ITIL (Information Technology Infrastructure Library) was developed by the OGC (Office of Government Commerce) starting back in 1987. It aims at defining guidelines for the appropriate and efficient provision of IT services in organisations. The standard comprises a number of publications describing the best practices which are included in ITIL. The subsets of ITIL which are of interest for this report are Service Delivery, Service Support and Security Management (see Using Results section of this website). These processes are part of version 2 of ITIL and were selected for integration with Risk Management since they likely represent the most commonly used parts of ITIL at this point in time. Service Delivery mainly deals with planning and controlling aspects of IT service management. Service Support contains processes chiefly describing the support of customers in case of occurring incidents and problems. Security Management treats aspects like data security, risks and protection measures and therefore provides some parallels to Risk Management processes. ITIL V3 is available since early 2007 but not widely-used yet, so it was not considered for inclusion in this project.
ITIL represents a framework for the design of service management processes. The data that is gathered during the execution of such service processes is highly valuable for assessing IT risks and helps to improve the corporate IT risk strategy. This applies especially for processes such as Incident Management and Problem Management, which deal with the consequences of IT risks. Moreover, an integration of IT Risk Management and ITIL allows for including Risk Treatment measures in the service process definitions – e.g. in IT Service Continuity processes - and thus improving these processes.