Upcoming Pandora FMS Workshop: July 16. More information →

What Is ITIL and How to Implement It in IT? A Practical Guide for Technical Teams

Tech days are often filled with putting out fires, caffeine, juggling tasks to keep infrastructure from collapsing, more caffeine—and generally trying to stay sane in the chaos. To keep IT management from becoming total bedlam, and to bring value instead of conflict between business and technology goals, there’s the ITIL framework, which we’ll explore in depth.

With it, we’ll align those objectives by implementing IT management best practices.

What Is ITIL and What Is It For?

ITIL stands for Information Technology Infrastructure Library. It was created in 1989 by the UK government’s CCTA (Central Computer and Telecommunications Agency) as a way to bring order to the chaos by documenting and distributing IT management best practices.
Today, ITIL is managed by Axelos and has become a global standard. Its current version, ITIL 4 (released in 2019), is made up by 34 practices that cover:

  • General Management (knowledge, architecture, risk, etc.)
  • Service Management (continuity, change, SLAs, etc.)
  • Technical Management (deployment, infrastructure, development, etc.)

Without best practices, we end up fixing problems differently every time, depending on the technician on duty. Or one day we wake up and nothing works—because someone “optimized” the firewall rules based on personal opinion.
Today, with hybrid work increasing potential failure points, cybersecurity being essential, and businesses demanding more agility from IT to stay competitive, a framework of best practices helps improve results, reduce errors, and lower our daily Valium dosage.
Now, I know what you’re thinking—because it’s what we all think. You’ve heard this tune before, and ITIL isn’t the only acronym making big promises… plus, these things tend to turn into extra work rather than more efficient work.

But ITIL has some unique and genuinely valuable features.

ITIL v4 Fundamentals: What Does It Involve?

ITIL version 4 is a flexible framework that works alongside methodologies like Lean, Agile, or DevOps—so there’s no need to reinvent the wheel, just improve what’s already there.
This adaptability sets it apart from ITIL v3, which was more rigid with its linear processes.
Likewise, ITIL v4 includes 34 practices, whereas ITIL v3 had 26 processes and 4 functions. More importantly, the current version is built around 7 guiding principles meant to inspire how we work:

  • Focus on value. Prioritize what matters to the business—technology exists to support that.
  • Start where you are. Improve what’s already in place instead of starting everything from scratch.
  • Progress iteratively with feedback. Improve step by step, based on results and input.
  • Collaborate and promote visibility. Silos cause mistakes. Security, devs, and support must work together and stay informed.
  • Think and work holistically. Consider everything, infrastructure, apps, users, and beyond.
  • Keep it simple and practical. Does it add value? If not, drop it.
  • Optimize and automate. Use tools like Pandora ITSM to reduce repetitive workload.

Out of all these guiding principles, the most important—the Prime Directive, if you will—is value. It’s a concept you’ll see again and again, because it’s what ITIL revolves around: its reason for existing.
Value for whom? For customers, users, and other stakeholders across the organization.
But unlike Star Trek, where they constantly break the Prime Directive to keep the episode interesting, we shouldn’t.
Value is the compass, and ITIL v4 outlines four dimensions that must be balanced to achieve it:

  • Organizations and People. Do we have the right people in the right roles?
  • Information and Technology. Do we have the right tools, and do they provide key insights for better decisions?
  • Partners and Suppliers. Are we working with the right ones (cloud providers, software vendors…) and managing them effectively?
  • Value Streams and Processes. Is the way we work truly efficient?

ITIL Operational Architecture: The Service Value System (SVS)

Let’s dive into the practical side of ITIL by breaking down its components and offering real-world examples.
As promised—and yes, you’ll hear this a lot—ITIL’s main focus is what’s known as the SVS, or Service Value System, which brings together the four dimensions we already mentioned in order to co-create value with the business.

To do this, we apply the guiding principles covered earlier, always with a mindset of continuous improvement. But beyond that, we also apply:

  • The practices that best fit from the 34 ITIL practices.
  • Governance. Not to be confused with bureaucracy—governance defines the “rules of the game”: how something should be done, who is responsible, and who ensures it’s delivering value. It helps teams move faster without crashing into each other.
  • The Service Value Chain (SVC). This is critical—it’s the operational core, the “how” behind delivering value.

The SVC is a six-step workflow that ensures a demand (such as the need for a new app or improved ecommerce speed) is turned into a valuable service. The steps are:

  • Plan (e.g., the new app).
  • Improve processes or tools
  • Engage the right people—like developers for the app, but also cybersecurity to have the Red Team test it.
  • Design the requested service.
  • Transition.
  • Deliver and support.

As always with ITIL, these steps are flexible—you use only the ones needed to create value.
For example, if you’re building a brand-new mobile app, steps 2 and 5 may not apply (you’re not improving anything existing or transitioning from an old version).

But by following the steps that do apply, you ensure consistent delivery and value creation at every stage.
These are the general stages, but ITIL’s 34 practices go deeper, adapting each step to the most common scenarios in IT.

Essential Practices for a First-Time Implementation

Since my main goal is to keep you from printing ITIL in hardcover just to throw it at my head—because you already have a dozen bosses to answer to and don’t want one more—let’s keep it practical and show how ITIL is truly a flexible support framework.

Incident Management in ITIL

A great way to dip your toes into ITIL v4 is through incident management, by applying the principles of that specific practice.
Now, in IT, we tend to be pragmatic and by-the-book (I certainly am). That means ITIL’s biggest strength—its flexibility—can also feel like a challenge. For example, when reviewing the incident management practice, there’s no strict checklist to follow and mark off as you go.
If that’s what you’re after, ISO 20000 might suit you better. ITIL, on the other hand, offers high-level guidelines and best practices. because it has to. Every organization, incident, and IT infrastructure is different.
That’s why we rely on guiding principles, which are reflected in ITIL’s incident management process map.

  • Let’s take a practical example: a user can’t log into their customer portal.
  • According to ITIL, the first step is to categorize and log the incident in the system. Following the principle of Optimize and Automate, this is handled by Pandora ITSM, which creates the Service Desk ticket and routes it to the appropriate team.
  • Next, the incident is monitored and escalated as needed. The main goal is to get the user back in quickly—and if the issue isn’t something trivial like forgetting that passwords are case-sensitive, we escalate the incident. If possible, we provide a quick fix, like issuing temporary credentials to access their user area (remember the principle: deliver value to the customer).
  • Then, the incident is analyzed and resolved by the person or team defined as responsible.
  • The user is informed and provides feedback confirming the fix worked.
  • Finally, the solution and the overall process are recorded and evaluated, both by the IT team and possibly through a customer satisfaction survey.

Service Request Management

In this case, the goal is to handle standard or repetitive requests, such as access to a shared folder or creating a new VPN user. For example, we could:

  • Create a dedicated section in the system for these types of requests.
  • The ticket is classified by priority. If it’s a standard request, it gets routed to the intern team—no need to wake up the bearded root admin from his nap.
  • Let’s say the folder in question contains sensitive data. In that case, we notify the responsible person, who approves the access.
  • The request is carried out.
  • The user is informed and the ticket is closed.
  • Everything is logged, and we might even evaluate whether the process can be improved—perhaps by automating access for certain users.

As we can see, it’s about putting “method to the madness,” channeling the stream of events so it doesn’t drag us down in day-to-day operations.

Problem Management

This is used to identify and get rid of recurring incidents, such as repeated failures, slow VPN connections, and so on.
Applying the ITIL practice, we might:

  • Open a ticket.
  • Analyze the problem and its impact, escalating it based on severity—so the root admin can keep snoozing until it really matters.
  • Identify the configuration issue and fix it.
  • Document the solution for future similar tickets.

Asset Management

This helps us know what we have and where it is. In practice, we can apply this by:

  • Creating a CMDB (Configuration Management DataBase) with servers, endpoints, applications, etc.
  • Linking tickets to assets for better traceability, making change management and maintenance much easier.

This way, laptops don’t mysteriously vanish anymore, and we can keep track of each team’s needs—like updates.
Once again, Pandora FMS can help by automating and assigning these tickets, so when one is opened, we immediately know which asset is affected and its full history.

Change Management

Used to implement controlled changes with minimal risk. For example:

  • We need to update WordPress.
  • We evaluate the impact on a testing server and—hallelujah—custom code doesn’t break, and the dreaded white screen of death doesn’t appear.
  • The change is approved.
  • We schedule an implementation window: Sunday night, to avoid disrupting WooCommerce purchases from our online store.
  • The window is communicated to the relevant stakeholders.
  • The update is executed.
  • Everything is logged and documented.

This way, we follow a process far less heart-attack-inducing than the junior who saw the “update available” notice on the production site and clicked it raw—because hey, what is life without risk?

SLA Monitoring

The Service Level Agreement (SLA)is critical—failing to meet it can lead to contractual issues or customer dissatisfaction. And our Prime Directive is delivering value.
Based on the ITIL practice, we might:

  • Define compliance thresholds.
  • Monitor those thresholds from the ITSM tool.
  • Set up automatic alerts when thresholds are exceeded.
  • And when that happens, we switch to incident management.

ITIL in Action: How to Implement It Step by Step

If the idea of bringing order to the madhouse sounds appealing, the worst thing we can do is try to implement all 34 ITIL practices at once—we’d choke on them.
But since the framework is flexible, we can pick the ones we need most.
Here’s a possible implementation path:

  • Evaluate our current situation and define objectives. For example, if our incident resolution times are poor and that’s hurting the value we deliver.
  • Commit to ITIL principles (value, automation, etc.).
  • Select the practices that matter most in our specific context—like incident management, as discussed earlier.
  • Based on each practice’s core ideas (logging, categorizing, routing…), we design workflows and roles tailored to our organization.

With Pandora, for instance, we can automate much of the ticket or alert workflow, automatically routing them to the right team. After resolution, the system logs and documents everything—making it easier to assess future improvements.
The key to making sure ITIL doesn’t become just another task in the pile is this:

  • Train your team on the workflow built from the practice’s general framework.
  • Use tools that automate parts of the defined process. Without them, ITIL is more likely to become a burden than a relief.

Key Metrics and Continuous Improvement Tracking

Continuous improvement is a core principle that runs through the entire ITIL framework—but we can’t improve what we don’t measure. That’s why we need both operational and performance indicators.
These can be defined during the initial ITIL evaluation stage.
Continuing with the previous example—if we’re falling short in incident management, a key metric would be MTTR (Mean Time To Resolution). From there, we can set goals per incident level (e.g., under 2 hours for critical, 24 hours for medium-priority incidents…).
Another essential metric would be SLA compliance, since ITIL is centered on delivering value. The key is having a dashboard for these indicators to verify, with data, whether the defined process is truly driving improvement. (Pandora can help with this, by the way.)

ITIL and ITSM Software: A Practical Case with Pandora ITSM

Until the machines rise up, they’re here to do the heavy lifting and make our lives easier. That’s why implementing ITIL is much simpler with a tool like Pandora ITSM, which allows you to apply from the start:

  • The principle of automating many of the actions defined in ITIL practices.
  • The principle of a global, integrated approach, no fragmented silos.
  • The principle of infrastructure visibility.
  • The principle of progressing iteratively based on data—since Pandora provides it instantly.
  • The principle of starting where you are, because Pandora adapts to your IT infrastructure, no matter how heterogeneous it is.

In addition, its ticket management system is aligned with ITIL: it lets you monitor SLAs, generate the necessary reports, manage the CMDB, and more.
Just like ITIL is an adaptable framework, Pandora ITSM is a tool you can adapt to your reporting needs, automation rules, dashboards…
Let’s imagine another incident management scenario:

  • The online store server goes down.
  • Pandora detects it, logs the event, and generates a ticket according to the defined process.
  • The ticket is automatically routed to the person designated for this type of issue. At this point, we’ve already completed three steps of an optimized process without doing anything—Pandora did it all.
  • The responsible technician investigates and takes first action: rebooting the server.
  • The dark gods must be watching over us, and although they’ll demand a sacrifice later, the store is now back online.
  • Pandora ITSM detects that.
  • Closes the ticket.
  • Logs the entire event, including the resolution.
  • Records the time it took to solve it and whether the SLA was affected.

This was a simple case, but it illustrates that thanks to the tool, what seems like a complex process only required a human to type sudo reboot in the server’s terminal.

Pandora handled the rest of the best practice: logging actions, tracking metrics, managing the ticket… all automatically.

How Pandora FMS Enhances ITIL Implementation Beyond ITSM

Pandora doesn’t just streamline value-driven processes—it also monitors and detects incidents before they impact the user.
By correlating events and predicting complex attacks, integrating Pandora SIEM enables early warning within Pandora’s Box of incident management—especially security incidents.
Early detection might lead to an uncomfortable conversation and the dismissal of someone who unsuccessfully tried to walk out with data on a USB stick, for example. But at least we won’t be dealing with a full-blown data breach requiring notification to data protection authorities and users, along with the potential fines.
What’s more, ITIL v4 emphasizes end-to-end visibility as a core principle. And the combination of ITSM, monitoring, and SIEM that Pandora offers makes it possible to put that principle into action.

Best Practices and Mistakes to Avoid

I’ve already mentioned the biggest mistake when implementing ITIL: trying to swallow it all at once. We need to prioritize—and from our experience, here are the top recommendations:

  • Start small, scale later. Not just when selecting ITIL practices, but in everything. For example, with the CMDB, begin by mapping only critical assets—you can expand later.
  • Automate or die. Melodramatic, I know. But we have to choose: will we be buried under the pile of unread books on our nightstand, the endless list of games from every Steam Sale, or the backlog of tickets and tasks we could’ve automated? The first two are badges of honor for a life well lived. The last one? Not so much.
  • Don’t adopt—adapt. ITIL isn’t a set of commandments carved in stone; it’s a toolkit. Take what you need and build from there.
  • Measure before and after, or continuous improvement will be just a dream.

And as for common mistakes we’ve seen—aside from biting off more than you can chew:

  • Unrealistic SLAs and KPIs. These will only lead to frustration, not improvement.
  • Lack of buy-in from management or other departments. ITIL is useless if Pedro from Logistics keeps knocking on your door because “his laptop broke,” instead of knowing where to open a ticket.
  • Defined processes with no assigned owners.

ITIL Certifications and Team Training

If ITIL sounds like a good fit, guess what—you can get certified. Yes, another one for the list…
Axelos offers several certification levels on this official site:

  • Foundation. The basics. A few days of training and then an exam.
  • Specialist. With focus areas like Create and Deliver, Stakeholder Value, and High Velocity IT.
  • Strategist. For planning, directing, and improving.
  • Leader. For building IT strategies aligned with business goals.

Our recommendation, if you’re considering it, is this: don’t get certified just to add another badge to your résumé.
Everyone has their own opinion on certifications—but they can be a real opportunity to improve processes and deliver more value to the organization.
And that’s what we’re here for, even if we sometimes forget it in the daily grind.
As we’ve seen, ITIL v4 helps bring order and value to chaos. It’s not the first framework to try—and it won’t be the last—but if we follow ITIL’s own philosophy, we can uncover real gems to adapt to our everyday work.

Pandora ITSM is a balance between flexibility, simplicity and power

And above all, it adapts to your needs.