An unplanned interruption to a service, a reduction in service quality, or a CI failure that has not yet impacted a service. Focus: restore service quickly.

A cause, or potential cause, of one or more incidents. Focus: understand and reduce the likelihood and impact of incidents.

A user request that is part of normal service delivery (for example, access, information, or a standard item), not a failure.

The addition, modification, or removal of anything that could affect services. Managed through the change enablement practice.

The addition, modification, or removal of anything that could have a direct or indirect effect on services.

An unplanned interruption to a service, a reduction in the quality of a service, or a failure of a configuration item that has not yet impacted a service.

Service Management Practices: Keeping Services Healthy — ITIL 4 Foundation Exam Prep: Complete Syllabus, Exam-Focused

Q: A team is reviewing a recurring pattern of high-priority incidents affecting the same payment service. They are not changing anything yet; they are focusing on identifying the underlying cause and considering long-term options. Which practice is MOST involved at this point?

Problem management. The focus is on analyzing recurring incidents and finding the underlying cause, which is the purpose of problem management. Incident management focuses on restoring service quickly. Change enablement would be involved later, when a specific change is proposed and needs assessment and authorization. Service request management is about normal user requests, not failures.

Q: A service owner and a business representative meet monthly to review reports comparing actual service performance against agreed targets, and to discuss improvements. Which practice is MOST clearly demonstrated?

Service level management. Reviewing service performance against agreed targets and discussing improvements is the core of service level management. Incident management is about restoring service quickly, not regular performance reviews. Service request management handles individual user requests. Service configuration management is about configuration data, not performance targets.

Big Picture: Why Service Management Practices Matter

Why Practices Matter

In ITIL 4, service management practices are the repeatable ways an organization keeps services reliable, safe, and valuable. Exams usually hide them inside short everyday IT stories.

Key Practices in This Module

We focus on: incident management, problem management, change enablement, service request management, service level management, service desk, and service configuration management.

What You Need to Do

You must recall each practice's purpose, know key terms (incident, problem, known error, change, service request), and choose the right practice in brief scenarios.

Connecting to the SVS

Governance and continual improvement guide all practices. Think of the SVS as a city: city hall (governance), road crew (improvement), and different city services (the practices) working together.

Core Definitions: Incident, Problem, Service Request, Change

What Is an Incident?

Incident: an unplanned interruption to a service, a reduction in service quality, or a CI failure not yet affecting a service. Focus is on restoring service quickly.

What Is a Problem?

Problem: a cause or potential cause of one or more incidents. It is about the underlying cause, not the immediate outage.

What Is a Known Error?

Known error: a problem that has been analyzed and not resolved, with a documented workaround or root cause. We understand it, but it may still exist.

Service Request vs Incident

Service request: a normal user request, such as password reset or access to a standard app. It is not a failure of the service; it is part of normal delivery.

What Is a Change?

Change: the addition, modification, or removal of anything that could affect services. Changes are planned modifications, not breakages.

Incident Management vs Problem Management

Purpose of Incident Management

Incident management aims to minimize the negative impact of incidents by restoring normal service operation as quickly as possible. It focuses on speed and restoration.

What Incident Management Does

It logs and categorizes incidents, applies workarounds or quick fixes, escalates to specialists, and keeps users informed about progress.

Purpose of Problem Management

Problem management reduces the likelihood and impact of incidents by identifying causes and managing workarounds and known errors. It focuses on prevention.

What Problem Management Does

It analyzes incident trends, performs root cause analysis, documents workarounds and known errors, and raises changes to remove root causes.

How to Tell Them Apart

If the story is about getting users working again, think incident management. If it is about recurring issues or root causes, think problem management.

Example: Distinguishing Incident vs Problem in a Scenario

Story: Users Cannot Log In

Many users cannot log in to the payroll system. The service desk records a ticket and contacts the application team, who apply a quick configuration change so users can log in again.

Where Is Incident Management?

This is incident management: an unplanned interruption is logged and categorized, and a quick change is applied to restore service as soon as possible.

Where Is Problem Management?

Later, a specialist team analyzes three months of login failures. This is problem management, focused on understanding the underlying cause and trends.

From Problem to Change

The specialist team proposes a permanent fix. Problem management often leads to a change, which is then controlled through change enablement.

Change Enablement and Release Management

What Is Change Enablement?

Change enablement aims to maximize successful changes by properly assessing and authorizing them. It focuses on risk, impact, and authorization.

What Change Enablement Does

It records and categorizes changes, assesses risk and impact, obtains authorization from change authorities, and coordinates change scheduling.

What Is Release Management?

Release management makes new and changed services and features available for use. It focuses on building, testing, and deploying release packages.

Telling Them Apart

Approving or assessing risk of a change points to change enablement. Deploying a new version or rolling out features points to release management.

How Practices Interact

Problem management may raise a change; change enablement authorizes it; release management deploys it; service configuration management tracks what is where.

Service Request Management, Service Desk, and Service Configuration Management

Service Request Management

Service request management handles pre-defined, user-initiated requests (like access, information, or standard equipment) in an effective and user-friendly way.

Examples of Service Requests

Typical requests: password resets, access to a standard app, request for a laptop from a catalog, or a request for information about a service.

Service Desk as Single Contact Point

The service desk captures demand for incident resolution and service requests. It is the single point of contact between users and the service provider.

Routing, Not Owning Everything

The service desk usually does not own all practices; it logs tickets and routes work to incident, request, or other specialist teams.

Service Configuration Management

Service configuration management ensures accurate, reliable information about services and configuration items (CIs), often via a CMDB, to support diagnosis and impact analysis.

Thought Exercise: Follow the Value Stream

Walk through this end-to-end story and identify which practice is active at each step.

Story:

A user calls IT because the customer portal is very slow.
The service desk logs the ticket, gives the user a reference number, and checks for similar tickets.
A support analyst applies a temporary workaround by restarting a specific microservice, and performance improves.
A problem manager reviews a pattern of similar slowdowns over the last two months.
The problem team discovers that a database index is missing and raises a change to add it.
The change is assessed for risk and scheduled for a low-traffic period.
A release pipeline deploys the updated database schema to production.
The CMDB is updated with the new database version and index information.

Your task:

For each step (1–8), write down which single best practice is most clearly represented.

Check yourself (no peeking until you try):

1: Service desk (also incident starting).
2: Service desk.
3: Incident management.
4: Problem management.
5: Problem management raising a change.
6: Change enablement.
7: Release management.
8: Service configuration management.

Notice how many practices appear in one value stream. Exam questions often test your ability to pick the dominant practice in the step they describe.

Quick Check: Pick the Right Practice

Answer this exam-style question to check your understanding.

A team is reviewing a recurring pattern of high-priority incidents affecting the same payment service. They are not changing anything yet; they are focusing on identifying the underlying cause and considering long-term options. Which practice is MOST involved at this point?

Incident management
Problem management
Change enablement
Service request management

Show Answer

Answer: B) Problem management

The focus is on analyzing recurring incidents and finding the underlying cause, which is the purpose of problem management. Incident management focuses on restoring service quickly. Change enablement would be involved later, when a specific change is proposed and needs assessment and authorization. Service request management is about normal user requests, not failures.

Key Term Flashcards

Use these flashcards to reinforce the most tested terms.

Incident: An unplanned interruption to a service, a reduction in service quality, or a CI failure that has not yet impacted a service. Focus: restore service quickly.
Problem: A cause, or potential cause, of one or more incidents. Focus: understand and reduce the likelihood and impact of incidents.
Known error: A problem that has been analyzed and not resolved, with a documented workaround or root cause.
Service request: A user request that is part of normal service delivery (for example, access, information, or a standard item), not a failure.
Change (ITIL 4): The addition, modification, or removal of anything that could affect services. Managed through the change enablement practice.
Change enablement: Practice that maximizes successful changes by properly assessing, authorizing, and scheduling them, focusing on risk and impact.
Service desk: The single point of contact for users, capturing demand for incident resolution and service requests and routing work to other practices.
Service configuration management: Practice that ensures accurate and reliable information about services and configuration items (CIs) is available when needed.
Service level management: Practice that sets clear business-based targets for service performance and ensures services are delivered and monitored against these targets.

Scenario Mix: Which Practice or Action?

A few more quick questions to lock in distinctions.

A service owner and a business representative meet monthly to review reports comparing actual service performance against agreed targets, and to discuss improvements. Which practice is MOST clearly demonstrated?

Service level management
Incident management
Service request management
Service configuration management