Continual improvement is everyone’s responsibility. Although there may be a group of staff members who focus on this work full-time, it is critical that everyone in the organization understands that active participation in continual improvement activities is a core part of their job. To ensure that this is more than a good intention, it is wise to include contribution to continual improvement in all job descriptions and every employee’s objectives, as well as in contracts with external suppliers and contractors.

By definition, outcome is a result for a stakeholder enabled by one or more outputs. In other words, outcomes allow service consumers to achieve a desired result.

Incident management can have an enormous impact on customer and user satisfaction, and on how customers and users perceive the service provider. Every incident should be logged and managed to ensure that it is resolved in a time that meets the expectations of the customer and user. Target resolution times are agreed, documented, and communicated to ensure that expectations are realistic. Incidents are prioritized based on an agreed classification to ensure that incidents with the highest business impact are resolved first.

By definition, services is a means of enabling value co-creation by facilitating outcomes that customers want to achieve, without the customer having to manage specific costs and risks.

When a problem cannot be resolved quickly, it is often useful to find and document a workaround for future incidents, based on an understanding of the problem. Workarounds are documented in problem records. This can be done at any stage; it doesn’t need to wait for analysis to be complete. If a workaround has been documented early in problem control, then this should be reviewed and improved after problem analysis has been completed.

The purpose of the information security management practice is to protect the information needed by the organization to conduct its business. This includes understanding and managing risks to the confidentiality, integrity, and availability of information, as well as other aspects of information security such as authentication (ensuring someone is who they claim to be) and nonrepudiation (ensuring that someone can’t deny that they took an action).