In 2007, The Information Technology Infrastructure Library (ITIL®) Certification Management
Board (ICMB) released the latest version of the framework to best-practice users everywhere.
Placing a stronger focus on the IT service lifecycle, ITIL V3 aligns the library closer to
business goals and formalizes the unwritten laws of continuous improvement. But in these
early stages of adoption, organizations are debating if – and to what extent — they should
embrace the new processes.
ITIL Version 3 (V3) takes a more service-centric approach to it, and, it emphasizes that
organizations can achieve significant business benefits by slightly shifting the way they
handle incident and problem management. Fortunately, the CA Service Desk already
has the capability to support the processes addressed in this latest version — easing user
adoption of the new best practices.
Regardless of whether you decide to remain with ITIL V2 — or begin to implement
the principles of V3 — the CA Service Desk and the CA CMDB can help you:
• Improve efficiencies in the support of IT services required by the business
• Enhance incident and problem management best practices
• Correlate and absorb infrastructure events and relate them to incidents and problems
• Move toward a process-centric framework augmented by a service-centric infrastructure
• Facilitate the changes and enhancements of the processes in the new volumes
TECHNOLOGY BRIEF: ITIL V3 INCIDENT AND PROBLEM MANAGEMENT 1
SECTION 1: CHALLENGE
IT Embraces a New Set of Principles
In 2007, the latest version of the ITIL was presented to the technology industry. But this
framework did not develop overnight. Rather, the full release of ITIL V3 was the result of a
long period of development, field testing, reviewing—and lobbying.
Why the lobbying? Major users had to “buy in” to the changes to ensure the new release not
only made sense but also demonstrated value. The ICMB, which is composed of the United
Kingdom's Office of Government Commerce (OGC), the IT Service Management Forum
(itSMF) International and two examinations institutes, was forced to answer the question:
“Is there so much that has changed that a major rewrite was necessary?”
The answer was “yes,” especially when it came to the structure of the books and the way
people view best practices from process- and service-centric views.
An Acute Focus on IT Service
The most dramatic difference in V3 is that ITIL takes a more holistic view of the IT service
life cycle. As a result, the library is more closely aligned with the business and formalizes the
unwritten laws of continuous improvement. This approach is a big step forward, because
processes have been allocated to the stages of the service life cycle where they make the
most sense, such as for planning or support purposes.1
Another major change within ITIL V3 is the restructuring of the volumes, including the
obsolescence of the Service Support and Service Delivery books. These volumes supported the
service life cycle approach, but were dependent upon the implementation process itself and
the knowledge of the people supporting it.
With a more fine-tuned focus on service, the V3 books include the following volumes:
• Service Strategy
• Service Design
• Service Transition
• Service Operation
• Continual Service Improvement
This technology brief concentrates on the Service Operation volume and provides insight into
the changes to the incident and problem management processes.
2 TECHNOLOGY BRIEF: ITIL V3 INCIDENT AND PROBLEM MANAGEMENT
SECTION 2: OPPORTUNITY
Aligning IT Service Desk Processes with Business Goals
The service desk function manages the incident management process and is the single point
of contact for IT users on a daily basis. Handling all incidents and service requests, it uses
technology to log and manage inputs to the process. So while historically the service desk
function restored service quickly to users by fixing technical faults, it now has the equal
responsibility of fulfilling a service request, answering a query or initializing the process to
gain access rights to a service. Basically, this means facilitating anything that is required by
a user to return to work and be productive.
As such, the service desk function leverages support technology to:
• Log relevant incident/service request details and assign the right categorization scheme
and prioritization assignment
• Provide first line support of investigation, diagnosis and resolution (if possible)
• Adhere to agreed upon timeframes for escalations
• Improve customer contact by keeping users updated on the progress of resolution
• Close resolved incidents or completed requests
• Facilitate customer satisfaction
• Update the Configuration Management System (CMS) within the configuration
• Capture events from the infrastructure
Ultimately, real business value is achieved through these service operations. Therefore, by
controlling disruptions, services are more available when needed.
More Granularity and Better Business Support
Within ITIL V2, everything related to a service disruption was considered an incident and
needed to be reported through the service desk. When following its practices, it was difficult
for the service desk to judge if a user-initiated call was an actual incident or a just a simple
request or isolated question. Plus, it also was a challenge for the IT department to deal with
all of the “events” that were occurring in the infrastructure at the same time. Often, this was
because there was a lack of formalized common service definitions to determine the impact
and priority of service restoration.
That’s why, after a decade of myriad initiatives, ITIL V3 incorporates changes to the incident
management process. The Service Operations volume of the new library outlines the goal of
this process as coordinating and completing the activities and processes required for managing
and delivering the services that were designed and transitioned. And from a customer
perspective, service operations are viewed as where the value is. Therefore, a distinction is
made between events, requests, incidents and problems to more efficiently deliver that value
TECHNOLOGY BRIEF: ITIL V3 INCIDENT AND PROBLEM MANAGEMENT 3
An event can be defined as any detectable or discernible occurrence that has significance
for the management of the IT Infrastructure or the delivery of IT service and evaluation of the
impact a deviation might cause to the services. Events are typically notifications created by an
IT service, Configuration Item (CI) or monitoring tool.2
Based on this description, V3 formally defines the management of such activities as the ability
to detect events and to define and determine the appropriate control action. This control action
might be coming from incident, problem or change management, or may be defined by the
event management process itself and based upon the significance of the change and its impact
In ITIL terms, events may be the result of a number of factors and include a variety of sources,
• CI variances
• The infrastructure
• Software license and software license management violations
• Security alerts and violations
• Normal capacity or availability-related events with CIs tied to services
Most of these can be generated automatically by monitoring tools, which are made available
to the service desk for initial follow-up and decision making.
Prior to ITIL V3, any disruption to service was considered an incident and was dealt with in the
same fashion and within the same service levels. This included actions such as password resets
and standard service requests and often led to incorrect metrics, reporting and analysis—not to
mention an overall decrease in productivity. Thus, IT organizations were experiencing major
losses of time and momentum—and very slow fulfillment at the end of the service chain—as
higher priority incidents took precedence.
To help resolve this, V3 clearly delineates between service requests and incidents and how
the service desk should address them. In fact, request fulfillment is the embodiment of a
service request in this version.
The objectives of request fulfillment are to:
• Provide a mechanism for end users and service organizations to handle pre-approved and
minor impact requests that are clogging up the queue
• Present a way to communicate available services to end users
• Record and report on comments and complaints that are not normally treated as incidents
• Allow for focus on the service desk for real incidents to ensure business functions are not
4 TECHNOLOGY BRIEF: ITIL V3 INCIDENT AND PROBLEM MANAGEMENT
As such, requests for new services might come from a service catalog, where they can be
tracked in the service desk to ensure the correct approvals are obtained, and to facilitate
logging the request against the appropriate user and department for monitoring and
The introduction of request fulfillment offers a quantifiable business benefit to the organization.
Circumventing the standard incident cycle, users can select from a pre-approved and pre-
qualified list of offerings that can be rolled out almost instantly. An IT group might consider
creating a sub-department to handle these requests directly—removing them from the sight
of the service desk staff—so they can concentrate on higher priority incidents and events.
Access management is related to request fulfillment in ITIL V3. It’s important to call out access
management within the scope of request, because most often the service desk function is the
point of contact for users to request access rights to systems or services. Access management
is formally described in V3 as providing the right for users to be able to use a service.
Therefore access management is the execution of policies and actions defined by security and
availability management. Even though access should be facilitated by application and technical
groups and processes, coordination is usually facilitated by a service desk function using the
same support technology to ensure control and repeatability of the process, audit traceability
of use of services, ensure confidentiality of information and manage any abuse of services to
which users have access.
The goal of incident management within ITIL remains the same: restore service operation
as quickly as possible to minimize the adverse impact on business operations. What has
changed, though, is the scope of incident management. Generally, organizations already
were managing IT operations in this way, and V3 only formalizes what was occurring.
The scope of incident management includes any event which disrupts or potentially disrupts a
service. An incident is defined as an unplanned interruption to a service, a degradation of that
service or a failed Configuration Item (CI) that hasn’t yet resulted in a service impact.
Therefore, in ITIL v3 overhead has been removed or streamlined, allowing incident
management to do an even better job of restoring service than ever before by becoming more
Sources for incident management that can be supported by technology include:
• Phone calls by end users
• A service desk self-service web interface
• Incidents logged via an email interface
TECHNOLOGY BRIEF: ITIL V3 INCIDENT AND PROBLEM MANAGEMENT 5
As such, only these types of inputs will be processed and managed as “incidents” and
businesses can see shorter timelines for final resolutions. Other types of inputs (password
resets, access rights and so on) are managed differently within different service level
agreement (SLA) timeframes. Unlike ITIL V2, V3 allows an event to directly open a problem or
change, bypassing the creation of an incident. This, again, speeds up the resolution times for
incidents that can be resolved at first contact using a knowledge base.
Transitioning to ITIL V3
The decision to implement the ITIL V3 incident management process is one that organizations
should make based on where they are currently in the adoption process. Have you reached IT
service Capability Maturity Model (CMM) level 4 — and do users understand the requirements?
Or is there still confusion about the requirements?
Independent of version, ITIL is first and foremost about setting a common reference point for
change and language. As such, V3 requires that your culture embrace a service-centric IT
approach before the standards can be truly adopted.
There are, in fact, a number of IT service benefits that can be gained through V3. For example,
by separating simple user requests from more demanding emergencies, you can help
streamline processes and improve service to the entire organization.
Because ITIL V3 was just released in 2007, the market is in the early stages of developing its
offerings around it. As such, organizations are just starting to conduct training and perform
impact analyses. If you currently have an effective service desk and incident management
process, you may want to take your time to determine what changes you will need to
Proactive Problem Management
In ITIL V3, the problem management process has not changed dramatically—but the new
version places new emphasis on being proactive. In the past, many organizations embraced a
reactive approach to handling problems.
Reactive management processes involve waiting until the appropriate information comes to
the support groups for investigation. Because of this, organizations monitor and perform trend
analyses on repeat incidents. Yet, they may leave the more proactive examination of potential
problems, which are not recorded, to the availability teams within engineering groups or
Within V3, however, the problem detection phase still exists, but the sources have changed.
They now include:
• The service desk
• Event and incident management
• Proactive problem management
• A supplier or contractor
6 TECHNOLOGY BRIEF: ITIL V3 INCIDENT AND PROBLEM MANAGEMENT
Activities within incident management still have an impact on problem management.
Such events may be the reason for opening a problem record to address a situation where
knowledge of a problem is already available in a self-help database. Additionally, problems
can be opened by event management based on the potential business impact the situation.
By doing this, there is an inherent sense of urgency to provide an emergency fix or to speed
up a structured resolution without collecting all similar incidents first. Event management can
use correlation techniques to provide these activities.
Suppliers and contractors also can provide data as input to problem management. For example,
if an organization is using a hardware component and the supplier discovers issues with it, a
problem record based on the supplier’s information could be created. The organization would
then follow the problem management process and issue a Request for Change (RFC) to
eliminate the issue and proactively communicate with the service desk to advise the user base
of the problem and the pending change.
This proactive approach helps organizations avoid business risk, ensure service continuity —
and decrease lost user productivity. And because it sets a standard process for users to follow,
it helps businesses continually improve IT service. This procedure involves:
• Planning for problem elimination
• Implementing the change
• Ensuring the change was successful by monitoring any incidents
• Addressing any gaps in the quality of the process
With proactive problem management, dedicated resources review the available incident
data while investigating risk that can potentially cause significant service disruptions.
And organizations can significantly increase customer satisfaction and improve service
perception by eliminating problems before they ever occur.
Continual service improvement is about looking forward — growing the business and
enhancing services based on an understanding of how things work today — to plan for
tomorrow. In this way, problem management has a new purpose. Not only does it provide an
area for cost savings — but it allows the IT organization to find new ways to improve service
delivery and ensure customer satisfaction. And with information flowing into the improvement
cycle, data now can be used as input into how IT can strategically support long-term business
TECHNOLOGY BRIEF: ITIL V3 INCIDENT AND PROBLEM MANAGEMENT 7
SECTION 3: BENEFITS
CA Service Desk Supports ITIL V3
Having effectively supported ITIL V2 processes, CA Service Desk also offers all of the
ingredients needed to support V3 problem management activities, including:
• Recording problems using categories and priorities
• Matching incidents to allow for trend analysis
• Linking incident records with known error records
• Collecting data from different sources to target corrective actions in the infrastructure
• Closing an error once a change has been successfully implemented
As such, CA Service Desk users already have the capability to identify a problem as an isolated
incident, part of multiple incidents exhibiting common symptoms or as an incident that cannot
be matched to an existing problem or known error. Users can then report these to the business.
In addition to these capabilities, the CA Service Desk connects to the CA Configuration
Management Database (CMDB) and the knowledge environment to leverage corporate
information and provide a business sense to the process. Plus, it offers a self-service feature
that allows end users to search for their own resolutions, as well as a front-end interface that
allows them to post notices to communicate to other end users before they ever call the
Proactive problem management works to prevent incidents from occurring by identifying
weaknesses and potential service unavailability. This is facilitated by the CA Service Desk,
because it enables the analysis of current and historical incident data and groups those
incidents into a single problem. The CA CMDB supports the visual presentation of the
relationships between configuration items so that IT can effectively investigate possible failures
elsewhere in the infrastructure. And, proactive problem management information is also an
input to the change management process, during which an analysis of the CIs within the
CMDB is performed to understand a problem’s impact on critical IT services.
In addition, a number of views and tools can be used to establish these activities within an
organization, allowing you to optimize support and better manage the service lifecycle.
8 TECHNOLOGY BRIEF: ITIL V3 INCIDENT AND PROBLEM MANAGEMENT
Understanding the software requirements
CA Service Desk supports the changes described within ITIL V3. To help you achieve the best
results from your ITIL process implementation, CA Service Desk offers a robust set of ITIL-
friendly features, such as improved workflow capability, integration and federation, as well as
CA’s monitoring tools to manage events. These features facilitate the V3 processes within the
lifecycle—by allowing the processes to drive the technology solution decision.
CA technology was designed to support integrated V3 processes aligned to business goals,
such as incident, problem, and change and configuration management. It allows users to be
prompted to search an integrated knowledge base for a solution, records the priority of their
calls and monitors SLAs for service restoration or fulfillment.
Web services can play a crucial role in the deployment of the new event management process.
By leveraging this technology, you can interface electronically with myriad technologies.
Sources can then create new events in your service desk and users can manage them directly
or the system can undertake corrective actions based on automation rules that you create.
The web interface can also provide better support for request management. Users can
be presented with a simple, unified interface to report questions, incidents and requests.
Back-end processes make the decisions regarding where the records are moved and perform
processes that allow for efficient follow-up and closure for reporting purposes.
SECTION 4: CONCLUSIONS ITIL V3 is about moving toward a service-centric framework. But regardless if you decide to
stay with ITIL V2 or transition to the V3 framework, the CA Service Desk can help you improve
efficiencies in supporting business-based IT services. And, as such, it helps you follow best
practices for incident and problem management.
SECTION 5: REFERENCES Crown Copyright. Reproduced with the permission of the Office of Government Commerce.
Crown Copyright. Reproduced with the permission of the Office of Government Commerce.
TECHNOLOGY BRIEF: ITIL V3 INCIDENT AND PROBLEM MANAGEMENT 9
About the Authors
Nancy Hinich Nancy Hinich is a world-wide ITIL Solution Manager. She consults with senior management
CA Services of customer organizations to quantify the opportunity for ITIL best practices and advises them
on implementation programs for business service improvements. She has 10 years of IT
experience and holds a Manager’s Certificate in IT Service Management.
John Kampman John Kampman has 20 years of IT experience and currently is a Director of Technical Sales for
CA Sales IT Service Management solutions in Europe, the Middle East and Asia. He is responsible for
introducing ITIL and other best practices to strategic customers, and most recently, he co-
developed a new ITSM assessment to help customers understand their level of maturity in
Service Management processes. Leveraging this experience and knowledge, John meets with
customers and provides them with guidance on how to implement ITIL. Additionally he is a
certified Apollo 13 (best practices awareness) trainer within CA, and holds a Manager’s
Certificate in IT Service Management.
To learn more about the CA Service Desk architecture and technical approach,
10 TECHNOLOGY BRIEF: ITIL V3 INCIDENT AND PROBLEM MANAGEMENT
TECHNOLOGY BRIEF: ITIL V3 INCIDENT AND PROBLEM MANAGEMENT 11
CA (NSD: CA), one of the world’s leading independent,
enterprise management software companies, unifies and
simplifies complex information technology (IT) management
across the enterprise for greater business results. With our
Enterprise IT Management vision, solutions and expertise,
we help customers effectively govern, manage and secure IT.
Learn more about how CA can help you
transform your business at ca.com