiating and managing contracts, evaluating and selecting suppliers, and managing supplier performance. ITIL recognizes several sourcing strategies: insourcing, outsourcing, single-source, and multi-sourcing.

A common exam trap is confusing supplier management (managing external providers) with relationship management (all stakeholders) — supplier management is specifically about the partners and suppliers dimension.

Quick reference: purposes

  • Continual improvement — align practices and services with changing needs through ongoing improvement.
  • Information security management — protect the information the organization needs to do business.
  • Relationship management — establish and nurture stakeholder links at strategic and tactical levels.
  • Supplier management — manage suppliers and their performance for seamless quality service.

On the Version 5 exam, expect scenario questions that ask you to pick the purpose or name the right practice. Read for the trigger: 'ongoing alignment with changing needs' points to continual improvement, 'protecting information' to information security management, 'nurturing stakeholder links' to relationship management, and 'managing external providers and contracts' to supplier management.

Test Your Knowledge

Which statement best describes the purpose of continual improvement?

A
B
C
D
Test Your Knowledge

A service manager wants a single place to capture, prioritize, and track improvement ideas raised by users, staff, and incident reviews. What should they use?

A
B
C
D
Test Your Knowledge

Which practice has the purpose of establishing and nurturing the links between the organization and its stakeholders at strategic and tactical levels?

A
B
C
D