ITIL 4 Foundation Study Guide
ITIL 4 Foundation validates a working understanding of the ITIL 4 framework for IT service management, covering core service management concepts, the guiding principles, the four dimensions, the service value system, the service value chain, and the key management practices. It is the entry-level ITIL certification and a prerequisite for higher ITIL designations, aimed at anyone involved in delivering or supporting IT-enabled services.
Reviewed Jul 2026.
Domain 1: Service management key concepts
- Utility answers what a service does, its fitness for purpose; example functions include withdrawing cash, checking balances, calculating salaries, or generating payslips. It is judged by whether the service supports the outcomes a consumer needs.
- Warranty answers how well a service performs, its fitness for use, assuring reliability, availability, capacity, continuity, and security. A commitment such as 24/7 ATM access is a warranty concern, and security requirements like encryption fall under warranty.
- Value is co-created and always assessed by weighing outcomes achieved against the costs incurred and the risks involved, considered together rather than in isolation.
- The service consumer is made up of three roles: the customer, who defines requirements and is accountable for outcomes; the user, who uses the service day to day; and the sponsor, who authorizes the budget for service consumption.
- A single stakeholder can hold more than one consumer role at once, for example a small-business owner who is simultaneously customer, user, and sponsor, or an agency that is both customer and sponsor.
- Suppliers, partners, employees, investors, regulators, and the community are other stakeholders, distinct from the three service consumer roles. A supplier is not one of the core consumer roles.
- Partners have closely integrated relationships that share risk and reward, while suppliers typically have more transactional, contractual relationships with the organization.
- The community is the group of people and organizations affected by or interested in an organization's activities without a direct commercial or contractual relationship, distinct from regulators who hold formal legal authority.
- An organization can be a provider in one service relationship and a consumer in another at the same time; the roles depend on the specific relationship, not on the organization itself.
- A service offering is a formal description of one or more services designed to address the needs of a target consumer group, and may include goods, access to resources, and service actions.
- Goods are items supplied to a consumer where ownership transfers to that consumer, who then takes responsibility for their future use, unlike resources to which access is only granted.
- A service action is a task performed by the provider to address a consumer's need, such as a technician visiting to unbox, connect, and configure equipment.
- Outcomes are the results a stakeholder actually realizes, such as faster decision-making, and are distinct from the outputs a service produces. Services support outcomes by improving performance or removing constraints.
- Services can remove risks from a consumer, for example a certified specialist handling secure data destruction removes both the risk of a data breach and the risk of regulatory non-compliance from the consumer.
- The three service relationship activities are service provision, service consumption, and service relationship management; service level negotiation is not one of them. Consumption activities include using resources, managing user access, and funding a subscription.
Domain 2: The ITIL guiding principles
- The seven guiding principles are: focus on value, start where you are, progress iteratively with feedback, collaborate and promote visibility, think and work holistically, keep it simple and practical, and optimize and automate.
- The guiding principles are universal and enduring; they apply at strategic, tactical, and operational levels and remain relevant regardless of changes in the organization's goals or structure.
- Not every principle carries equal weight in every situation; ITIL 4 recommends using judgement to decide which principles matter most for the specific circumstances.
- Focus on value means value creation should be a habitual part of everyday work, not an occasional exercise, and every action should link back to value for a stakeholder.
- Customer experience (CX) is the customer's overall perception formed from all their interactions with the organization, while user experience (UX) concerns how easy, efficient, and satisfying a service is for the people who use it directly.
- Start where you are means assessing and reusing what already exists rather than starting over; existing logged data should be reused instead of recreated, and deleting data before assessing it violates this principle.
- Start where you are favors observing and measuring the current state directly wherever possible, since direct evidence is more reliable than assumptions or outdated documentation.
- Progress iteratively with feedback means organizing work into smaller, manageable pieces that can be executed and completed in a timely manner, using feedback to make course corrections during the current or next iteration.
- Working in small iterations with feedback leads to earlier identification of problems and sooner delivery of value; large all-at-once approaches delay problem detection until much later.
- Collaborate and promote visibility does not require unanimous agreement or full consensus; an accountable individual may still make some decisions alone, and collaboration is used where it adds genuine value.
- Insufficient visibility, such as sponsors not being able to see accurate work status, prevents stakeholders from acting on problems earlier; a shared visual board promotes visibility of the true, current state of work.
- Think and work holistically means considering the whole end-to-end journey and value across departments and the four dimensions, not optimizing only one team's part in isolation.
- Keep it simple and practical focuses on the vital few things that matter most rather than the trivial many, and recommends using the minimum number of steps needed to accomplish an objective.
- Optimize and automate means optimization should generally happen before automation, because automating a bad process only accelerates poor results; automation works best on well-defined, repeatable tasks.
Domain 3: The four dimensions of service management
- The four dimensions of service management are organizations and people, information and technology, partners and suppliers, and value streams and processes. They must be considered for the whole service value system and for every individual product and service.
- The organizations and people dimension covers roles, organizational structures, culture, staffing levels, and the competencies people need; an excessively wide span of control can slow decisions because one manager cannot adequately supervise everyone.
- The information and technology dimension covers the information and technologies used to deliver services, including knowledge base articles and monitoring tools, and gives strong attention to data quality such as accuracy, currency, and consistency.
- Neglecting the information and technology dimension leads to analysts making decisions on incomplete or inaccurate information, for example working from outdated and inconsistent customer records.
- The partners and suppliers dimension covers the organization's relationships with other organizations involved in service delivery, such as engaging a payment processor or a cloud hosting vendor, and deciding how much control to retain.
- Supplier strategy and selection under partners and suppliers evaluates suppliers on more than price, weighing factors like financial stability, reputation, and capacity to scale.
- Neglecting the partners and suppliers dimension shows up as failing to define performance expectations and accountability with an outsourced supplier, and misaligned ways of working that create friction and delivery delays.
- Service integration and management (SIAM) coordinates outputs from multiple suppliers and monitors their combined performance so many providers behave as one coherent service.
- The value streams and processes dimension covers how the organization arranges its activities to create value; neglecting it results in uncontrolled handoffs between teams and inconsistent customer outcomes.
- A value stream is a series of steps an organization uses to create and deliver products and services, typically spanning and combining multiple processes and practices, for example an end-to-end loan or onboarding flow across several departments and systems.
- Processes are building blocks of value streams: each transforms specific inputs into outputs, and they link together to form the larger coordinated flow that a value stream represents.
- Improving handoffs across functions such as sales, provisioning, and billing is improving a value stream, and redesigning these handoffs improves the onboarding value stream end to end.
- The four dimensions are affected by external factors summarized by PESTLE: political (such as new trade tariffs), economic (currency falls, recession reducing budgets), social, technological (a platform reaching end of vendor support), legal, and environmental (single-use packaging restrictions, carbon-footprint pressure).
- A single PESTLE factor can affect multiple dimensions at once, so organizations must consider all four together to avoid being left only partially compliant or effective.
Domain 4: The service value system and governance
- The service value system (SVS) describes how all the components and activities of an organization work together to enable value creation; its purpose is to ensure the organization continually co-creates value with stakeholders.
- The five components of the SVS are the guiding principles, governance, the service value chain, the practices, and continual improvement.
- The service value chain is one component of the SVS and its central operating model, but it is not self-contained; it is shaped by governance, the guiding principles, the practices, and continual improvement.
- Applying the SVS provides a shared operating model that connects governance, practices, and improvement across departments, so teams draw on consistent, reusable capabilities instead of duplicating effort in isolation.
- Governance is the means by which an organization is directed and controlled; the governing body is accountable at the highest level for the organization's overall performance and conformance.
- The three core governance activities are Evaluate, Direct, and Monitor. Monitor specifically checks conformance to the agreed direction and to regulatory and other requirements.
- Inconsistent decisions across regions, such as differing change-approval criteria, are a governance problem; strengthening governance applies consistent direction and evaluation criteria everywhere.
- The guiding principles support all the other SVS components, apply universally at every organizational level, and remain useful regardless of changes to the organization's goals or structure.
- Value is subjective, reflecting each stakeholder's own objectives and context, which is why different stakeholders can assess the same output differently, for example a finance manager focused on cost versus a user focused on usability.
- Opportunities are possibilities that could add value, such as noticing a beneficial market trend, while demand is the need for services among consumers; both are inputs that trigger activity within the SVS.
- Continual improvement is both one of the 34 ITIL management practices and a dedicated service value chain activity called improve, and it can be applied at strategic, tactical, and operational levels.
- The continual improvement model steps include: what is the vision, where are we now, where do we want to be (defining measurable targets), how do we get there, take action, did we get there, and how do we keep the momentum going.
- A continual improvement register (CIR) tracks improvement ideas and initiatives from identification through to their final status, and helps coordinate improvement work across departments to resolve resource conflicts.
- The guiding principle progress iteratively with feedback is most closely reflected in continual improvement, while thinking and working holistically drives considering the whole end-to-end journey across departments.
Domain 5: The service value chain
- The service value chain is the central element of the service value system and provides the operating model for creating, delivering, and continually improving services.
- The six value chain activities are plan, improve, engage, design and transition, obtain/build, and deliver and support.
- The six activities can be combined and sequenced in different orders depending on the situation to form different value streams; there is no single mandatory order and each activity may be revisited.
- Value chain activities interact by having the output of one activity flow in as an input to another, and a value stream is formed from the activities relevant to a scenario plus the practices needed to support them.
- A value stream is designed to create and deliver value for a consumer while also supporting value for other stakeholders, and value stream mapping is closely associated with lean-based continual improvement techniques.
- The plan activity sets the direction, agreed vision, current status, and improvement direction across the four dimensions, whereas improve carries out and embeds the actual improvements.
- The engage activity provides a good understanding of stakeholder needs, transparency, and ongoing engagement and good relationships with all stakeholders.
- Design and transition ensures products and services continually meet stakeholder expectations for quality, cost, and time to market; it covers producing a design that accounts for all four dimensions.
- Design and transition includes preparing people for change through training and communication, and migrating a completed or changed service from a pre-production or staging environment into live production.
- Obtain/build ensures service components are available when and where they are needed and meet agreed specifications, including maintaining supplier relationships for replacement parts.
- Deliver and support ensures services are delivered and supported according to agreed specifications and stakeholder expectations, such as restoring normal operation of an existing live service for a user.
- The improve activity ensures continual improvement across every value chain activity and dimension, not only customer-facing services; it covers analyzing root cause, recording a permanent fix as an opportunity, and tracking and adjusting improvement initiatives.
- A single practice, such as change enablement, can contribute to more than one value chain activity, and any activity can draw on multiple practices.
- No value chain activity is optional; organizations combine and sequence them to respond to different types of demand and opportunity, which is what allows multiple distinct value streams to exist within one organization.
Domain 6: ITIL management practices
- ITIL 4 defines 34 management practices grouped into general management practices, service management practices, and technical management practices; a subset is examined in detail at Foundation level.
- Incident management aims to minimize the negative impact of incidents by restoring normal service operation as quickly as possible, while problem management identifies and manages the root causes of incidents; a known error is a problem that has been analyzed but not yet resolved.
- Change enablement maximizes the number of successful service changes by ensuring risks are assessed and changes are authorized; the change authority is the person or group responsible for authorizing a change, and the appropriate authority varies with the change's type, size, and risk.
- The change schedule is used to plan and communicate changes, helping to avoid conflicts and assign resources, functioning like a shared calendar of planned and historical changes so risky changes are not scheduled together.
- The service desk is the single point of contact between the provider and users; its purpose is to capture demand for incident resolution and service requests. The telephone channel remains valuable because it enables real-time, personal conversation for complex, urgent, or sensitive issues.
- Service request management handles predefined, user-initiated requests, including a request for information where the user only asks how to do something rather than asking the provider to perform an action.
- Service level management sets clear business-based targets for service performance; a good service level agreement (SLA) relates to a defined service as users experience it and is simple and easy to understand and use.
- Service configuration management maintains accurate records of configuration items (CIs), their attributes and status, and the relationships between them, such as which services depend on a given server, and verifies these records against reality.
- Service continuity management focuses on rare, high-impact disaster scenarios that threaten the organization's ability to operate, while availability management ensures services meet agreed availability targets during normal, everyday operation.
- Capacity and performance management addresses both capacity, the maximum throughput a resource can sustain, and performance, how efficiently or quickly it responds, ensuring services meet agreed demand cost-effectively.
- Knowledge management maintains and improves the effective, efficient, and convenient use of information and knowledge; tacit knowledge is personal, experience-based know-how that is hard to document, unlike explicit knowledge already captured in procedures.
- Relationship management establishes and nurtures links between the organization and its stakeholders, and should address all relevant stakeholders rather than only customers.
- Information security management protects the information the organization needs to conduct its business, balancing security controls against the needs of the business and the ease of use of its systems.
- Other supporting practices include deployment management (moving new or changed components into live environments), service design (designing products fit for purpose, fit for use, and deliverable), organizational change management (managing the people side of change to reduce resistance), workforce and talent management (right people and skills in the right roles), and strategy management (formulating goals and the courses of action to achieve them).
ITIL 4 Foundation exam tips
- Master the utility versus warranty distinction: utility is fitness for purpose (what it does), warranty is fitness for use (how well it performs, covering availability, capacity, security, and continuity). Many questions hinge on classifying a described feature.
- Memorize the three service consumer roles (customer, user, sponsor) and remember one stakeholder can hold several at once, while suppliers and the community are other stakeholders, not consumer roles.
- Know all seven guiding principles by name and their key behaviors, especially optimize before you automate and reuse what exists under start where you are; expect scenario questions asking which principle applies.
- Learn the four dimensions and the PESTLE external factors, and be ready to match a described situation (a tariff, a recession, an end-of-support platform) to the correct dimension or factor.
- Understand that the service value chain has six flexible activities that combine into value streams in any order, and that continual improvement is both a practice and the improve value chain activity; also know the purposes of the commonly tested practices.
Study guide FAQ
What is the difference between utility and warranty in ITIL 4?
Utility is fitness for purpose, describing what a service does and the functionality it offers to meet a need, such as dispensing cash. Warranty is fitness for use, assuring how well the service performs across availability, capacity, security, and continuity, such as a 24/7 access commitment. A service must have both adequate utility and warranty to create value.
What are the seven ITIL guiding principles?
They are focus on value, start where you are, progress iteratively with feedback, collaborate and promote visibility, think and work holistically, keep it simple and practical, and optimize and automate. They are universal, enduring recommendations that apply at every organizational level, and you should use judgement to weight the ones that matter most in a given situation.
What are the components of the service value system and how does the value chain fit in?
The SVS has five components: the guiding principles, governance, the service value chain, the practices, and continual improvement. The service value chain is the central operating model with six activities (plan, improve, engage, design and transition, obtain/build, deliver and support), but it is not self-contained: governance directs it, the principles guide it, practices supply resources, and continual improvement keeps it evolving.
How many management practices are there, and which matter most for Foundation?
ITIL 4 defines 34 management practices across general, service, and technical categories. Foundation focuses on a subset, most importantly incident management, problem management, change enablement, service request management, service desk, service level management, and continual improvement, plus awareness of others such as service configuration management, information security management, and relationship management.