Alert - Warning that an incident has occurred.

Asset - Component of a business process. Assets can include people, accommodation, computer systems, software, networks, paper records, fax machines, etc.

Asset Management – All of the processes involved in managing an organisation's ICT assets.

Availability - Ability of a component or service to perform its required function at a stated instant or over a stated period of time. It is usually expressed as the availability percentage, i.e. the percentage of time that the service is actually available for use by the customers within the agreed service hours.

Availability Management - The process of defining, determining, measuring and improving all aspects of the availability of IT services.

Balanced Scorecard - An aid to organisational Performance Management. It helps to focus, not only on the financial targets but also on the internal processes, customers and learning and growth issues.

Baseline - A snapshot or a position that is recorded. Although the position may be updated later, the baseline remains unchanged and available as a reference of the original state and as a comparison against the current position (PRINCE 2).

Baseline Security - The security level adopted by the ICT organisation for its own security and from the point of view of good 'due diligence'.

BS 15000 - The British Standard for Service Management. This standard provides a comprehensive set of controls comprising best practices in the delivery of managed IT services.

BS 7799 - The British Standard for Information Security Management. This standard provides a comprehensive set of controls comprising best practices in information security.

Budgeting - Budgeting is the process of predicting and controlling the spending of money within the organisation and consists of a periodic negotiation cycle to set budgets (usually annual) and the day-to-day monitoring of current budgets.

Build - The final stage in producing a usable configuration. The process involves taking one or more input Configuration Items and processing them (building them) to create one or more output Configuration Items, e.g. software compile and load.

Business Case - A document examining all of the benefits, options, issues, risks, cost and problems associated with the implementation of a business solution.

Business Function - A business unit within an organisation, e.g. a department, division, branch.

Business Process -A group of business activities undertaken by an organisation in pursuit of a common goal. Typical business processes include receiving orders, marketing services, selling products, delivering services, distributing products, invoicing for services, accounting for money received. A business process usually depends upon several business functions for support, e.g. IT, personnel, accommodation. A business process rarely operates in isolation, i.e. other business processes will depend on it and it will depend on other processes.

Business Recovery Plans - Documents describing the roles, responsibilities and actions necessary to resume business processes following a business disruption.

Business Unit - A segment of the business entity by which revenues are received and expenditure is caused or controlled, such revenues and expenditure being used to evaluate segmental performance.

Category - Classification of a group of Configuration Items, change documents or problems.

Capacity Management - The Service Management process tasked with defining the business requirements for IT capacity, in both business and technical terms, and understanding and presenting the consequences of delivering those volumes of activities through the IT Infrastructure at the right time and at optimal cost.

Change - The addition, modification or removal of approved, supported or baselined hardware, network, software, application, environment, system, desktop build or associated documentation.

Change Advisory Board (CAB) - A group of people who can give expert advice to Change Management on the implementation of changes. This board is likely to be made up of representatives from all areas within ICT and representatives from business units.

Change Authority - A group that is given the authority to approve change, e.g. by the project board. Sometimes referred to as the Configuration Board.

Change Control - The procedure to ensure that all changes are controlled, including the submission, analysis, decision-making, approval, implementation and post implementation of the change.

Change History - Auditable information that records, for example, what was done, when, who did it and why.

Change Log - A log of Requests for change raised during the project, showing information on each change, its evaluation, what decisions have been made and its current status, e.g. Raised, Reviewed, Approved, Implemented, Closed.

Change Management - Process of controlling changes to the infrastructure or any aspect of services, in a controlled manner, enabling approved changes with minimum disruption.

Change Record - A record containing details of which Configuration Items are affected by an authorised change (planned or implemented) and how.

Charging - The process of establishing charges in respect of business units, and raising the relevant invoices for recovery from customers.
 
Classification - A process of formally grouping Configuration Items or changes by type, e.g. software, hardware, or of formally identifying incidents, problems and known errors by origin, symptoms or cause.

Client Access Licence (CAL) - A licence that permits a client (e.g. a workstation) to access software services on a server. Often there will not be any special software on the client PCs, so the use of this type of licence cannot be measured by counting the installed copies of software. The number of licences required may be determined in different ways depending on the software manufacturer's terms and conditions. For example, it may be necessary to count client PCs, or to count the number of total users.  

Compliance - The process of monitoring and enforcing a policy and a set of processes ensuring that there is no non-conformance.

Configuration Baseline (see also Baseline) - Configuration of a product or system established at a specific point in time, which captures both the structure and details of the product or system, and enables that product or system to be rebuilt at a later date.

Configuration Control - Activities comprising the control of changes to Configuration Items after formally establishing the configuration documents. It includes the evaluation, coordination, approval or rejection of changes. The implementation of changes includes changes, deviations and waivers that impact on the configuration.

Configuration Documentation - Documents that define requirements, system design, build, production, and verification for a configuration item.

Configuration Identification - Activities that determine the product structure, the selection of Configuration Items, and the documentation of the Configuration Items' physical and functional characteristics including interfaces and subsequent changes. It includes the allocation of identification characters or numbers to the Configuration Items and their documents. It also includes the unique numbering of configuration control forms associated with changes and problems.
 
Configuration Item (CI) - Component of an infrastructure, or an item, such as a Request for Change, associated with an infrastructure, that is (or is to be) under the control of Configuration Management. CIs may vary widely in complexity, size and type, from an entire system (including all hardware, software and documentation) to a single module or a minor hardware component.

Configuration Management - The process of identifying and defining the Configuration Items in a system, recording and reporting the status of Configuration Items and Requests for Change, and verifying the completeness and correctness of configuration items.

Configuration Management Database (CMDB) - A database that contains all relevant details of each CI and details of the important relationships between CIs.

Configuration Structure - A hierarchy of all the CIs that comprise a configuration.

Continuous Service Improvement Programme - An ongoing formal programme undertaken within an organisation to identify and introduce measurable improvements within a specified work area or work process.

Control Objectives for Information and Related Technology (COBIT®) - Copyright 1996, 1998, 2000, The IT Governance Institute™. Provides guidance and good practices for the management of IT processes.

Cost -The amount of expenditure (actual or notional) incurred on, or attributable to, a specific activity or business unit.

Cost-Benefit Analysis (CBA) - An activity designed to analyse and compare the costs and the benefits involved in a certain course of action to determine its feasibility (see also Feasibility Study).

Cost-Effective - Ensuring that there is a proper balance between the quality of service on the one side and expenditure on the other. Any investment that increases the costs of providing ICT services should always result in enhancement to service quality or quantity.

Cost of Failure - A technique used to evaluate and measure the cost of failed actions and activities. It can be measured as a total within a period or an average per failure. An example would be 'the cost of failed changes per month' or 'the average cost of a failed change'.

Costing - The process of identifying the costs of the business and of breaking them down and relating them to the various activities of the organisation.

Countermeasure - A check or restraint on the service designed to enhance security by reducing the risk of an attack (by reducing either the threat or the vulnerability), reducing the impact of an attack, detecting the occurrence of an attack and/or assisting in the recovery from an attack.

Crisis Management - The processes by which an organisation manages the wider impact of a disaster, such as adverse media coverage.

Critical Success Factor (CSF) - A measure of success or maturity of a project or process. It can be a state, a deliverable or a milestone. An example of a CSF would be 'the production of an overall technology strategy'.

Customer - Recipient of the service, usually the customer management has responsibility for the cost of the service, either directly through charging or indirectly in terms of demonstrable business need

Customer-Managed Use (CMU) - The concept of customers managing their own use of licences, as opposed to the concept of Vendor-Managed Use (VMU).
 

Definitive Software Library (DSL) - The library in which the definitive authorised versions of all software CIs are stored and protected. It is a physical library or storage repository where master copies of software versions are placed, as well as other 'physical' assets such as proof of licence. This one logical storage area may in reality consist of one or more physical software libraries or file stores.

Dependency - The reliance, either direct or indirect, of one process or activity upon another.

Depreciation - The loss in value of an asset due to its use and/or the passage of time. The annual depreciation charge in accounts represents the amount of capital assets used up in the accounting period. It is charged in the cost accounts to ensure that the cost of capital equipment is reflected in the unit costs of the services provided using the equipment. There are various methods of calculating depreciation for the period, but the Treasury usually recommends the use of current cost asset valuation as the basis for the depreciation charge.

Disaster Recovery Planning - A series of processes that focus only upon the recovery processes, principally in response to physical disasters, which are contained within BCM.

Downtime - Total period that a service or component is not operational, within agreed service times
 

End User - See 'User'.

Environment - A collection of hardware, software, network communications and procedures that work together to provide a discrete type of computer service. There may be one or more environments on a physical platform, e.g. test or production. An environment has unique features and characteristics that dictate how it is administered in similar yet diverse manners.

External Target - One of the measures against which a delivered ICT service is compared, expressed in terms of the customer’s business.
 

Feasibility Study - An activity designed to assess the feasibility of a certain course of action to determine its value to the business (see also Cost-Benefit Analysis).

Financial Management - All the procedures, tasks and deliverables that are needed to fulfil an organisation's budgeting, accounting and charging requirements.

Financial Year - An accounting period covering 12 consecutive months. In the public sector, this financial year generally coincides with the fiscal year, which runs from 1 April to 31 March.
 

ICT Infrastructure - The sum of an organisation's ICT-related hardware, software, data telecommunication facilities, procedures and documentation.

ICT Service - A described set of facilities, ICT and non-ICT, supported by the IT service provider, that fulfils one or more needs of the customer and that is perceived by the customer as a coherent whole.
 
Impact - Measure of the business criticality of an incident. Often equal to the extent to which an incident leads to distortion of agreed or expected service levels.

Incident - Any event which is not part of the standard operation of a service and which causes, or may cause, an interruption to, or a reduction in, the quality of that service.

Incident Management - The process of managing all unexpected operational events with the primary objective of restoring service to customers as quickly as possible.

Information and Communications Technologies (ICT) - The convergence of Information Technology, Telecommunications and Data Networking Technologies into a single technology.

Internal Target - One of the measures against which supporting processes for the ICT service is compared. Usually expressed in technical terms relating directly to the underpinning service being measured.

IS0 9001 - The internationally accepted set of standards concerning Quality Management systems.

ISO 19770-1 - ISO 19770-1 is an ISO (International Standards Organisation) standard that is aligned to the IT Infrastructure Library (ITIL) owned by the UK Government as represented by the Office of Government Commerce (OGC). It is based on ITIL’s ‘Guide to Best Practice for Software Asset Management’.

IT Accounting - The set of processes that enable the IT organisation to account fully for the way money is spent (particularly the ability to identify costs by customer, service and activity).

IT Directorate - That part of an organisation charged with developing and delivering the ICT services.

ITIL - ITIL (IT Infrastructure Library) is the most widely accepted approach to IT service management in the world. ITIL provides a cohesive set of best practices, drawn from the public and private sectors internationally. It is supported by a comprehensive qualifications scheme, accredited training organisations, and implementation and assessment tools.

IT Service Continuity Management - The process of assessing and managing risks to IT services by examining CI values, threats and vulnerabilities, developing appropriate countermeasures, creating an IT Services Continuity Plan and managing any disasters that occur.

IT Service Provider - The role of IT service provider is performed by any organisational units, whether internal or external, that deliver and support IT services to a customer.

IT Infrastructure Library (ITIL) - The OGC IT Infrastructure Library is a set of guides providing proven best practices, derived from user and vendor experts in both the private and public sectors, worldwide. Accepted as the defacto standard for ITSM processes.
 

Key Performance Indicator (KPI) - A measurable quantity against which specific performance criteria can he set when drawing up the SLA.

Key Success Indicator - A measurement of success or maturity of a project or process (see CSF).

Known Error - An incident or problem for which the root cause is known and for which a temporary work-around or a permanent alternative has been identified. If a business case exists, an RFC will be raised, but, in any event, it remains a known error unless it is permanently fixed by a change.
 

Novation - The formal process of substituting legal obligations, e.g. changing one party to a contract for another when the original party has gone out of legal existence to be replaced by a new one.

Operational Costs - Those costs resulting from the day-to-day running of the ICT Services section, e.g. staff costs, hardware maintenance and electricity, and relating to repeating payments whose effects can be measured within a short timeframe, usually less than the 12-month financial year.

Operational Level Agreement (OLA) - An internal agreement covering the delivery of services which supports the ICT organisation in their delivery of services.

Operations - All activities and measures to enable and/or maintain the intended use of the ICT infrastructure.

Organisational Culture - The whole of the ideas, corporate values, beliefs, practices, expectations about behaviour and daily customs that are shared by the employees in an organisation.

Outsourcing - The process by which functions performed by the organisation are contracted out for operation, on the organisation's behalf, by third parties.
 

PD0005 - Alternative title for the BSI publication ‘IT Service Management: A Manager's Guide’.

Performance Criteria - The expected levels of achievement, which are set within the SLA against specific Key Performance Indicators.

PRINCE2 - The standard UK Government method for Project Management

Priority - Sequence in which an incident or problem needs to be resolved, based on impact and urgency.

Problem - Unknown underlying cause of one or more incidents.

Problem Management - Process that minimises the effect on customers of defects in services and within the infrastructure, human errors and external events.

Process(es) - A connected series of actions, activities, changes, etc. performed by agents with the intent of satisfying a purpose or achieving a goal.

Process Control - The process of planning and regulating, with the objective of performing the process in an effective and efficient way.

Programme - A collection of activities and projects that collectively implement a new corporate requirement or function.

Provider - The organisation concerned with the provision of ICT services.
 

Release - A collection of new and/or changed CIs, which are tested and introduced into the live environment together.

Release Management - The process of planning, designing, building, configuring and testing hardware and software releases and planning, scheduling and implementing the controlled roll-out of authorised releases

Request for Change (RFC) - Form, or screen, used to record details of a request for a change to any CI within an infrastructure or to procedures and items associated with the infrastructure.

Resolution - Action that will resolve an incident. This may be a work-around.

Resources - The ICT Services section needs to provide the customers with the required services. The resources are typically computer and related equipment, software, facilities or organisational (people).

Return on Investment (ROI) - The ratio of the cost of implementing a project, product or service and the savings as a result of completing the activity in terms of either internal savings, increased external revenue or a combination of the two. For instance, in simplistic terms, if the internal cost of ICT cabling of office moves is £100,000 per annum and a structured cabling system can he installed for £300,000, then an ROI will be achieved after approximately three years.

Risk - A measure of the exposure to which an organisation may be subjected. This is a combination of the likelihood of a business disruption occurring and the possible loss that may result from such business disruption.

Risk Analysis - The identification and assessment of the level (measure) of the risks calculated from the assessed values of assets and the assessed levels of threats to, and vulnerabilities of, those assets.

Risk Management - The identification, selection and adoption of countermeasures justified by the identified risks to assets in terms of their potential impact upon services if failure occurs, and the reduction of those risks to an acceptable level.

Risk Reduction Measures - Measures taken to reduce the likelihood or consequences of a business disruption occurring (as opposed to planning to recover after a disruption).

Role - A set of responsibilities, activities and authorisations.
 

SAM - Software Asset Management (SAM) is all of the infrastructure and processes necessary for the effective management, control and protection of the software assets within an organisation, throughout all stages of their lifecycle.

SAM Database - A database set containing all of the necessary information to support the effective operation of all SAM processes and the management of all software assets. It could form part of an overall CMDB

Security Management - The process of managing a defined level of security of information and services.

Security Manager - The Security Manager is responsible for the Security Management process in the service provider organisation. The person is responsible for fulfilling the security demands as specified in the SLA, either directly or through delegation by the Service Level Manager. The Security Officer and the Security Manager work closely together.

Security Officer - The Security Officer is responsible for assessing the business risks and setting the security policy. As such, this role is the counterpart of the Security Manager and resides in the customer's business organisation. The Security Officer and the Security Manager work closely together.

Service - One or more ICT systems that enable a business process.

Service Achievement - The actual service levels delivered by the ICT organisation to a customer within a defined lifespan.

Service Catalogue - Written statement of ICT services, default levels and options.

Service Desk - The single point of contact within the ICT organisation for users of ICT services.

Service Improvement Programme (SIP) - A formal project undertaken within an organisation to identify and introduce measurable improvements within a specified work area or work process.

Service Level - The expression of an aspect of a service in definitive and quantifiable terms.

Service Level Agreement (SLA) - Written agreement between a service provider and the customer(s) that documents agreed service levels for a service.

Service Level Management (SLM) - The process of defining, agreeing, documenting and managing the levels of customer ICT service that are required and cost-justified.

Service Level Requirement (SLR) - An agreement jointly produced by a service provider and customer(s) that documents the proposed service levels and responsibilities for an intended new or changed service.

Service Management - Management of Services to meet the customer's requirements.

Service Provider -Third-party organisation supplying services or products to customers.

Service Quality Plan - The written plan and specification of internal targets designed to guarantee the agreed service levels.

Service Request - Every incident not being a failure in the ICT Infrastructure.

Services - The deliverables of the ICT Services organisation as perceived by the customers. The services do not consist merely of making computer resources available for customers to use.

Software Asset Management (SAM) - All of the infrastructure and process necessary for the effective management, control and protection of the software assets within an organisation, throughout all stages of their lifecycle.

Software Auditing - Software auditing is the process of discovering (usually via a software discovery tool such as Dashboard Discovery™) what software assets are loaded and therefore available for use on the hard drives of all PCs, laptops and servers within an organisation.

Software Configuration Item (SCI) - As 'Configuration Item', excluding hardware and services.

Software Environment - Software used to support the application such as operating system, database management system, development tools, compilers, and application software.

Software Library - A controlled collection of SCIs designated to keep those with like status and type together and segregated from unlike, to aid in development, operation and maintenance.

Software License Compliance - Software License Compliance is the process of ensuring that an organisation complies with the terms of its software licence agreements. In short, it means the organisation is only using software that it has purchased a licence for and thus has the rights to use.

Software Work Unit - Software work is a generic term devised to represent a common base on which all calculations for workload usage and ICT resource capacity are then based. A unit of software work for I/O type equipment equals the number of bytes transferred, and for central processors it is based on the product of power and CPU-time.

Stakeholder - Any individual or group who has an interest, or 'stake', in the ICT service organisation.

Stand-By Arrangements - Arrangements to have available assets, which have been identified as replacements should primary assets be unavailable, following a business disruption. Typically, these include accommodation, ICT systems and networks, telecommunications and sometimes people.

Statement of Requirements (SoR) - A document detailing all of the requirements for a new or revised business process.

Storage Occupancy - A defined measurement unit that is used for storage type equipment to measure usage. The unit value equals the number of bytes stored.

System - An integrated composite that consists of one or more of the processes, hardware, software, facilities and people, providing a capability to satisfy a stated need or objective. 

Third-Party Supplier - An enterprise or group, external to the customer's enterprise, which provides services and/or products to that customer's enterprise.

Threat - An indication of an unwanted incident that could impinge on the system in some way. Threats may be deliberate (e.g. wilful damage) or accidental (e.g. operator error).

Total Cost of Ownership (TCO) - Calculated including depreciation, maintenance, staff costs, accommodation and planned renewal. 

Underpinning Contract - A contract with an external supplier covering delivery of services that support the ICT organisation.

Unit Costs - Costs distributed over individual component usage. For example, it can be assumed that, if a box of paper with 1,000 sheets costs £10, then each sheet costs lp. Similarly if a CPU costs £I million a year and it is used to process 1,000 jobs that year, each job costs on average £1,000.
 
Urgency - Measure of the business criticality of an incident or problem based on the impact and on the business needs of the customer.

User - The person who uses the service on a day-to-day basis.
 

Vendor-Managed Use (VMU) - The concept of vendors (i.e. software manufacturers) managing customers' use of licences, as opposed to the concept of Customer-Managed Use (CMC).

Version – An identified instance of a Configuration Item within a product breakdown structure or configuration structure for the purpose of tracking and auditing change history.  Also used for Software Configuration Items to define a specific identification released in development for drafting, review or modification test or production.

Version Identifier - A version number, version date or version date and time stamp.

Vulnerability - A weakness of the system and its assets which could be exploited by threats.