IT Service Management (ITSM)
IT Service Management (ITSM)
As digital operations grow in scale and complexity, effective IT Service Management (ITSM) becomes essential to ensure the reliability, responsiveness, and resilience of your technology environment. Whether embedded within core platforms or delivered through complementary solutions, ITSM underpins how your organisation manages incidents, changes, assets, and service levels.
IT service management typically includes support for:
- Incident and problem management
- Change and release management
- Configuration and asset management (CMDB)
- Service request fulfilment
- Knowledge management
- Service level management (SLM)
- IT operations analytics
- Self-service portals and automation workflow
Key contact
Clients
We support clients using a range of ITSM tools, including:
- ServiceNow
- BMC Helix / Remedy
- Ivanti
- Freshservice
- Microsoft System Center
- ManageEngine
Licensing models for ITSM tools vary from user-based SaaS subscriptions to enterprise-wide, modular structures. We help clients navigate:
-
Licence scope and usage limits
-
Managed service provider (MSP) contracts
-
Support and maintenance SLAs
-
Disaster recovery and uptime guarantees
When engaging third-party ITSM providers or managed services, our work includes:
- Reviewing support models (eg ITIL v4-aligned vs bespoke)
- Negotiating service credit mechanisms and exit strategies
- Advising on shared responsibility and governance models
Key concerns you may not have considered:
Clear ownership of data and workflows is essential—particularly where incidents trigger changes in financial or HR systems. Without well-defined responsibilities, there is a risk of service gaps, duplicated effort, or inconsistent data handling.
Not all incidents are equal. ITSM tools must account for business criticality—not just technical severity—to ensure the most impactful issues are prioritised, especially those affecting key functions such as payroll or invoicing.
ITSM platforms often become deeply embedded within your broader technology environment, which can make switching vendors challenging over time. Ensuring portability, open data access, and flexible integration capabilities helps reduce the risk of long-term vendor lock-in.
Service tickets may contain sensitive operational or employee information. It is essential to ensure that your ITSM system complies with data localisation requirements and your organisation’s wider data protection obligations under UK law, including the UK GDPR and Data Protection Act 2018.
ITSM implementation support
Selecting the right solution requires:
Determining your requirements (all your required business functions and gaps in existing systems). These should be categorised as:
- Essential
- Future essential
- Desirable
- Nice to have
Assessing potential systems against those requirements and in particular assessing whether they are met:
- Out of the box
- Through configuration
- Through development
- Through integration with a third-party solution
We are often brought into negotiations with a supplier after this has been finalised, yet we can add significant value at this stage, not least by controlling the “terms and conditions” that will apply at contract award.
Necessary for larger implementations
This is the first activity with the selected supplier, which sets the expectations between the parties. The aim is to gain as much specificity as possible, acknowledging that the detailed design phase goes to a much greater level.
Key issues are:
- To ensure the scope ties back to the requirements. See Specification vs requirements
- Identify and document any agreed “gaps” against the original requirements (as time moves on and requirements change)
- Confirming what is out of the box vs through configuration vs through development vs through integration with a third-party solution
- This can and should form part of the main contract, but we do often see this phase started in haste without the right contractual protection. It is possible to pull it back under the wider arrangement, but this can be difficult
Detailed design is where the design of the new system is finalised. This essentially covers the contents of blueprinting/scoping, but to a much greater depth, enabling both parties to be able to understand their respective obligations.
It is important to see a detailed and comprehensive RACI matrix (Responsible/ Accountable/ Consulted/ Informed).
A very common area of dispute comes from a lack of understanding on the part of the customer as to its obligations and “over-optimism” on the part of the implementer in this respect.
This is where the solution is configured and developed (as applicable) in accordance with the detailed design.
This may include developing custom modules, integrating with existing systems, and configuring the system to meet specific business requirements.
Once built, the solution needs to be implemented. This involves deploying the new system, migrating data from existing systems, and training users on the new system.
It is crucial to have a well-defined plan for data migration and user training to ensure a smooth transition.
There are differing elements to testing, whether (for example):
- Functional testing
- Load testing
- Penetration testing
- User acceptance testing
It is important, yet often overlooked, to ensure that:
- It is clear which party is responsible for which elements
- How the acceptance criteria are to be set
- How testing will take place
- How achievement is determined
- What happens if there is a failure
Following successful acceptance testing, a date is agreed for go-live.
Necessary for larger implementations
This is a short period of support immediately after go-live where typically the original team who built and implemented the solution remain on the project to monitor and deal with issues.
We work with clients to ensure hypercare runs for an appropriate period of time, that the right people are made available for hypercare and that appropriate response and resolution targets are applied, together with appropriate consequences for any failures.
Life isn’t perfect and systems never quite run perfectly!
Ongoing managed support is therefore an important part of the contracting process.
See IT services
Meet our team
Jaskeerat Sanghera
Managing Associate
Loving technology
Our IT lawyers live and breathe all things digital and data
Speaking technology
Acronyms fill this sector. Our lawyers know most of them and love learning new ones
Embracing technology
Technology is critical to our success and something that we embrace
Contact us today
Whatever your legal needs, our wide ranging expertise is here to support you and your business, so let’s start your legal journey today and get you in touch with the right lawyer to get you started.
Get in touch
For general enquiries, please complete this form and we will direct your message to the most appropriate person.