When it comes to IT standards, the ITIL (formerly an acronym for Information Technology Infrastructure Library) framework is different from regulatory standards such as the Payment Card Industry Data Security Standard and HIPAA. While those standards require organizations to demonstrate compliance or risk harsh consequences such as fines, the ITIL framework is a voluntary set of best practices for organizations to follow to ensure that they’re aligning their IT services with the needs of the business. It’s both nonprescriptive and nonproprietary.

ITIL 4, the first major update of the framework since 2007, largely emphasizes the same values and priorities as previous versions. However, ITIL 4 was designed to keep up with recent trends in software development and IT operations. Because of this, it’s important for IT leaders to familiarize themselves with this new version, and to consider any changes they might want to make in their own operations to keep pace with industry best practices.

Learn how CDW can help you manage your IT environment for success now and in the future.

Here are four of the most significant changes to the ITIL framework:

Information Security and Identity Management

While ITIL 3 did address access management as an important component of IT security, it was largely silent about identity management. By contrast, ITIL 4 emphasizes identity and access management (IAM) solutions and practices as essential parts of cybersecurity strategies — reflecting the current reality of what organizations need to do to keep their systems and data safe from cybercriminals. In the decade-plus since ITIL 3 was published, social engineering attacks (such as phishing) designed to steal user credentials have boomed. By addressing IAM, ITIL 4 encourages organizations to do everything possible to ensure that only authorized users are granted access to sensitive information.

Measurement and Reporting

ITIL 4 has a greater focus on measuring and reporting service-level objectives than ITIL 3 did. This includes tracking metrics on things such as uptime, the percentage of tickets closed within a certain time frame and other measurable outcomes provided by an IT service management division or partner. This change represents a maturity in the industry, where using data to evaluate and improve IT service management has become the norm.

Organizational Change Management

Earlier versions of ITIL simply didn’t address the human component of major changes within an IT ecosystem. The updates in ITIL 4 rectify this omission, with the new version of the framework emphasizing management techniques and capabilities (rather than simply minimizing risk from changes to the operating environment). Anyone who has introduced major changes within an IT shop knows that these changes can create the need for new training programs, and even cause some employees to worry about the security of their jobs. It’s important that the new ITIL framework takes this human element into account.

Co-Creation of Value

Previous versions of ITIL described IT service management organizations “delivering value” to their clients. In the latest update, this language has been changed to “value co-creation.” This notable change acknowledges that IT service management organizations work in close collaboration with their clients. Even if a firm offers the best possible services, outcomes may not be optimal if the client lacks strong internal change management. For an IT service management engagement to be truly successful, both parties need to work together to create value. That’s exactly the sort of experience we seek to facilitate with our IT service management engagements at CDW.