On Thursday 28th October we are carrying out essential upgrades. The website may be unavailable for a period of time starting from 6am BST. We apologise for any inconvenience this may cause you.

Where is risk management in ITIL®?

Pavel Demin

March 2018

All of our White Papers and Case Studies are subject to the following Terms of Use.

The expression “risk management” can be found 245 times in the 2011 ITIL® lifecycle, but there is no description of risk management practices. This paper explores Service Design and Problem management as part of risk management and how risk management is part of Continual Service Improvement (CSI).

To read the rest of this white paper and to get access to all white papers, please log in or create a user profile.

Log in Create user profile
Current rating: 4 (3 ratings)


8 Mar 2018 Jose Plá
Alternate text
What about the Statement of Work and the SLA in the Service Strategy stage?
Doesn't defining the limitations of the propoused service is part of risk management, do not compromise from a begining with more than can be done.
In the Availability and Capacity Mgmt they need to talk to the Change Manager so no more than can be done will be accepted, and this to the Release Manager, and this to the Validation Manager so if it is not validated it will not be released. So make sure we have resources available, then that those resources have the capacity, then plan the change, include the change in the release and validate the work done before it is released.

My main question is the planning in the strategy service, where the initial limitations are set, isn't that also part of risk management?
You must log in to post a comment. Log in