Defining Policies, Processes and Procedures

Policies describe the organisation’s guidelines and expectations for a particular area. They are effectively “what” should be done.

Processes describe the flow of activities for a particular area. They explain “how” it should be done.

Procedures describe detailed steps for a particular area. They also explain “how” things should be done. The term could be used interchangeably with processes.

In this section we focus on processes and procedures only as they are more operational. Policies are defined at an organisation level. We use processes generally to describe ITIL related processes (Incident, Request, Problem, Change, etc) and procedures to refer to others.

Service Management Processes

Incident management

Incident: An unplanned interruption to a service or reduction in the quality of a service.

Incident Management: The process responsible for managing the lifecycle of all Incidents. The purpose of the incident management process is to minimise the negative impact of incidents by restoring normal service operation as quickly as possible.

Objective: To restore service operation within agreed timescales and with minimum disruption to the business. This may involve providing a workaround while a Problem is investigated and a fix developed. The agreed timescales for service response and restoration are defined in a Service Level Agreement.

Major incident management

Major Incident: An unplanned interruption or risk of interruption of a critical service.

Major Incident Management: The process responsible for managing Severity 1 and Severity 2 incidents based on their impact to business operations.


  • To resolve Major Incidents as quickly as possible by restoring the affected services to normal operation (or as close as possible to it) either via a workaround or a permanent fix.

  • To ensure frequent and clear communications with relevant stakeholders and management.

Service Request Management

Service Request: A request from a user or a user’s authorised representative that initiates a service action which has been agreed as a normal part of service delivery.

Service Request Management: The process responsible for managing the lifecycle of all service requests. The purpose of the service request management process is to support the agreed quality of a service by handling all pre-defined, user-initiated service requests in an effective and user-friendly manner.

Objective: To execute Service Requests within agreed timescales as defined in a Service Level Agreement.

Change management

Change: The addition, modification, or removal of anything that could have a direct or indirect effect on services

Change management: The process responsible for managing the lifecycle of all changes to services in the production environment

Objective: To enable beneficial changes to be made to the production environment with minimum disruption to technology services

Release management

Release: A version of a service or other configuration item, or a collection of configuration items, that is made available for use

Release management: The process that manages making new and changed services and features available for use. Release management plans, schedules and controls the build, test and deployment of releases.

Objective: To deliver new service functionality and fixes to issues while protecting the integrity of existing services through planning and controlling the build, test and deployment phases. A release is deployed via the Change Management process.

Problem management

Problem: A cause, or potential cause of one or more incidents

Problem Management: The purpose of the problem management process is to reduce the likelihood and impact of incidents by identifying actual and potential causes of incidents and managing workarounds and known errors. Problem Management includes all activities needed to diagnose the root cause of Incidents and initiates the submission of any necessary Changes to resolve those Problems

Objective:  To prevent the occurrence of Incidents and to minimise the impact of Incidents that could not be prevented from materialising

Service Onboarding

Service Onboarding: The process of making new and changed services and features available for use, aligned with agreed processes and support model. Service Onboarding commences after the completion Testing & UAT. This process describes the onboarding of the service into the technology support model. The Release Management process will describe the Service deployment activities

Objective: To bring IT services into the IT Support model that meet SLAs and stakeholder expectations

Technology Asset management

Technology Asset: Any financially valuable component that can contribute to the delivery of a technology service. Common technology assets include: laptops, monitors, servers, displays/TVs, phones, network equipment, IoT sensors, software and databases.

Technology Asset management: The act of ensuring an organisation’s technology assets are accounted for, deployed, maintained, upgraded, and disposed of when needed

Objective: To optimise the value, control costs, manage risks, support decision-making and ensure the best return on investment for organisation assets.

In general technology asset management is focused on tracking assets with financial value whereas configuration management is focused on tracking assets or components involved in the delivery of a service and their relationships

Configuration management

Configuration Item (CI): Technology assets that form part of a technology service. Examples include: Laptops, servers, virtual machines, software, network equipment, databases

Configuration management: The act of ensuring that the technology assets required to deliver services (i.e configuration items) are properly controlled and reliable information about those CI’s is available. This information includes how they are configured and the relationships between them.

Objective: To make accurate information available on the configuration items used in services. To keep configuration databases up to date and support other key processes such as Incident, Request, Change and Problem Management.

Other relevant procedures


Relevant procedures

(will depend on the specific project)

Spectrum management

Spectrum licensing period

Spectrum terms and conditions

Spectrum approval and use of wireless devices

Spectrum interference resolution

Spectrum test and tag

Non-compliant devices management & reporting


Radio distribution

Radio loss and damage

Radio handling and charging

Infrastructure management

Backup & restore procedure


Fixed telephone / mobile device allocation

WiFi usage

Cyber Security

To be defined by Cyber Security team

Venue Technology management

TER/CCF acceptance

Technology space handover

TER shutdown / startup

Venue spares management


Shift handover

Start of shift / end of shift tasks

Workforce management

Technology Support

Manual call logging

Spare / replacement equipment

Lost, damaged, stolen equipment

Other Service Management

Service Continuity Plan

Disaster Recovery Plan

Access rights management

Monitoring and event management

Crisis Communications 

Protection of technology assets