Black Friday Super Sale! Up to 30% off!
Click here to view all courses

Use offer code: 01BLACKFRIDAY24UK
Learn now, pay later – payment options available
event management diagram

Event management in ITIL® 4

The ability to monitor, analyse, and respond to events within an IT environment is a critical factor in maintaining the health, performance, and reliability of any IT service. ITIL® 4 offers an approach to help with this.

Learn more about ITIL 4 and how it can benefit your organisation.

What is event management?

An event is any change of configuration item (CI) from one state to another within an IT service. ITIL event management is a process that defines and manages the lifecycle of all these events.

The primary objective of event management is to ensure the normal operation of services by detecting and addressing any ‘exceptional conditions’ or ‘exceptional events’.

What is an ‘exceptional event’ in ITIL 4?

An exceptional event refers to a significant and disruptive occurrence that, if not handled effectively, could have a substantial impact on service quality, performance, or availability. These events require immediate attention to mitigate their effects.

For example, a server moving from online to idle would be considered an event. However, if this server had an outage this would then turn into an exceptional event, as it needs to be dealt with urgently to avoid impacting the service provided.

Event management tools

Event management tools are software solutions designed to monitor, analyse and respond to events within IT environments. These tools help keep the technology running smoothly and will alert IT service teams if something goes wrong, so it can be addressed quickly and efficiently.

These tools fall into two categories:

Active tools

Active monitoring tools proactively collect data by testing components such as servers, network devices and applications. If issues are detected or a pre-determined threshold is exceeded, they will then send an alert to the IT service team to make them aware of the problem.

Passive tools

Passive monitoring tools capture data that is already being generated, such as logs, messages, or event streams, and analyse it for patterns or anomalies. These tools are particularly useful for security and network monitoring.

Event management examples

IT events can be split into three categories:

Information

These events are typically messages or notifications generated to provide information about the current status or performance of the system. These are typically the lowest priority events, as they do not require immediate attention but the data they provide may prove useful in maintaining and optimising the IT environment. Examples of informational events include messages about software updates, successful backups, etc.

Warning

Warning events are of a slightly higher priority, as they provide notifications to indicate potential issues or anomalies within an IT system which, if left unaddressed, could lead to more significant problems or service disruptions. Common examples of this are alerts about high memory usage or nearing storage limits.

Exception

Exceptional events are the highest priority and require immediate attention. They refer to events which may cause significant disruption or deviations from normal service operation. Examples of exceptional events include system crashes, hardware failures and security breaches.

Are your event management processes effective?

Event management metrics can be used to measure the effectiveness of these processes and gain insights into the performance of IT systems and services.

Some examples of useful event management metrics include:

  • Number of events per category
  • Number of events by significance
  • Number and percentage of events that required human intervention
  • Number and percentage of events that resulted in incidents or changes
  • Number and percentage of events caused by existing problems or known errors
  • The time taken to respond to an event
  • The time taken to resolve an event

The ITIL 4 event management process

There are multiple stages to the event management process, as detailed in ITIL 4:

  • Event monitoring and notification: An event is detected, or event notification triggered.
  • Event filtering & 1st level correlation: Once an event is detected, it needs to be filtered and prioritised based on its severity (information, warning, or exception) and its relevance to achieving business objectives.
  • 2nd level correlation & response selection: At this stage, a decision needs to be made regarding the appropriate response to the event, does it need human intervention or will an auto response suffice. This is also the point where a choice may be made to escalate the event to a problem or incident.
  • Event review & closure: In this final stage, if the event has been resolved then it will be closed, and normal service can resume. If not, then it will be returned to the previous stage and the appropriate response will be reassessed.

Improve your IT event management processes with ITIL 4 training. Complete your e-learning, virtual or classroom training and then book your ITIL exam to become a certified IT service management professional.