Security Management | ITIL Version 2

ITIL offers a framework of structured, scalable, best practices and processes that organizations can adopt and adapt to fit their own operations. 

What is ITIL Security Management?

Security Management

Security Management is an integral part of the other IT disciplines. It has both a business and service focus. Through the execution of the processes, the organization will meet regulatory agency requirements, such as Sarbanes-Oxley, FDIC, GDPR, SEC and/or HIPAA.

Using the ITIL Security Management process framework provides common, well-understood concepts and terminology so people clearly understand the reasons behind the security policies and procedures, as well as potential risk to the organization if they are not observed and followed. All organizational information is evaluated, risks assessed, and appropriate policies to control access and dissemination put in place.

The ITIL Security Management process includes these components:


  • Policies
  • Organization
  • Reporting


  • SLA section
  • Underlying contracts
  • OLA section
  • Reporting


  • Classifications
  • Personnel security
  • Security policies
  • Access controls
  • Reporting


  • Self-assessment
  • External Audit
  • Internal Audit
  • Assessment as result of security incident
  • Reporting


  • SLA sections
  • OLA sections
  • Requests for changes, additions, deletions
  • Reporting

Start implementing ITIL with capacity management

Learn what you need to get started with a capacity management practice and how to choose tools to support this aspect of ITIL. 

Or learn more about Vityl Capacity Management