Home �   ITIL�  Index

Key Differences Between ITIL v2 and v3

Oct 25, 2007

Martin Likier,Mike Tainter


Supplier Management - A process for ensuring that all contracts and suppliers support the needs of the business and that they meet their contractual agreements. Supplier management was covered in ICT Infrastructure Management in ITIL v2.

Information Security Management - A comprehensive process designed to address the strategic direction for security activities and to ensure that objectives are achieved. It includes the confidentiality, integrity and availability of an organization's assets, information, data and IT services. Information security management was covered in very limited form in its own book in ITIL v2. ITIL v3 brings this topic up-to-date with current information security concerns and brings it into better alignment with related issues facing IT organizations.

Service Transition (Book 3)

Transition Planning and Support is a unified process for coordinating all the activities of Change Management, Configuration Management and Release Management described in ITIL v2. It has now been expanded and is presented alongside the related topics of Service Validation and Testing (i.e. testing a new change), Evaluation (managing risks associated with a new change) and Knowledge Management (gathering, analyzing, storing and sharing knowledge and information).

All seven process descriptions have been expanded. In ITIL v2, Knowledge Management was discussed separately, in the Application Management book.

Service Operation (Book 4)

Incident Management and Problem Management – No material changes from ITIL v2.

Event Management is a stand-alone process for detecting and managing events and alarms (which ITIL calls “exceptions”). In ITIL v2, Event Management was covered under Incident Management.

Request Fulfillment is a new process for managing the lifecycle of all customer- and user-generated service requests. These types of requests include facilities, moves and supplies as well as those specific to IT services. In the previous version of ITIL, this process was covered under Incident Management. A notable difference in ITIL v3 is it now recognizes the existence of service requests beyond merely “break/fix” restoration of service.

Access Management is a new process that provides rights and identity management related to granting authorized users the right to use a service, while restricting access to non-authorized users. In ITIL v2, Access Management was covered in the Security Management Book.

Continual Service Improvement (Book 5)

The ITIL v2 red book described a Service Improvement Program (SIP) within the context of Service Level Management, discussing best-practices for measuring, monitoring and reporting on services which ultimately provided the data for making improvements. ITIL v3 expands this into its own book, Continuous Service Improvement, and structures a seven step improvement process as follows:

  • 1. Define what you should measure;
  • 2. Define what you can measure;
  • 3. Gather the data;
  • 4. Process the data;
  • 5. Analyze the data;
  • 6. Presenting and using the data; and
  • 7. Implement the corrective action.
  • Function Comparison

    ITIL v2’s Service Support book identified the service desk as the lone function (group of people and the tools they use to carry out one or more processes or activities). ITIL v3 now identifies three other functions in addition to the service desk: Technology Management, IT Operations Management, and Application Management.

    The Technology Management function provides the detailed technical skills and resources needed to support IT services and management, along with the ongoing operation of the IT Infrastructure. The IT Operations Management function is responsible for the daily operational activities needed to manage IT services and the IT Infrastructure. It includes IT Operations Control and Facilities Management. The Application Management function manages applications throughout their lifecycle.


    The key changes include: A consolidation of the library into five books; the addition of 12 new processes and three new functions; eemphasis on service management through the entire service lifecycle; and emphasis on creating business value versus simply improving the execution of processes.

    Supplemental material will be released over time. Whether now is the right time to introduce the new version into your organization or continue with the old depends on the current state of the organization. That said, since most of the changes to ITIL v3 clarify and augment the previous library, a good case can be made to start using the new and refreshed library.

    Martin Likier is a Service Manager-certified ITIL consultant with Forsythe's IT service management practice. He has extensive hands-on experience in the design and implementation of IT service management across a wide range of vertical markets.

    As Director of Forsythe’s IT service management practice, Mike Tainter focuses on IT service management, ITIL, operations management, process design, IT operations support system development, and IT logistical requirements for a wide variety of organizations.