General security

ITIL 4 — ITSM methodology gets agile & integrated with the most modern business practices

Claudio Dodt
April 25, 2019 by
Claudio Dodt

The Information Technology Infrastructure Library

Claiming that IT service management played a key role in building most business for the past few decades, while bold sounding, is still simply an understatement. From the moment companies realized that information technology was the cornerstone for optimizing their business processes, there was unprecedented growth in IT infrastructure. That generated complexity and, as always, complexity must be managed.

Once this Pandora’s box was opened, there would be no turning back: IT pros came out of their home labs and went into the corporate world. Today they’ve become executives, speaking the business language, understanding the strategic value of IT. And to be honest, none of this would be possible without the Information Technology Infrastructure Library, or ITIL.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

ITIL: A brief history

A thing you may not know about ITIL is that it originally belonged to Her Majesty the Queen. ITIL was created in the 80s by the UK government through its Central Computer and Telecommunications Agency (CCTA) to ensure better use of IT services and resources.

In fact, the initial version of ITIL was called GITIM, Governance Infrastructure Technology Management Information. Of course, it was something quite different from what we have today; in terms of concepts, however, it was already remarkably similar and focused on the support and delivery of IT services.

Even in its earliest versions, ITIL had a strong appeal. By the early 90s, it had already been disseminated and adopted by government agencies and large companies across Europe, and soon spread throughout the world. While IT itself evolved, ITIL advanced IT service management (ITSM) practices; by the year 2000, Microsoft used ITIL as the basis for creating its proprietary methodology, the Microsoft Operations Framework (MOF).

In 2001, ITIL v2 was released. It proved easier to adapt and use, resulting in ITIL being the most widely-used methodology for IT service management in the world.

In 2007, ITIL v3 introduced the idea of ​​the service life cycle and provided greater integration between its five publications and the IT service management processes included in each of them. And now, in 2019, it’s time for another version. Enter ITIL 4.

ITIL 4: What are the major changes?

In a world where technology is constantly being updated, it was obvious that ITIL needed to reinvent itself in order to remain relevant. The central idea of ​​the publication (managing IT services) has not changed, but we can’t say the same about the IT context and environment! In other words, the big challenge for ITIL 4 is helping companies manage services in an increasingly complex and agile world.

This means that in its latest update, there is a much greater focus on understanding what the organization understands as value. Functional silos are a thing of the past; now the idea is using a holistic approach to IT service management, and especially keeping things simple and functional. This renewed pragmatism of ITIL 4 makes perfect sense in a world where DevOps and its variations have a strong appeal, especially for businesses that need fast, quality deliveries from IT.

With this new maturity, much more than simply managing IT services, ITIL aims to address strategic aspects, shifting to a greater focus on concepts such as value, costs, results and risks. It’s now time to say goodbye to the service life cycle and embrace the Service Value System (SVS) and Service Value Chain. For ITIL, the SVS represents how different components and activities of the organization work together to facilitate value creation through IT-enabled services. And this brings us to another interesting concept: the value stream, which effectively replaced the ITIL v3 service life cycle.

Of course, established concepts such as change management, incident management and problem management are still present. Even though processes are now called practices, the most meaningful change a much more holistic approach: We are no longer looking at IT processes without taking into account people and teams, as well as their roles, skills and competences.

Items such as processes, procedures, value streams, tools and technology, suppliers and partners are all essential points for ITIL. If you are already an ITSM veteran, you must remember the 4 Ps of IT service management. Yes, these concepts were already part of ITIL since 2007, so what has changed? Simple: Now they are no longer design considerations and are seen as essential aspects, the four dimensions of service management.

In general, the message is quite direct. ITIL's central focus is value creation, something that is eminently clear in its seven guiding principles:

  1. Focus on value
  2. Start where you are
  3. Progress iteratively with feedback
  4. Collaborate and promote visibility
  5. Think and work holistically
  6. Keep it simple and practical
  7. Optimize and automate

ITIL 4 certification path

ITIL’s publications were not the sole factor for its high level of adoption; certifications also played a significant role in the framework’s popularization with ITSM professionals. With the arrival of ITIL 4 and its changes, it is only natural that both veterans and newcomers are eager to discover how the certification process has been influenced.

Since the updated version was announced in 2017, it was clear that the inclusion of a large amount of new content into ITIL would lead to significant changes in the certification process. In ITIL v3 the certification path was based on a credit system. Starting with the Foundation certification, each of the 12 available exams contributed to points, leading to the Expert level and then working on become an ITIL Master.

Looking at the new career path adopted by ITIL 4, it is easy to see how it was reworked, consolidating, and simplifying careers.

Let’s start with some good news: The number of exams has been halved! The process still begins with the ITIL Foundation certification, but now there are two major paths:

  • ITIL Managing Professional (MP) includes four modules:
    • ITIL Specialist — Create, Deliver & Support
    • ITIL Specialist — Drive Stakeholder Value
    • ITIL Specialist — High Velocity IT
    • ITIL Strategist — Direct, Plan & Improve

  • ITIL Strategic Leader (SL) includes two modules:
    • ITIL Strategist — Direct, Plan & Improve
    • ITIL Leader — Digital & IT Strategy

It’s interesting to notice the fact that both careers include the ITIL Strategist — Direct, Plan & Improve module, a fact that reinforces ITIL’s focus on creating strategic value for organizations.

To be eligible for the ITIL Master level, it is now necessary to go through both careers, successfully completing all six exams and obtaining both ITIL Managing Professional (MP) and ITIL Strategic Leader (SL).

Migrating from ITIL 3 to ITIL 4 certifications

If you are an ITIL v3 veteran, I have good news: upgrading to ITIL 4 is not as difficult as you may be thinking! For example, if you have already obtained ITIL Expert in v3 or have achieved at least 17 credits in the old certification path, you will have the option to take just the transition module for the Managing Professional (MP). After that, you will only need the ITIL Leader Digital & Strategy in order to achieve ITIL Strategic Leader (SL) and become eligible for ITIL Master.

Now the not-so-good news: If you’re just starting your career in ITIL v3 (for example, if you have just obtained the ITIL Foundation v3 certification or have less than six credits in the old certification path), it is recommended to restart the process on ITIL 4. This is because the amount of new content — even at the foundation level — is significant.

Concluding thoughts

ITIL 4 was released in February 2019 and brings new levels of maturity and pragmatism. This makes sure it remains aligned not only with core business expectations, but also with other important ITSM methodologies, such as Agile, DevOps and Lean.

This new release has received a strong contribution from the community, resulting in significantly more fluid and dynamic practices where both the customer context and the integration of ITIL with the most modern business practices are fundamental to ITSM.

There is no doubt that ITIL will remain relevant and, in more practical terms, will continue its mission of helping millions of businesses overcome the challenges of complexity and agility that are a part of today’s IT environment. For IT professionals this is not only an opportunity to get an updated certification but also an invitation to renew and continually improve your skills.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.



  1. A Short History of ITIL, ITIL Central
  2. Career Paths, AXELOS
  3. ITIL® Certifications, AXELOS
  4. ITSM Careers Path, AXELOS
Claudio Dodt
Claudio Dodt

Cláudio Dodt is an Information Security Evangelist, consultant, trainer, speaker and blogger. He has more than ten years worth of experience working with Information Security, IT Service Management, IT Corporate Governance and Risk Management.