Glossary

The ability of an organization, person, process, application, configuration item, or IT service to carry out an activity. Capabilities are distinct from resources (which are consumable assets).

A Content Delivery Network (CDN) is a geographically distributed group of servers which work together to provide fast delivery of Internet content. A CDN allows for the quick transfer of assets needed for loading Internet content including HTML pages, javascript files, stylesheets, images, and videos.

A Certificate Authority (CA) is a trusted entity that issues digital certificates, which certify the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or on assertions made about the private key that corresponds to the certified public key.

The addition, modification, or removal of anything that could have an effect on IT services. The scope should include changes to all architectures, processes, tools, metrics, and documentation, as well as changes to IT services and other configuration items.

A person or group who authorizes a change. The change authority is assigned for each type of change and should ensure that change enablement is efficient and effective.

The practice of ensuring that risks are properly assessed, authorizing changes to proceed, and managing a change schedule in order to maximize the number of successful service and product changes. Note: ITIL 4 renamed "Change Management" to "Change Control" (and later "Change Enablement") to emphasize the broader scope.

A repeatable approach to the management of a particular type of change. Change models define the specific workflow, authorization, and roles required for specific categories of changes (e.g., standard, normal, emergency).

A calendar that contains details of all planned changes. It is used to plan changes, identify potential conflicts, and communicate planned maintenance windows to stakeholders.

The activity that decides how much to charge the customer for the services provided. This can be based on cost recovery, market rates, or other pricing policies.

A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Instructions for a computer, typically written in a programming language, that are compiled or interpreted to perform specific tasks. Code is the raw material of software applications and infrastructure definitions.

The act of ensuring that an organization follows the laws, regulations, standards, and ethical practices that apply to it. In IT, this includes GDPR, HIPAA, SOC2, PCI-DSS, and internal policies.

A security principle that ensures information is not made available or disclosed to unauthorized individuals, entities, or processes. It is one of the three pillars of the CIA Triad (Confidentiality, Integrity, Availability).

The specific arrangement of system elements and their settings. In IT, it refers to the detailed parameters (hardware, software, network) that define how a system functions.

Any component that needs to be managed in order to deliver an IT service. CIs typically include IT services, hardware, software, buildings, people, and formal documentation such as process documentation and Service Level Agreements (SLAs).

A database used to store configuration records throughout their lifecycle. The CMDB maintains the relationships between configuration items (CIs).

A set of tools and databases that are used to manage an IT service provider's configuration data. The CMS also includes information about incidents, problems, known errors, changes, and releases. A CMS may include one or more CMDBs.

A record containing the details of a configuration item (CI). Each configuration record documents the lifecycle of a single CI.

A standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another. Containers leverage operating system-level virtualization to share the OS kernel while keeping processes isolated.

A software application or set of related programs that are used to create and manage digital content. CMSs are typically used for enterprise content management (ECM) and web content management (WCM).

The practice of aligning an organization's practices and services with changing business needs through the ongoing improvement of products, services, and practices, or any element involved in the management of products and services.

A software development practice where every code change that passes the automated testing phase is automatically deployed to production. There is no manual intervention in the release process.

**Continuous Integration (CI)**: The practice of merging all developers' working copies to a shared mainline several times a day. **Continuous Delivery (CD)**: The practice where code changes are automatically prepared for a release to production. Together, they form the "CI/CD Pipeline".

The means of managing a risk, ensuring that a business objective is achieved, or that a process is followed. Controls may be administrative (policies), physical (locks), or technical (firewalls).

The amount of money spent on a specific activity, IT service, or business unit. Costs consist of real costs (money paid to third parties) and notional costs (internal cross-charging).

A business unit or department that is budgeted to spend money but does not directly generate revenue. IT departments are traditionally viewed as cost centers.

A set of shared values and behavioral norms that control the interactions between members of an organization and with those outside the organization. It is "how we do things around here."

A person who defines the requirements for a service and takes responsibility for the outcomes of service consumption. The customer is the entity that pays for the service (either financially or via budget allocation).

The sum of functional and emotional interactions with a service provider as perceived by a service consumer. It encompasses the entire journey, from initial awareness to support and offboarding.