ITIL 4 Interview questions and answers.. Claude.ai
100 ITIL service management interview questions and answers
1What is ITIL?
ITIL (Information Technology Infrastructure Library) is a globally recognised framework of best practices for IT service management (ITSM). It provides guidance on aligning IT services with business needs, delivering value, and continually improving. ITIL 4, the latest version, introduces the Service Value System and a holistic approach to service management.
2What is IT Service Management (ITSM)?
ITSM refers to the set of policies, processes, and practices organisations use to design, deliver, manage, and improve IT services for customers. It focuses on delivering value rather than just managing technology.
3What is the ITIL Service Value System (SVS)?
The SVS describes how all components and activities of an organisation work together to enable value creation. It includes the guiding principles, governance, the service value chain, practices, and continual improvement.
4What are the seven ITIL guiding principles?
1) Focus on value. 2) Start where you are. 3) Progress iteratively with feedback. 4) Collaborate and promote visibility. 5) Think and work holistically. 6) Keep it simple and practical. 7) Optimise and automate. These principles guide decisions regardless of organisational context.
5What is a service in ITIL?
A service is a means of enabling value co-creation by facilitating outcomes that customers want to achieve, without the customer having to manage specific costs and risks. Services deliver utility and warranty.
6What is the difference between utility and warranty?
Utility is 'fit for purpose' — what the service does, its functionality. Warranty is 'fit for use' — how the service performs in terms of availability, capacity, security, and continuity. Both are required for value.
7What are the four dimensions of service management in ITIL 4?
1) Organisations and people. 2) Information and technology. 3) Partners and suppliers. 4) Value streams and processes. Every service and practice must be considered across all four dimensions.
8What is the Service Value Chain (SVC)?
The SVC is an operating model in ITIL 4 with six activities: Plan, Improve, Engage, Design & Transition, Obtain/Build, and Deliver & Support. These activities transform demand and opportunities into value.
9What is the difference between a process and a practice in ITIL 4?
In ITIL 3, processes were the core unit. ITIL 4 replaced processes with 34 practices — broader capabilities that include people, technology, information, and processes. Practices acknowledge that more than a defined procedure is needed.
10What are the three types of service providers?
Type I: Internal (serves one business unit). Type II: Shared (serves multiple business units within the same organisation). Type III: External (serves external customers in the open market).
11What is a service catalogue?
A service catalogue is a centralised repository of all live IT services available to customers or users. It contains details on service descriptions, SLAs, owners, and how to request each service. It is the customer-facing subset of the service portfolio.
12What is the difference between a service portfolio and a service catalogue?
The service portfolio includes all services: pipeline (in development), catalogue (live and available), and retired services. The service catalogue is only the subset of active services available for consumption.
13What is a Configuration Item (CI)?
A CI is any component that needs to be managed to deliver an IT service. Examples include servers, software, documentation, and SLAs. CIs are recorded in the Configuration Management Database (CMDB).
14What is the CMDB?
The Configuration Management Database stores information about all CIs and their relationships. It supports impact analysis, incident resolution, and change management by showing how components depend on each other.
15What is a service level agreement (SLA)?
An SLA is a formal agreement between a service provider and a customer that defines the expected level of service — including availability, response times, and performance metrics. Breaches trigger review and remediation.
16What is an OLA and how does it differ from an SLA?
An Operational Level Agreement (OLA) is an internal agreement between teams within the same organisation supporting an SLA. An SLA is with the external or business customer; an OLA underpins it internally.
17What is an underpinning contract (UC)?
A UC is a contract between an IT service provider and a third-party supplier. It defines the supplier's obligations to support the delivery of an SLA, such as hardware support or cloud hosting commitments.
18What is continual improvement in ITIL 4?
Continual improvement is an ongoing practice of aligning services and practices with changing business needs. It uses the seven-step improvement model and the ITIL continual improvement register to log, prioritise, and track improvements.
19What is the ITIL continual improvement model?
A seven-step model: 1) What is the vision? 2) Where are we now? 3) Where do we want to be? 4) How do we get there? 5) Take action. 6) Did we get there? 7) How do we keep the momentum going?
20What is value co-creation?
ITIL 4 emphasises that value is not just delivered by the provider — it is co-created between the provider and the customer. The customer contributes through their own activities, context, and use of the service.
21What is an incident in ITIL?
An incident is an unplanned interruption to an IT service or a reduction in its quality. The goal of incident management is to restore normal service as quickly as possible to minimise business impact.
22What is the difference between an incident and a problem?
An incident is a single disruption requiring fast restoration. A problem is the underlying cause of one or more incidents. Problem management seeks root cause; incident management restores service quickly.
23What is a known error?
A known error is a problem with a documented root cause and a workaround or permanent fix. It is stored in the Known Error Database (KEDB) to speed future incident resolution.
24What is a workaround?
A workaround is a temporary solution that reduces or eliminates the impact of an incident or problem without fully resolving it. It allows service to be restored while a permanent fix is developed.
25What is the purpose of problem management?
Problem management aims to reduce the likelihood and impact of incidents by identifying root causes and applying permanent fixes. It operates reactively (after incidents) and proactively (preventing future ones).
26What is the major incident process?
Major incidents are high-priority incidents with significant business impact. They trigger a dedicated team, separate communication bridge, executive updates, and a post-incident review (PIR). P1 incidents usually fall into this category.
27What is a post-incident review (PIR)?
A blameless review conducted after a major incident to document the timeline, root cause, impact, and actions taken. Outputs include improvement actions to prevent recurrence and strengthen detection.
28What is incident prioritisation and how is it calculated?
Priority = Impact × Urgency. Impact measures how many users or business processes are affected; urgency measures how quickly service must be restored. Priority drives SLA targets and resource allocation.
29What is the difference between first-line and second-line support?
First-line (L1) handles initial contact, basic troubleshooting, and known fixes. Second-line (L2) handles escalated incidents requiring deeper technical knowledge. Third-line (L3) involves specialists or vendors.
30What is an escalation and what are the two types?
Escalation is the process of involving additional resources when an issue cannot be resolved at the current level. Functional escalation moves to a higher technical tier; hierarchical escalation involves management for priority or authority.
31What is a service request?
A service request is a formal request from a user for something provided as standard — such as a password reset, new laptop, or software installation. Unlike incidents, service requests are pre-approved and do not indicate a failure.
32How does ITIL distinguish between reactive and proactive problem management?
Reactive problem management analyses past incidents to find root causes. Proactive problem management reviews trend data and system health to identify and eliminate potential problems before incidents occur.
33What is the Known Error Database (KEDB)?
The KEDB stores details of known errors — problems where root cause has been identified — along with workarounds. It is consulted during incident management to speed resolution without waiting for a permanent fix.
34What metrics are used in incident management?
Key metrics include: Mean Time to Resolve (MTTR), Mean Time to Acknowledge (MTTA), SLA breach rate, first-call resolution rate, incident volume by category, and reopen rate.
35What is the relationship between incident management and the service desk?
The service desk is the single point of contact between users and IT. It owns incident logging, initial triage, and often first-line resolution. Incident management defines the process; the service desk executes it.
36How many practices are in ITIL 4 and what are the three categories?
ITIL 4 defines 34 practices across three categories: 14 General Management practices (e.g. continual improvement, risk management), 17 Service Management practices (e.g. incident management, change enablement), and 3 Technical Management practices (e.g. deployment management).
37What is the service desk practice in ITIL 4?
The service desk is the single point of contact for capturing demand for incident resolution and service requests. In ITIL 4 it is a practice, not just a function — emphasising people, tools, and communication channels (phone, chat, portal).
38What is monitoring and event management in ITIL 4?
This practice systematically observes services and CIs, and classifies events as informational, warnings, or exceptions. It enables early detection of issues and triggers automated or human responses before users are impacted.
39What is the IT asset management practice?
ITAM manages the lifecycle of all IT assets — hardware, software, licences, and contracts — to ensure they are properly accounted for, used optimally, and disposed of correctly. Supports cost control and compliance.
40What is service level management in ITIL 4?
This practice sets, monitors, and reports on service level targets agreed with business customers. It involves creating SLAs, measuring performance, identifying breaches, and driving improvements through service reviews.
41What is capacity and performance management?
Ensures IT services and infrastructure can meet agreed performance targets at current and forecast demand levels. Involves planning, monitoring utilisation, and tuning systems to avoid performance degradation.
42What is availability management in ITIL 4?
Ensures services are available to meet business needs. Measures uptime against SLA targets, analyses failures, and designs in resilience. Key metrics include MTBF (Mean Time Between Failures) and MTRS (Mean Time to Restore Service).
43What is the information security management practice?
Protects the confidentiality, integrity, and availability of information. Covers policies, risk assessment, access controls, security monitoring, and incident response for security events.
44What is supplier management in ITIL 4?
Manages relationships with third-party suppliers to ensure they deliver agreed value. Involves supplier selection, contract management, performance monitoring, and risk assessment.
45What is relationship management in ITIL 4?
Establishes and nurtures links between the organisation and its stakeholders — customers, users, and partners — to understand their needs, manage expectations, and ensure mutual value.
46What is service continuity management?
Ensures IT services can continue at agreed minimum levels after a disaster. Involves business impact analysis (BIA), risk assessment, recovery plans (DRP/BCP), and regular testing of those plans.
47What is release management in ITIL 4?
Makes new or changed services and features available for use. It packages related changes and manages their deployment lifecycle — from development through testing to production.
48What is the deployment management practice?
Moves new or changed hardware, software, documentation, processes, or any other component to live environments. Distinct from release management — deployment is the technical act of moving components.
49What is service validation and testing?
Ensures new or changed services meet defined requirements before going live. Defines test plans, acceptance criteria, and validation activities to reduce the risk of failed changes.
50What is service design in ITIL?
Service design ensures new or changed services are designed to meet business requirements for utility and warranty. It covers solution design, service level requirements, technology, and transition planning.
51What is the difference between ITIL and ISO 20000?
ITIL is a framework of best practice guidance — voluntary and descriptive. ISO 20000 is an international standard — auditable and certifiable. ISO 20000 aligns closely with ITIL principles but is a formal compliance requirement.
52How does ITIL relate to DevOps?
ITIL 4 was designed to work alongside DevOps. Both share principles like continual improvement, automation, and fast feedback. ITIL 4's practices (e.g. change enablement, deployment management) integrate with DevOps pipelines rather than impede them.
53What is Agile ITSM?
Agile ITSM applies agile principles — iterative delivery, collaboration, and flexibility — to IT service management. It reduces bureaucracy and speeds service improvements by working in sprints and responding to feedback.
54What is the RACI model and how is it used in ITIL?
RACI defines roles: Responsible (does the work), Accountable (owns the outcome), Consulted (provides input), Informed (kept updated). Used in process and practice design to clarify ownership and avoid duplication.
55What is a service owner in ITIL?
A service owner is accountable for the delivery of a specific service across all functions and processes. They represent the service in meetings, manage the service lifecycle, and ensure SLAs are met.
56What is a process owner?
The process owner is accountable for ensuring a process is fit for purpose — properly designed, documented, and producing intended outcomes. Distinct from the process manager who runs day-to-day execution.
57What is shift-left in ITSM?
Shift-left means moving knowledge and resolution capabilities earlier in the support chain — typically to L1 or even end-users via self-service. It reduces escalations, lowers cost, and improves user satisfaction.
58What is knowledge management in ITIL?
Ensures the right information is available to the right people at the right time. Includes maintaining the Service Knowledge Management System (SKMS) and KEDB to improve decision-making and resolution speed.
59What is the Service Knowledge Management System (SKMS)?
The SKMS is the broader repository of all knowledge supporting ITSM — including the CMDB, KEDB, service catalogue, and any documented policies, procedures, or lessons learned.
60What is a service improvement plan (SIP)?
A formal plan to address a shortfall between current and desired service performance. Typically triggered by repeated SLA breaches or service reviews. Includes targets, owners, timelines, and success measures.
61What is mean time between failures (MTBF)?
MTBF measures the average time a service or component operates between failures. A higher MTBF indicates greater reliability. Used in availability management to identify components needing improvement.
62What is a business impact analysis (BIA)?
BIA identifies critical business processes and the impact of IT service disruptions on them. It informs recovery time objectives (RTO) and recovery point objectives (RPO) used in continuity planning.
63What is RTO and RPO?
Recovery Time Objective (RTO) is the maximum acceptable time to restore a service after failure. Recovery Point Objective (RPO) is the maximum acceptable data loss measured in time. Both drive DR and backup strategies.
64What is a service review meeting?
A regular meeting between the service provider and the customer to review SLA performance, outstanding issues, upcoming changes, and improvement plans. Typically monthly, it drives accountability and relationship health.
65What is the purpose of the service desk?
The service desk is the single point of contact for IT users — logging incidents, fulfilling service requests, communicating status, and restoring services quickly. It is the visible face of IT to the business.
66What is change enablement in ITIL 4?
Change enablement (formerly change management) maximises successful changes by ensuring risks are assessed, changes are authorised, and the schedule is managed. It balances speed and risk to support the pace of business.
67What are the three types of changes in ITIL?
1) Standard changes: pre-approved, low risk, well-understood (e.g. password reset). 2) Normal changes: assessed and authorised through the change process. 3) Emergency changes: expedited approval for critical fixes to restore service.
68What is a Change Advisory Board (CAB)?
The CAB is a body that reviews normal changes, assesses risks, and provides authorisation recommendations. Membership varies by change type but typically includes technical leads, business representatives, and service owners.
69What is an Emergency CAB (eCAB)?
The eCAB is a smaller, faster subset of the CAB convened to authorise emergency changes urgently. It reduces bureaucracy while still applying appropriate risk assessment for high-priority fixes.
70What is a post-implementation review (PIR) in change management?
A review conducted after a change is implemented to assess whether it achieved its objectives, caused any unintended side effects, and whether lessons learned should update the change process or documentation.
71What is a forward schedule of change (FSC)?
The FSC is a calendar showing all approved and planned changes and their scheduled implementation windows. It helps coordinate changes, avoid conflicts, and communicate upcoming disruptions to the business.
72What is a remediation plan in change management?
A remediation plan documents how a change will be reversed or its impact mitigated if implementation fails. Required before authorisation of significant changes — ensures there is always a rollback path.
73What is the difference between change management and release management?
Change management governs approval and scheduling of changes. Release management packages and prepares changes for deployment. Deployment management moves them to production. They are distinct but tightly coupled practices.
74What is continuous deployment in the context of ITIL 4?
Continuous deployment is a DevOps practice where every passing build is automatically deployed to production. ITIL 4 accommodates this by enabling automated standard changes and pipeline-integrated approvals.
75How does ITIL define a successful change?
A change is successful if it achieves its intended objectives without unintended disruption, within budget and schedule. Post-implementation review confirms success and captures lessons for future changes.
76How would you handle a situation where ITIL processes are seen as bureaucratic by development teams?
Acknowledge the concern — over-engineered processes impede agility. Audit the process steps for value using the ITIL principle 'keep it simple.' Remove non-value-adding steps, introduce automation, and show developers how lightweight change controls protect everyone. Involve them in redesign.
77How do you measure the maturity of an ITIL implementation?
Use a capability maturity model (e.g. CMMI or ITIL's own maturity levels). Assess each practice against defined criteria: are processes documented, consistently followed, measured, and continuously improved? Gap analysis drives the improvement roadmap.
78What is the difference between outputs and outcomes in ITIL 4?
An output is a tangible or intangible deliverable produced by an activity (e.g. a deployed patch). An outcome is the result that matters to a stakeholder (e.g. a secure system). ITIL 4 shifts focus from managing outputs to achieving outcomes.
79What are value streams in ITIL 4?
Value streams are a series of steps an organisation uses to create and deliver products or services to a consumer. ITIL 4 uses value stream mapping (from Lean) to visualise and optimise the flow of work through the service value chain.
80How would you implement ITIL in an organisation that has no formal ITSM processes?
Start where you are — map current informal practices. Prioritise high-impact quick wins (incident and change management). Gain executive sponsorship. Train staff. Roll out iteratively using the ITIL continual improvement model rather than a big-bang transformation.
81What is the role of automation in ITIL 4?
ITIL 4's guiding principle 'optimise and automate' encourages removing manual effort from repetitive tasks — auto-routing incidents, auto-approving standard changes, and auto-resolving known issues. Automation should follow process optimisation, not precede it.
82How does ITIL 4 support digital transformation?
ITIL 4's SVS, value streams, and guiding principles are designed for digital organisations. It integrates with Agile, DevOps, and Lean, supports cloud-first architectures, and focuses on business value rather than process compliance.
83What is the difference between governance and management in ITIL 4?
Governance directs and controls — setting policy, ensuring accountability, and evaluating performance (the 'govern' activities). Management plans, builds, and runs services day-to-day. Both are part of the SVS but operate at different levels.
84How would you reduce the cost of service desk operations without degrading quality?
Implement shift-left to resolve more at L1; expand self-service and knowledge articles; automate password resets and common requests; use AI/chatbots for first contact. Measure FCR and CSAT to ensure quality does not drop as volume decreases.
85What is a service transition plan?
A plan that describes all the activities, resources, timelines, and risks involved in moving a new or changed service from development into live operation. Covers testing, training, communication, and go-live criteria.
86What is risk management in ITIL 4?
Risk management identifies, assesses, and controls threats and opportunities. In ITIL 4 it is a general management practice that underpins all others — ensuring decisions are made with full awareness of what could go wrong.
87How do you handle an SLA breach?
Acknowledge immediately, notify affected stakeholders, investigate root cause, apply a workaround if possible, document in the incident record, initiate a service improvement plan, and review with the customer in the next service review meeting.
88What is the difference between KPIs and CSFs in ITIL?
A Critical Success Factor (CSF) is a condition that must be met for a process to succeed (e.g. 'all incidents are logged'). A KPI is a measurable indicator of that success (e.g. '100% of incidents logged within 5 minutes').
89How would you justify ITIL investment to senior leadership?
Frame it in business outcomes — reduced downtime, faster incident resolution, lower change failure rates, and improved compliance. Use case studies, benchmark data, and a before/after cost analysis. Align the ITIL roadmap to specific strategic priorities.
90What is the purpose of the CSI register?
The Continual Service Improvement (CSI) register captures all improvement ideas, their priority, owner, progress, and outcomes. It ensures improvements are tracked rather than forgotten, and provides a transparent view of the improvement pipeline.
91What is the 'focus on value' guiding principle in ITIL 4?
Everything the organisation does should link, directly or indirectly, to value for itself, its customers, or other stakeholders. When designing services or processes, always ask: how does this contribute to value? Remove anything that does not.
92What is service portfolio management?
Manages the full portfolio of services — pipeline, catalogue, and retired — to ensure the provider offers the right mix of services at the right investment level. Balances innovation with sustaining existing services.
93How does ITIL handle multi-vendor environments?
Through supplier management, contract management, and OLAs/UCs. ITIL 4 also emphasises ecosystem thinking — recognising that value is co-created across a network of providers. Integration and coordination between vendors is critical.
94What is the purpose of demand management?
Demand management seeks to understand and influence customer demand for services to ensure capacity is available to meet it. It analyses usage patterns and works with capacity management to plan supply.
95What is financial management for IT services?
Ensures IT services are funded appropriately, that costs are understood and controlled, and that value delivered can be demonstrated financially. Includes budgeting, accounting, and charging. Supports investment decisions.
96What is the difference between proactive and reactive CSI?
Reactive CSI addresses identified problems and service failures. Proactive CSI reviews data trends and benchmarks to identify improvement opportunities before performance degrades. Both are needed for a mature improvement culture.
97How do you manage stakeholder expectations in ITSM?
Set clear, realistic SLAs upfront. Communicate proactively during incidents and changes. Hold regular service reviews. Publish performance dashboards. Over-deliver on commitments rather than over-promise. Build trust through transparency.
98What is a service model in ITIL?
A service model shows how service assets interact to deliver the service, including resources, capabilities, and their relationships. It helps visualise dependencies, plan capacity, and assess the impact of changes.
99How does ITIL 4 address AI and machine learning?
ITIL 4 does not prescribe specific technologies but its 'optimise and automate' principle and focus on value creation accommodate AI/ML — for AIOps, predictive monitoring, intelligent incident routing, and automated problem identification.
100What makes a high-performing ITSM organisation?
Comments
Post a Comment