Objective: The objective of ITIL Event Management is to make sure Configuration Items (CIs) and services are constantly monitored. The Event Management process aims to filter and categorize Events in order to decide on appropriate actions if required.
Part of: Service Operation
Process Owner: IT Operations Manager
The activities and process objectives of the Event Management process are mostly identical in ITIL V3 and V2 (Event Management was part of ICT Infrastructure Management).
Interfaces between Event Management and the other ITIL processes were adjusted in order to reflect the new ITIL process structure in ITIL V3.
The process flows reflect the more detailed guidance in the ITIL 2011 books. The process overview of ITIL Event Management shows the key information flows (see fig. 1).
These are the ITIL Event Management sub-processes and their process objectives:
Maintenance of Event Monitoring Mechanisms and Rules
- Process Objective: To set up and maintain the mechanisms for generating meaningful Events and effective rules for their filtering and correlating.
Event Filtering and 1st Level Correlation
- Process Objective: To filter out Events which are merely informational and can be ignored, and to communicate any Warning and Exception Events.
2nd Level Correlation and Response Selection
- Process Objective: To interpret the meaning of an Event and select a suitable response if required.
Event Review and Closure
The following ITIL terms and acronyms (information objects) are used in the ITIL Event Management process to represent process outputs and inputs:
- see Event Record
Event Categorization Scheme
- The Categorization Scheme for Events supports a consistent approach to dealing with specific types of Events. Ideally, this scheme should be harmonized with the schemes to categorize CIs, Incidents and Problems.
Event Filtering and Correlation Rules
- Rules and criteria used to determine if an Event is significant and to decide upon an appropriate response. Event Filtering and Correlation Rules are typically used by Event Monitoring systems. Some of those rules are defined during the Service Design stage, for example to ensure that Events are triggered when the required service availability is endangered.
- A record describing a change of state which has significance for the management of a Configuration Item or service. The term Event is also used to mean an alert or notification created by any IT service, Configuration Item or monitoring tool. Events often require IT operations personnel to take actions, and may lead to Incidents being logged.
Event Trends and Patterns
- Any trends and patterns identified during analysis of significant Events, which suggest that improvements to the infrastructure are needed.
Roles | Responsibilities
IT Operations Manager - Process Owner
- An IT Operations Manager will be needed to take overall responsibility for a number of Service Operation activities. For instance, this role will ensure that all day-to-day operational activities are carried out in a timely and reliable way.
- IT Operators are the staff who perform the day-to-day operational activities.
- Typical responsibilities include: Performing backups, ensuring that scheduled jobs are performed, installing standard equipment in the data center.
|ITIL Role / Sub-Process
|IT Operations Manager
|(Event Monitoring System)
|Other roles involved 
|Maintenance of Event Monitoring Mechanisms and Rules
|Event Filtering and 1st Level Correlation
|2nd Level Correlation and Response Selection
|Event Review and Closure
 A: Accountable according to the RACI Model: Those who are ultimately accountable for the correct and thorough completion of the Event Management process.
 R: Responsible according to the RACI Model: Those who do the work to achieve a task within Event Management.
 In cooperation, as appropriate: IT Operations Manager, Access Manager, Capacity Manager, Availability Manager, IT Service Continuity Manager, Information Security Manager, Applications Analyst and/ or technical Analyst. → Role descriptions...