General Terms Flashcards
acceptance
Formal agreement that an IT service, process, plan or other deliverable is complete, accurate, reliable and meets its specified requirements.
Acceptance is usually preceded by change evaluation or testing and is often required before proceeding to the next stage of a project or process. See also service acceptance criteria.
accredited
Officially authorized to carry out a role. For example, an accredited body may be authorized to provide training or to conduct audits.
activity
A set of actions designed to achieve a particular result. Activities are usually defined as part of processes or plans, and are documented in procedures.
agreement
A document that describes a formal understanding between two or more parties. An agreement is not legally binding, unless it forms part of a contract. See also operational level agreement; service level agreement.
application
Software that provides functions which are required by an IT service. Each application may be part of more than one IT service. An application runs on one or more servers or clients. See also application management; application portfolio.
assessment
Inspection and analysis to check whether a standard or set of guidelines is being followed, that records are accurate, or that efficiency and effectiveness targets are being met. See also audit.
audit
Formal inspection and verification to check whether a standard or set of guidelines is being followed, that records are accurate, or that efficiency and effectiveness targets are being met. An audit may be carried out by internal or external groups. See also assessment; certification.
authority matrix
See RACI.
Best Management Practice (BMP)
The Best Management Practice portfolio is owned by the Cabinet Office, part of HM Government. Formerly owned by CCTA and then OGC, the BMP functions moved to the Cabinet Office in June 2010. The BMP portfolio includes guidance on IT service management and project, program, risk, portfolio and value management. There is also a management maturity model as well as related glossaries of terms.
best practice
Proven activities or processes that have been successfully used by multiple organizations. ITIL is an example of best practice.
British Standards Institution (BSI)
The UK national standards body, responsible for creating and maintaining British standards. See www.bsi-global.com for more information. See also International Organization for Standardization.
budget
A list of all the money an organization or business unit plans to receive, and plans to pay out, over a specified period of time. See also budgeting; planning.
budgeting
The activity of predicting and controlling the spending of money. Budgeting consists of a periodic negotiation cycle to set future budgets (usually annual) and the day-to-day monitoring and adjusting of current budgets.
business process
A process that is owned and carried out by the business. A business process contributes to the delivery of a product or service to a business customer. For example, a retailer may have a purchasing process that helps to deliver services to its business customers. Many business processes rely on IT services.
business service
A service that is delivered to business customers by business units. For example, delivery of financial services to customers of a bank, or goods to the customers of a retail store. Successful delivery of business services often depends on one or more IT services. A business service may consist almost entirely of an IT service – for example, an online banking service or an external website where product orders can be placed by business customers. See also customer-facing service.
business service management
The management of business services delivered to business customers. Business service management is performed by business units.
capital expenditure (CAPEX)
See capital cost.
category
A named group of things that have something in common. Categories are used to group similar things together. For example, cost types are used to group similar types of cost. Incident categories are used to group similar types of incident, while CI types are used to group similar types of configuration item.
certification
Issuing a certificate to confirm compliance to a standard. Certification includes a formal audit by an independent and accredited body. The term is also used to mean awarding a certificate to provide evidence that a person has achieved a qualification.
change request
See request for change.
classification
The act of assigning a category to something. Classification is used to ensure consistent management and reporting. Configuration items, incidents, problems, changes etc. are usually classified.
client
A generic term that means a customer, the business or a business customer. For example, client manager may be used as a synonym for business relationship manager. The term is also used to mean: A computer that is used directly by a user – for example, a PC, a handheld computer or a work station The part of a client server application that the user directly interfaces with – for example, an email client.
concurrency
A measure of the number of users engaged in the same operation at the same time.
configuration management
See service asset and configuration management.
contract
A legally binding agreement between two or more parties.
control
A means of managing a risk, ensuring that a business objective is achieved or that a process is followed. Examples of control include policies, procedures, roles, RAID, door locks etc. A control is sometimes called a countermeasure or safeguard. Control also means to manage the utilization or behavior of a configuration item, system or IT service.
Control OBjectives for Information and related Technology
See COBIT.
control processes
The ISO/IEC 20000 process group that includes change management and configuration management.
cost
The amount of money spent on a specific activity, IT service or business unit. Costs consist of real cost (money), notional cost (such as people’s time) and depreciation.
cost benefit analysis
An activity that analyses and compares the costs and the benefits involved in one or more alternative courses of action. See also business case; internal rate of return; net present value; return on investment; value on investment.
cost effectiveness
A measure of the balance between the effectiveness and cost of a service, process or activity. A cost-effective process is one that achieves its objectives at minimum cost. See also key performance indicator; return on investment; value for money.
countermeasure
Can be used to refer to any type of control. The term is most often used when referring to measures that increase resilience, fault tolerance or reliability of an IT service.
course corrections
Changes made to a plan or activity that has already started to ensure that it will meet its objectives. Course corrections are made as a result of monitoring progress.
crisis management
Crisis management is the process responsible for managing the wider implications of business continuity. A crisis management team is responsible for strategic issues such as managing media relations and shareholder confidence, and decides when to invoke business continuity plans.
critical success factor (CSF)
Something that must happen if an IT service, process, plan, project or other activity is to succeed. Key performance indicators are used to measure the achievement of each critical success factor. For example, a critical success factor of ‘protect IT services when making changes’ could be measured by key performance indicators such as ‘percentage reduction of unsuccessful changes’, ‘percentage reduction in changes causing incidents’ etc.
culture
A set of values that is shared by a group of people, including expectations about how people should behave, their ideas, beliefs and practices. See also vision.
customer
Someone who buys goods or services. The customer of an IT service provider is the person or group who defines and agrees the service level targets. The term is also sometimes used informally to mean user – for example, ‘This is a customer-focused organization.’
customer asset
Any resource or capability of a customer. See also asset.
deliverable
Something that must be provided to meet a commitment in a service level agreement or a contract. It is also used in a more informal way to mean a planned output of any process.
Deming Cycle
See Plan-Do-Check-Act.
dependency
The direct or indirect reliance of one process or activity on another.
differential charging
A technique used to support demand management by charging different amounts for the same function of an IT service under different circumstances. For example, reduced charges outside peak times, or increased charges for users who exceed a bandwidth allocation.
document
Information in readable form. A document may be paper or electronic – for example, a policy statement, service level agreement, incident record or diagram of a computer room layout. See also record.
driver
Something that influences strategy, objectives or requirements – for example, new legislation or the actions of competitors.
estimation
The use of experience to provide an approximate value for a metric or cost. Estimation is also used in capacity and availability management as the cheapest and least accurate modeling method.
exception report
A document containing details of one or more key performance indicators or other important targets that have exceeded defined thresholds. Examples include service level agreement targets being missed or about to be missed, and a performance metric indicating a potential capacity problem.
excitement attribute
See excitement factor.
external customer
A customer who works for a different business from the IT service provider. See also external service provider; internal customer.
external metric
A metric that is used to measure the delivery of IT service to a customer. External metrics are usually defined in service level agreements and reported to customers. See also internal metric.
fault
See error.
fishbone diagram
See Ishikawa diagram.
fulfillment
Performing activities to meet a need or requirement – for example, by providing a new IT service, or meeting a service request.
function
A team or group of people and the tools or other resources they use to carry out one or more processes or activities – for example, the service desk. The term also has two other meanings: An intended purpose of a configuration item, person, team, process or IT service. For example, one function of an email service may be to store and forward outgoing mails, while the function of a business process may be to dispatch goods to customers. To perform the intended purpose correctly, as in ‘The computer is functioning.’
governance
Ensures that policies and strategy are actually implemented, and that required processes are correctly followed. Governance includes defining roles and responsibilities, measuring and reporting, and taking actions to resolve any issues identified.
guideline
A document describing best practice, which recommends what should be done. Compliance with a guideline is not normally enforced. See also standard.
hot standby
See fast recovery; immediate recovery.
information system
See management information system.
information technology (IT)
The use of technology for the storage, communication or processing of information. The technology typically includes computers, telecommunications, applications and other software. The information may include business data, voice, images, video etc. Information technology is often used to support business processes through IT services.
infrastructure service
A type of supporting service that provides hardware, network or other data center components. The term is also used as a synonym for supporting service.
internal customer
A customer who works for the same business as the IT service provider. See also external customer; internal service provider.
internal metric
A metric that is used within the IT service provider to monitor the efficiency, effectiveness or cost effectiveness of the IT service provider’s internal processes. Internal metrics are not normally reported to the customer of the IT service. See also external metric.
International Organization for Standardization (ISO)
The International Organization for Standardization (ISO) is the world’s largest developer of standards. ISO is a nongovernmental organization that is a network of the national standards institutes of 156 countries. See www.iso.org for further information about ISO.
International Standards Organization
See International Organization for Standardization.
internet service provider (ISP)
An external service provider that provides access to the internet. Most ISPs also provide other IT services such as web hosting.
ISO 9000
A generic term that refers to a number of international standards and guidelines for quality management systems. See www.iso.org for more information. See also International Organization for Standardization.
ISO 9001
An international standard for quality management systems. See also ISO 9000; standard.
ISO/IEC 20000
An international standard for IT service management.
IT accounting
See accounting.
IT infrastructure
All of the hardware, software, networks, facilities etc. that are required to develop, test, deliver, monitor, control or support applications and IT services. The term includes all of the information technology but not the associated people, processes and documentation.
IT service
A service provided by an IT service provider. An IT service is made up of a combination of information technology, people and processes. A customer-facing IT service directly supports the business processes of one or more customers and its service level targets should be defined in a service level agreement. Other IT services, called supporting services, are not directly used by the business but are required by the service provider to deliver customer-facing services. See also core service; enabling service; enhancing service; service; service package.
IT service management (ITSM)
The implementation and management of quality IT services that meet the needs of the business. IT service management is performed by IT service providers through an appropriate mix of people, process and information technology. See also service management.
IT Service Management Forum (itSMF)
The IT Service Management Forum is an independent organization dedicated to promoting a professional approach to IT service management. The itSMF is a not-for-profit membership organization with representation in many countries around the world (itSMF chapters). The itSMF and its membership contribute to the development of ITIL and associated IT service management standards. See www.itsmf.com for more information.
ITIL®
A set of best-practice publications for IT service management. Owned by the Cabinet Office (part of HM Government), ITIL gives guidance on the provision of quality IT services and the processes, functions and other capabilities needed to support them. The ITIL framework is based on a service lifecycle and consists of five lifecycle stages (service strategy, service design, service transition, service operation and continual service improvement), each of which has its own supporting publication. There is also a set of complementary ITIL publications providing guidance specific to industry sectors, organization types, operating models and technology architectures. See www.itilofficialsite.com for more information.
job description
A document that defines the roles, responsibilities, skills and knowledge required by a particular person. One job description can include multiple roles – for example, the roles of configuration manager and change manager may be carried out by one person.
lifecycle
The various stages in the life of an IT service, configuration item, incident, problem, change etc. The lifecycle defines the categories for status and the status transitions that are permitted. For example: The lifecycle of an application includes requirements, design, build, deploy, operate, optimize The expanded incident lifecycle includes detection, diagnosis, repair, recovery and restoration The lifecycle of a server may include: ordered, received, in test, live, disposed etc.
manageability
An informal measure of how easily and effectively an IT service or other component can be managed.
management information
Information that is used to support decision making by managers. Management information is often generated automatically by tools supporting the various IT service management processes. Management information often includes the values of key performance indicators, such as ‘percentage of changes leading to incidents’ or ‘first-time fix rate’.
Management of Risk (M_o_R®)
M_o_R includes all the activities required to identify and control the exposure to risk, which may have an impact on the achievement of an organization’s business objectives. See www.mor-officialsite.com for more details.
management system
The framework of policy, processes, functions, standards, guidelines and tools that ensures an organization or part of an organization can achieve its objectives. This term is also used with a smaller scope to support a specific process or activity – for example, an event management system or risk management system. See also system.
maturity level
A named level in a maturity model, such as the Carnegie Mellon Capability Maturity Model Integration.
mean time to repair (MTTR)
The average time taken to repair an IT service or other configuration item after a failure. MTTR is measured from when the configuration item fails until it is repaired. MTTR does not include the time required to recover or restore. It is sometimes incorrectly used instead of mean time to restore service.
mean time to restore service (MTRS)
The average time taken to restore an IT service or other configuration item after a failure. MTRS is measured from when the configuration item fails until it is fully restored and delivering its normal functionality. See also maintainability; mean time to repair.
mission
A short but complete description of the overall purpose and intentions of an organization. It states what is to be achieved, but not how this should be done. See also vision.
model
A representation of a system, process, IT service, configuration item etc. that is used to help understand or predict future behavior.
modeling
A technique that is used to predict the future behavior of a system, process, IT service, configuration item etc. Modeling is commonly used in financial management, capacity management and availability management.
objective
The outcomes required from a process, activity or organization in order to ensure that its purpose will be fulfilled. Objectives are usually expressed as measurable targets. The term is also informally used to mean a requirement.
off the shelf
See commercial off the shelf.
Office of Government Commerce (OGC)
OGC (former owner of Best Management Practice) and its functions have moved into the Cabinet Office as part of HM Government. See www.cabinetoffice.gov.uk
operate
To perform as expected. A process or configuration item is said to operate if it is delivering the required outputs. Operate also means to perform one or more operations. For example, to operate a computer is to do the day-to-day operations needed for it to perform as expected.
operational
The lowest of three levels of planning and delivery (strategic, tactical, operational). Operational activities include the day-to-day or short-term planning or delivery of a business process or IT service management process. The term is also a synonym for live.
operational cost
The cost resulting from running the IT services, which often involves repeating payments – for example, staff costs, hardware maintenance and electricity (also known as current expenditure or revenue expenditure). See also capital expenditure.
operational expenditure (OPEX)
See operational cost.
operations control
See IT operations control.
operations management
See IT operations management.
optimize
Review, plan and request changes, in order to obtain the maximum efficiency and effectiveness from a process, configuration item, application etc.
organization
A company, legal entity or other institution. The term is sometimes used to refer to any entity that has people, resources and budgets – for example, a project or business unit.
outcome
The result of carrying out an activity, following a process, or delivering an IT service etc. The term is used to refer to intended results as well as to actual results. See also objective.
overhead
See indirect cost.
partnership
A relationship between two organizations that involves working closely together for common goals or mutual benefit. The IT service provider should have a partnership with the business and with third parties who are critical to the delivery of IT services. See also value network.
performance
A measure of what is achieved or delivered by a system, person, team, process or IT service.
performance management
Activities to ensure that something achieves its expected outcomes in an efficient and consistent manner.
plan
A detailed proposal that describes the activities and resources needed to achieve an objective – for example, a plan to implement a new IT service or process. ISO/IEC 20000 requires a plan for the management of each IT service management process.
planning
An activity responsible for creating one or more plans – for example, capacity planning.
policy
Formally documented management expectations and intentions. Policies are used to direct decisions, and to ensure consistent and appropriate development and implementation of processes, standards, roles, activities, IT infrastructure etc.
post- implementation review (PIR)
A review that takes place after a change or a project has been implemented. It determines if the change or project was successful, and identifies opportunities for improvement.
practice
A way of working, or a way in which work must be done. Practices can include activities, processes, functions, standards and guidelines. See also best practice.
prerequisite for success (PFS)
An activity that needs to be completed, or a condition that needs to be met, to enable successful implementation of a plan or process. It is often an output from one process that is a required input to another process.
PRINCE2®
See PRojects IN Controlled Environments.
pro-forma
A template or example document containing sample data that will be replaced with real values when these are available.
procedure
A document containing steps that specify how to achieve an activity. Procedures are defined as part of processes. See also work instruction.
process
A structured set of activities designed to accomplish a specific objective. A process takes one or more defined inputs and turns them into defined outputs. It may include any of the roles, responsibilities, tools and management controls required to reliably deliver the outputs. A process may define policies, standards, guidelines, activities and work instructions if they are needed.
process control
The activity of planning and regulating a process, with the objective of performing the process in an effective, efficient and consistent manner.
process manager
A role responsible for the operational management of a process. The process manager’s responsibilities include planning and coordination of all activities required to carry out, monitor and report on the process. There may be several process managers for one process – for example, regional change managers or IT service continuity managers for each data center. The process manager role is often assigned to the person who carries out the process owner role, but the two roles may be separate in larger organizations.
process owner
The person who is held accountable for ensuring that a process is fit for purpose. The process owner’s responsibilities include sponsorship, design, change management and continual improvement of the process and its metrics. This role can be assigned to the same person who carries out the process manager role, but the two roles may be separate in larger organizations.
production environment
See live environment.
program
A number of projects and activities that are planned and managed together to achieve an overall set of related objectives and other outcomes.
project
A temporary organization, with people and other assets, that is required to achieve an objective or other outcome. Each project has a lifecycle that typically includes initiation, planning, execution, and closure. Projects are usually managed using a formal methodology such as PRojects IN Controlled Environments (PRINCE2) or the Project Management Body of Knowledge (PMBOK). See also charter; project management office; project portfolio.
project charter
See charter.
Project Management Body of Knowledge (PMBOK)
A project management standard maintained and published by the Project Management Institute. See www.pmi.org for more information. See also PRojects IN Controlled Environments (PRINCE2).
Project Management Institute (PMI)
A membership association that advances the project management profession through globally recognized standards and certifications, collaborative communities, an extensive research program, and professional development opportunities. PMI is a not-for-profit membership organization with representation in many countries around the world. PMI maintains and publishes the Project Management Body of Knowledge (PMBOK). See www.pmi.org for more information. See also PRojects IN Controlled Environments (PRINCE2).
PRojects IN Controlled Environments (PRINCE2)
The standard UK government methodology for project management. See www.princeofficialsite.com for more information. See also Project Management Body of Knowledge (PMBOK).
quality
The ability of a product, service or process to provide the intended value. For example, a hardware component can be considered to be of high quality if it performs as expected and delivers the required reliability. Process quality also requires an ability to monitor effectiveness and efficiency, and to improve them if necessary. See also quality management system.
record
A document containing the results or other output from a process or activity. Records are evidence of the fact that an activity took place and may be paper or electronic – for example, an audit report, an incident record or the minutes of a meeting.
relationship
A connection or interaction between two people or things. In business relationship management, it is the interaction between the IT service provider and the business. In service asset and configuration management, it is a link between two configuration items that identifies a dependency or connection between them. For example, applications may be linked to the servers they run on, and IT services have many links to all the configuration items that contribute to that IT service.
relationship processes
The ISO/IEC 20000 process group that includes business relationship management and supplier management.
release management
See release and deployment management.
release window
See change window.
resolution processes
The ISO/IEC 20000 process group that includes incident and problem management.
response time
A measure of the time taken to complete an operation or transaction. Used in capacity management as a measure of IT infrastructure performance, and in incident management as a measure of the time taken to answer the phone, or to start diagnosis.
responsiveness
A measurement of the time taken to respond to something. This could be response time of a transaction, or the speed with which an IT service provider responds to an incident or request for change etc.
restoration of service
See restore.
review
An evaluation of a change, problem, process, project etc. Reviews are typically carried out at predefined points in the lifecycle, and especially after closure. The purpose of a review is to ensure that all deliverables have been provided, and to identify opportunities for improvement. See also change evaluation; post-implementation review.
risk
A possible event that could cause harm or loss, or affect the ability to achieve objectives. A risk is measured by the probability of a threat, the vulnerability of the asset to that threat, and the impact it would have if it occurred. Risk can also be defined as uncertainty of outcome, and can be used in the context of measuring the probability of positive outcomes as well as negative outcomes.
risk assessment
The initial steps of risk management: analyzing the value of assets to the business, identifying threats to those assets, and evaluating how vulnerable each asset is to those threats. Risk assessment can be quantitative (based on numerical data) or qualitative.
risk management
The process responsible for identifying, assessing and controlling risks. Risk management is also sometimes used to refer to the second part of the overall process after risks have been identified and assessed, as in ‘risk assessment and management’. This process is not described in detail within the core ITIL publications. See also risk assessment.
role
A set of responsibilities, activities and authorities assigned to a person or team. A role is defined in a process or function. One person or team may have multiple roles – for example, the roles of configuration manager and change manager may be carried out by a single person. Role is also used to describe the purpose of something or what it is used for.
running costs
See operational costs.
Sarbanes-Oxley (SOX)
US law that regulates financial practice and corporate governance.
scalability
The ability of an IT service, process, configuration item etc. to perform its agreed function when the workload or scope changes.
scope
The boundary or extent to which a process, procedure, certification, contract etc. applies. For example, the scope of change management may include all live IT services and related configuration items; the scope of an ISO/IEC 20000 certificate may include all IT services delivered out of a named data center.
security
See information security management.
security management
See information security management.
security policy
See information security policy.
separation of concerns (SoC)
An approach to designing a solution or IT service that divides the problem into pieces that can be solved independently. This approach separates what is to be done from how it is to be done.
service
A means of delivering value to customers by facilitating outcomes customers want to achieve without the ownership of specific costs and risks. The term ‘service’ is sometimes used as a synonym for core service, IT service or service package. See also utility; warranty.
service asset
Any resource or capability of a service provider. See also asset.
service change
See change.
service continuity management
See IT service continuity management.
service culture
A customer-oriented culture. The major objectives of a service culture are customer satisfaction and helping customers to achieve their business objectives.
service level
Measured and reported achievement against one or more service level targets. The term is sometimes used informally to mean service level target.
service level package (SLP)
See service option.
service lifecycle
An approach to IT service management that emphasizes the importance of coordination and control across the various functions, processes and systems necessary to manage the full lifecycle of IT services. The service lifecycle approach considers the strategy, design, transition, operation and continual improvement of IT services. Also known as service management lifecycle.
service management
A set of specialized organizational capabilities for providing value to customers in the form of services.
service management lifecycle
See service lifecycle.
service manager
A generic term for any manager within the service provider. Most commonly used to refer to a business relationship manager, a process manager or a senior manager with responsibility for IT services overall.
shared service unit
See Type II service provider.
source
See service sourcing.
specification
A formal definition of requirements. A specification may be used to define technical or operational requirements, and may be internal or external. Many public standards consist of a code of practice and a specification. The specification defines the standard against which an organization can be audited.
stakeholder
A person who has an interest in an organization, project, IT service etc. Stakeholders may be interested in the activities, targets, resources or deliverables. Stakeholders may include customers, partners, employees, shareholders, owners etc. See also RACI.
standard
A mandatory requirement. Examples include ISO/IEC 20000 (an international standard), an internal security standard for Unix configuration, or a government standard for how financial records should be maintained. The term is also used to refer to a code of practice or specification published by a standards organization such as ISO or BSI. See also guideline.
status
The name of a required field in many types of record. It shows the current stage in the lifecycle of the associated configuration item, incident, problem etc.
system
A number of related things that work together to achieve an overall objective. For example: A computer system including hardware, software and applications A management system, including the framework of policy, processes, functions, standards, guidelines and tools that are planned and managed together – for example, a quality management system A database management system or operating system that includes many software modules which are designed to perform a set of related functions.
system management
The part of IT service management that focuses on the management of IT infrastructure rather than process.
tactical
The middle of three levels of planning and delivery (strategic, tactical, operational). Tactical activities include the medium-term plans required to achieve specific objectives, typically over a period of weeks to months.
technical support
See technical management.
third party
A person, organization or other entity that is not part of the service provider’s own organization and is not a customer – for example, a software supplier or a hardware maintenance company. Requirements for third parties are typically specified in contracts that underpin service level agreements. See also underpinning contract.
threat
A threat is anything that might exploit vulnerability. Any potential cause of an incident can be considered a threat. For example, a fire is a threat that could exploit the vulnerability of flammable floor coverings. This term is commonly used in information security management and IT service continuity management, but also applies to other areas such as problem and availability management.
threshold
The value of a metric that should cause an alert to be generated or management action to be taken. For example, ‘Priority 1 incident not solved within four hours’, ‘More than five soft disk errors in an hour’, or ‘More than 10 failed changes in a month’.
transaction
A discrete function performed by an IT service – for example, transferring money from one bank account to another. A single transaction may involve numerous additions, deletions and modifications of data. Either all of these are completed successfully or none of them is carried out.
tuning
The activity responsible for planning changes to make the most efficient use of resources. Tuning is most commonly used in the context of IT services and components. Tuning is part of capacity management, which also includes performance monitoring and implementation of the required changes. Tuning is also called optimization, particularly in the context of processes and other nontechnical resources.
user
A person who uses the IT service on a day-to-day basis. Users are distinct from customers, as some customers do not use the IT service directly.
value for money
An informal measure of cost effectiveness. Value for money is often based on a comparison with the cost of alternatives. See also cost benefit analysis.
variance
The difference between a planned value and the actual measured value. Commonly used in financial management, capacity management and service level management, but could apply in any area where plans are in place.
vision
A description of what the organization intends to become in the future. A vision is created by senior management and is used to help influence culture and strategic planning. See also mission.
vulnerability
A weakness that could be exploited by a threat – for example, an open firewall port, a password that is never changed, or a flammable carpet. A missing control is also considered to be a vulnerability.
warm standby
See intermediate recovery.
work in progress (WIP)
A status that means activities have started but are not yet complete. It is commonly used as a status for incidents, problems, changes etc.
work instruction
A document containing detailed instructions that specify exactly what steps to follow to carry out an activity. A work instruction contains much more detail than a procedure and is only created if very detailed instructions are needed.
work order
A formal request to carry out a defined activity. Work orders are often used by change management and by release and deployment management to pass requests to technical management and application management functions.
workload
The resources required to deliver an identifiable part of an IT service. Workloads may be categorized by users, groups of users, or functions within the IT service. This is used to assist in analyzing and managing the capacity, performance and utilization of configuration items and IT services. The term is sometimes used as a synonym for throughput.
