7.4 Other Key Practices: Purpose and Key Terms
Key Takeaways
- Information security management protects the confidentiality, integrity, and availability (CIA) of the organization's information
- Service configuration management ensures accurate, reliable information about the configuration of services is available; a configuration item (CI) is any component that needs to be managed to deliver a service, and the CMDB stores configuration records
- Monitoring and event management observes services and records and manages events; events are classified as informational, warning, and exception
- Release management makes new and changed services and features available for use; deployment management moves new or changed components to live environments
- Relationship management, supplier management, and IT asset management each have a distinct one-line purpose that candidates must recall at the Foundation level
Purpose statements you must recall (BL1)
At the Foundation level you must be able to recall the purpose of these practices — a single, clear statement each. They are tested at the lowest level (recall), so memorize the one-liners; you do not need to manage these practices.
| Practice | Purpose (recall this) |
|---|---|
| Information security management | To protect the information needed by the organization to conduct its business — including confidentiality, integrity, and availability (CIA) of information |
| Relationship management | To establish and nurture the links between the organization and its stakeholders at strategic and tactical levels |
| Supplier management | To ensure that the organization's suppliers and their performance are managed appropriately to support the seamless provision of quality products and services |
| IT asset management | To plan and manage the full lifecycle of all IT assets, maximizing value, controlling costs, managing risks, and supporting decision-making |
| Monitoring and event management | To systematically observe services and service components, and record and report selected changes of state identified as events |
| Release management | To make new and changed services and features available for use |
| Deployment management | To move new or changed hardware, software, documentation, processes, or any other component to live environments |
| Service configuration management | To ensure that accurate and reliable information about the configuration of services, and the configuration items (CIs) that support them, is available when and where needed |
Monitoring and event management: events and event types
Watch the wording: monitoring observes services and components to detect changes of state, while event management decides what those changes mean and what response, if any, is required. The key term tested is the event.
An event is "any change of state that has significance for the management of a service or other configuration item." Events are identified through notifications created by a service, CI, or monitoring tool.
ITIL 4 classifies events into three types — a very common exam question:
- Informational events: do not require action at the time they are identified. They record that something happened (e.g., a user logged in, a batch job completed). Analyzing them later may reveal useful trends.
- Warning events: allow action to be taken before any negative impact is actually experienced by the business (e.g., disk usage reaching 80% of capacity). They give early warning so a problem can be prevented.
- Exception events: indicate that a breach to an established norm has been identified (e.g., a performance threshold or an SLA target has been exceeded). They require action because something has gone wrong or is about to.
A handy memory aid: informational = note it, warning = watch it, exception = act on it.
Be ready for a scenario question that gives you an example and asks for the type. "A scheduled backup completed successfully" is informational. "Storage has reached 80% of capacity" is a warning, because action can be taken before users are affected. "A server has gone down" or "an SLA target has been breached" is an exception, because a norm has been broken and a response is needed. The value of the practice is enabling early detection so that incidents are prevented or resolved faster, supporting incident, problem, and capacity-related work.
Service configuration management: CI and CMDB
Two defined terms come from the service configuration management practice and are routinely tested.
- Configuration item (CI): "any component that needs to be managed in order to deliver an IT service." CIs include hardware, software, networks, buildings, people, suppliers, and documentation — anything that must be controlled to deliver the service. Information about each CI is held in a configuration record.
- Configuration management database (CMDB): "a database used to store configuration records throughout their lifecycle." The CMDB also records the relationships between CIs, giving a single, reliable picture of how components fit together. One or more CMDBs may form part of a broader configuration management system (CMS).
The practice's value is providing accurate configuration information so other practices — change enablement, incident, problem, and deployment management — can make good decisions and assess impact quickly.
How release and deployment differ
A frequent trap is confusing release and deployment. In ITIL 4 they are separate practices:
| Practice | What it does |
|---|---|
| Release management | Makes new and changed services and features available for use (the business decision to turn it on for users) |
| Deployment management | Moves new or changed components into live (or other target) environments (the technical act of placing them) |
Deployment is the technical movement of components; release is the act of making functionality available to users. A component can be deployed without being released (e.g., feature-flagged off), and a release may bundle several deployments — which is why ITIL 4 keeps them distinct.
A quick way to keep the purposes straight
For recall, anchor each practice to a single verb. Information security management = protect (CIA). Relationship management = connect (stakeholders). Supplier management = manage suppliers. IT asset management = track the lifecycle and value of assets. Monitoring and event management = observe and respond to events. Service configuration management = know the configuration (via CIs and the CMDB). Release management = make available. Deployment management = move to live.
Foundation questions usually give you one purpose statement and ask which practice it belongs to, or give the practice and ask its purpose — so the one-line mapping above is exactly what is tested. Resist mixing up the two information-record stores: the CMDB holds configuration records, whereas an IT asset register (under IT asset management) tracks assets for financial and lifecycle value. "
Which event type indicates that a breach to an established norm, such as an exceeded SLA threshold, has been identified and requires action?
In ITIL 4, which term is defined as 'any component that needs to be managed in order to deliver an IT service'?
What is the purpose of the deployment management practice?
Which practice has the purpose of protecting the information needed by the organization to conduct its business, including confidentiality, integrity, and availability?
You've completed this section
Continue exploring other exams