On this page

ITSM and Help Desk

IT service management (ITSM) and help desk platforms provide centralised systems for receiving, tracking, resolving, and reporting on service requests, incidents, problems, and changes. These platforms form the operational core of IT service delivery, enabling structured workflows, service level management, knowledge capture, and performance measurement. For mission-driven organisations, platform selection affects staff productivity, service quality, compliance capability, and total cost of ownership.

This page covers dedicated ITSM and ticketing platforms with at least incident and request management capabilities. Platforms focused exclusively on customer relationship management appear in CRM Platforms. Asset and configuration management databases are covered in ITSM and Help Desk where integrated, and standalone CMDB solutions are addressed separately. Monitoring and alerting platforms that generate tickets but do not manage the full ticket lifecycle appear in Security and Monitoring.

Assessment methodology

Tool assessments derive from official vendor documentation, published API references, release notes, and technical specifications as of January 2026. Feature availability varies by product tier, deployment model, and region. Verify current capabilities directly with vendors during procurement. Community-reported information is excluded; only documented features are assessed.

Requirements taxonomy

This taxonomy defines evaluation criteria for ITSM and help desk platforms. Requirements are organised by functional area and weighted by typical priority for mission-driven organisations. Adjust weights based on your specific operational context.

Functional requirements

Core capabilities that define what the platform must do.

Ticket and request management

ID	Requirement	Description	Assessment criteria	Verification method	Typical priority
F1.1	Multi-channel intake	Accept tickets via email, web portal, API, chat, and phone integration	Full: 5+ channels native. Partial: 3-4 channels. Limited: email and web only	Review channel documentation; test each intake method	Essential
F1.2	Ticket classification	Categorise tickets by type, priority, impact, urgency, and custom taxonomies	Full: unlimited custom fields, conditional logic, auto-classification. Partial: fixed categories. Limited: basic priority only	Configure test taxonomy; verify field dependencies	Essential
F1.3	Assignment and routing	Route tickets to queues, groups, or individuals based on rules	Full: skill-based routing, round-robin, load balancing, escalation rules. Partial: manual or basic rules. Limited: manual only	Configure routing rules; measure distribution accuracy	Essential
F1.4	Ticket lifecycle management	Track tickets through defined states with configurable workflows	Full: custom workflows per ticket type, state machine design. Partial: fixed workflow with limited customisation. Limited: open/closed only	Design multi-stage workflow; verify state transitions	Essential
F1.5	Parent-child relationships	Link related tickets hierarchically for problem-incident association	Full: unlimited hierarchy, bulk operations, cascade status. Partial: single parent-child. Limited: flat linking only	Create ticket hierarchy; test bulk operations	Important
F1.6	Merge and split	Combine duplicate tickets or split complex requests	Full: merge with history preservation, split with relationship. Partial: merge only. None: not supported	Test merge scenarios; verify audit trail	Important
F1.7	Collision detection	Prevent simultaneous editing and alert agents to concurrent access	Full: real-time locking, activity indicators. Partial: save-time conflict detection. None: last-save-wins	Simulate concurrent editing; verify conflict handling	Important
F1.8	Bulk operations	Apply actions to multiple tickets simultaneously	Full: bulk edit all fields, bulk assign, bulk close with notes. Partial: limited bulk actions. Limited: single-ticket operations	Select 50 tickets; apply bulk changes	Important

Service level management

ID	Requirement	Description	Assessment criteria	Verification method	Typical priority
F2.1	SLA definition	Configure response and resolution targets by priority, type, or customer	Full: multiple SLA policies, calendar-aware, multi-metric. Partial: single SLA per priority. Limited: global targets only	Configure tiered SLAs; verify calculation accuracy	Essential
F2.2	Business hours calendars	Define working hours, holidays, and time zones for SLA calculation	Full: multiple calendars, per-team assignment, global holidays. Partial: single calendar. Limited: 24/7 only	Configure regional calendars; verify SLA pause/resume	Essential
F2.3	SLA breach alerting	Notify before and upon SLA violation	Full: configurable warning thresholds, escalation chains. Partial: breach notification only. Limited: reporting only	Set warning at 80%; verify notification timing	Essential
F2.4	SLA reporting	Track SLA performance metrics over time	Full: compliance trends, breach analysis, team comparison. Partial: current status only. Limited: no SLA reporting	Generate monthly SLA report; verify metric accuracy	Essential
F2.5	Operational level agreements	Internal SLAs between teams for multi-tier support	Full: OLA tracking separate from customer SLA. Partial: combined tracking. None: customer SLA only	Configure OLA between Tier 1 and Tier 2; track separately	Important

Self-service and portal

ID	Requirement	Description	Assessment criteria	Verification method	Typical priority
F3.1	End-user portal	Web interface for users to submit and track requests	Full: branded portal, request forms, status tracking, history. Partial: basic submission. Limited: email only	Configure portal; test user journey from submission to closure	Essential
F3.2	Service catalogue	Published menu of available services with request forms	Full: categorised catalogue, approval workflows, fulfilment tracking. Partial: basic service list. Limited: generic request form	Build 10-item catalogue; test request-to-fulfilment flow	Important
F3.3	Knowledge base integration	Surface relevant articles during ticket creation	Full: AI-suggested articles, deflection metrics, embedded search. Partial: manual search. Limited: separate knowledge base	Submit request; verify article suggestions appear	Important
F3.4	Mobile self-service	Native or responsive mobile access for end users	Full: native apps or responsive design, full functionality. Partial: limited mobile features. None: desktop only	Test ticket submission and tracking on mobile devices	Important
F3.5	Multi-language portal	Portal interface in multiple languages	Full: UI and content localisation, RTL support. Partial: UI translation only. Limited: single language	Configure portal in 3 languages; verify content display	Context-dependent

ITIL process support

ID	Requirement	Description	Assessment criteria	Verification method	Typical priority
F4.1	Incident management	Dedicated workflow for service restoration	Full: impact/urgency matrix, major incident process, post-incident review. Partial: incident type without workflow. Limited: no distinction from requests	Configure incident workflow; test major incident escalation	Essential
F4.2	Problem management	Root cause analysis and known error tracking	Full: problem records, known error database, linked incidents. Partial: basic problem logging. None: not supported	Create problem from recurring incidents; document known error	Important
F4.3	Change management	Controlled process for implementing changes	Full: RFC workflow, CAB approval, change calendar, risk assessment. Partial: basic change tracking. None: not supported	Submit change request; test approval workflow and scheduling	Important
F4.4	Service request fulfilment	Distinct workflow for standard pre-approved requests	Full: catalogue-driven, automated fulfilment, approval routing. Partial: manual fulfilment. Limited: mixed with incidents	Configure automated software provisioning request	Important
F4.5	Release management	Coordinate deployments with change and configuration	Full: release records, deployment planning, CI associations. Partial: release tracking only. None: not supported	Plan release with multiple changes; track deployment status	Desirable
F4.6	Configuration management	Maintain configuration item data and relationships	Full: integrated CMDB, impact analysis, dependency mapping. Partial: basic asset records. None: not supported	Create CI hierarchy; link to incident; verify impact display	Important

Automation and workflow

ID	Requirement	Description	Assessment criteria	Verification method	Typical priority
F5.1	Trigger-based automation	Execute actions when conditions are met	Full: complex conditions, multiple actions, event-driven. Partial: simple if-then rules. Limited: no automation	Configure auto-assignment rule; verify execution	Essential
F5.2	Scheduled automation	Time-based actions on tickets	Full: scheduled jobs, maintenance windows, recurring tasks. Partial: basic scheduling. Limited: manual only	Create weekly stale-ticket cleanup; verify execution	Important
F5.3	Approval workflows	Multi-stage approval routing	Full: parallel/sequential approvers, delegation, timeout escalation. Partial: single-level approval. Limited: no approval	Configure 3-level approval; test delegation and timeout	Important
F5.4	Email notifications	Automated communication to stakeholders	Full: templated notifications, conditional triggers, rich text. Partial: basic notifications. Limited: manual email	Configure notification for each status change; verify delivery	Essential
F5.5	Webhook triggers	Send data to external systems on events	Full: configurable webhooks per event, payload customisation. Partial: limited events. None: no webhooks	Configure webhook for ticket creation; verify payload	Important

Reporting and analytics

ID	Requirement	Description	Assessment criteria	Verification method	Typical priority
F6.1	Built-in reports	Pre-configured operational reports	Full: 20+ standard reports, exportable, schedulable. Partial: basic reports. Limited: minimal reporting	Review report library; verify data accuracy	Essential
F6.2	Custom report builder	Create reports without code	Full: drag-drop builder, calculated fields, cross-object. Partial: filter-based customisation. Limited: fixed reports only	Build custom report joining tickets and agents; export to CSV	Essential
F6.3	Dashboards	Visual operational displays	Full: customisable dashboards, real-time refresh, role-based. Partial: fixed dashboards. Limited: no dashboards	Create queue-specific dashboard; verify auto-refresh	Essential
F6.4	Data export	Extract data for external analysis	Full: scheduled exports, API access, multiple formats. Partial: manual export. Limited: no export	Export 6 months of ticket data; verify completeness	Essential
F6.5	Trend analysis	Historical performance tracking	Full: configurable periods, comparison views, anomaly detection. Partial: basic trending. Limited: point-in-time only	Compare Q4 2024 vs Q4 2025 ticket volumes; verify accuracy	Important

Technical requirements

Infrastructure, deployment, and integration capabilities.

Deployment and hosting

ID	Requirement	Description	Assessment criteria	Verification method	Typical priority
T1.1	Self-hosted deployment	Install on organisation-controlled infrastructure	Full: documented installation, container support, air-gap capable. Partial: on-premises option with limitations. None: SaaS only	Review installation documentation; verify offline install	Context-dependent
T1.2	Cloud/SaaS deployment	Vendor-managed hosted service	Full: production-ready SaaS, regional options. Partial: limited regions. None: self-hosted only	Review SaaS documentation; verify regional availability	Context-dependent
T1.3	Container deployment	Docker or Kubernetes deployment option	Full: official images, Helm charts, orchestration support. Partial: community containers. None: traditional install only	Deploy using official container images	Important
T1.4	High availability	Redundancy and failover capability	Full: documented HA architecture, automated failover. Partial: manual failover. Limited: single instance	Review HA documentation; verify failover procedure	Important
T1.5	Horizontal scaling	Add capacity by adding nodes	Full: stateless design, documented scaling. Partial: limited scaling options. Limited: vertical scaling only	Review scaling documentation; verify load distribution	Important

Scalability and performance

ID	Requirement	Description	Assessment criteria	Verification method	Typical priority
T2.1	Concurrent users	Support simultaneous agent sessions	Document supported concurrent users; note tier limitations	Review capacity documentation; load test if possible	Essential
T2.2	Ticket volume	Handle ticket creation and query rates	Full: 10,000+ tickets/day documented. Partial: limits documented. Limited: undocumented	Review scalability documentation; verify limits	Essential
T2.3	Search performance	Fast full-text search across ticket history	Full: sub-second search, indexed attachments. Partial: basic search. Limited: slow search	Search 100,000+ ticket archive; measure response time	Important
T2.4	Attachment handling	Store and retrieve file attachments	Full: configurable limits, virus scanning, inline preview. Partial: size-limited. Limited: no attachments	Upload 25MB attachment; verify retrieval and preview	Important

Integration architecture

ID	Requirement	Description	Assessment criteria	Verification method	Typical priority
T3.1	REST API	Programmatic access to platform data and functions	Full: comprehensive coverage, documented, versioned. Partial: limited endpoints. None: no API	Review API documentation; verify endpoint coverage	Essential
T3.2	API authentication	Secure API access methods	Full: OAuth 2.0, API keys, service accounts. Partial: basic auth only. Limited: no authentication options	Configure OAuth integration; verify token handling	Essential
T3.3	Webhook support	Receive events from external systems	Full: configurable endpoints, signature verification. Partial: limited events. None: no inbound webhooks	Configure inbound webhook; verify event processing	Important
T3.4	Pre-built integrations	Native connectors to common systems	List integrations for: identity providers, monitoring, chat, email, CRM	Review integration catalogue; verify maintenance status	Important
T3.5	Custom field extensibility	Add organisation-specific data fields	Full: unlimited custom fields, all data types, conditional display. Partial: limited fields. Limited: no custom fields	Create 20 custom fields; verify in forms and reports	Essential

Security requirements

Authentication, authorisation, and data protection capabilities.

Authentication and access control

ID	Requirement	Description	Assessment criteria	Verification method	Typical priority
S1.1	Multi-factor authentication	Require second factor for login	Full: multiple MFA methods, policy enforcement. Partial: optional MFA. None: password only	Enable MFA; test TOTP and recovery codes	Essential
S1.2	Single sign-on	Federated authentication via SSO	Full: SAML 2.0 and OIDC, multiple IdP support. Partial: single protocol. None: local auth only	Configure SSO with Microsoft Entra ID or Keycloak	Essential
S1.3	Role-based access control	Permission assignment through roles	Full: custom roles, granular permissions, inheritance. Partial: fixed roles. Limited: admin/user only	Create custom role; verify permission boundaries	Essential
S1.4	Queue-based access	Restrict agent access to specific queues	Full: queue membership, view restrictions. Partial: global access. None: all agents see all	Configure queue restrictions; verify agent visibility	Important
S1.5	Field-level security	Control visibility of specific fields by role	Full: per-field permissions. Partial: object-level only. None: all-or-nothing	Hide salary field from non-HR agents; verify restriction	Important
S1.6	Session management	Control session duration and concurrent logins	Full: configurable timeouts, session visibility, forced logout. Partial: fixed settings	Configure 8-hour session timeout; verify enforcement	Important

Data protection

ID	Requirement	Description	Assessment criteria	Verification method	Typical priority
S2.1	Encryption at rest	Data encrypted in storage	Full: AES-256, documented key management. Partial: encryption optional. None: unencrypted	Review encryption documentation; verify implementation	Essential
S2.2	Encryption in transit	Data encrypted during transmission	Full: TLS 1.2+ enforced. Partial: TLS available. None: HTTP allowed	Test with SSL analyser; verify TLS version	Essential
S2.3	Audit logging	Comprehensive activity logging	Full: all operations logged, immutable, exportable. Partial: limited logging. None: no audit trail	Review audit log for ticket creation, edit, delete; verify completeness	Essential
S2.4	Data masking	Redact sensitive information in displays	Full: configurable masking rules. Partial: manual redaction. None: no masking	Configure PII masking; verify in agent interface	Important
S2.5	Data residency	Control data storage location	Full: selectable regions, contractual guarantees. Partial: limited regions. None: undisclosed	Review data residency documentation; verify contractually	Essential

Security certifications

ID	Requirement	Description	Assessment criteria	Verification method	Typical priority
S3.1	SOC 2 Type II	Independent security audit	Full: current certification available. Partial: Type I only. None: no SOC	Request SOC 2 report; verify scope and date	Important
S3.2	ISO 27001	Information security management	Full: current certification. None: not certified	Request certificate; verify scope	Important
S3.3	GDPR compliance	EU data protection compliance	Full: DPA available, data processing records. Partial: privacy policy only	Review DPA terms; verify controller/processor relationship	Essential

Operational requirements

Day-to-day administration and maintenance considerations.

Administration

ID	Requirement	Description	Assessment criteria	Verification method	Typical priority
O1.1	Admin interface quality	Usability of administrative tools	Full: comprehensive web UI, logical organisation. Partial: limited admin UI. Poor: command-line only	Navigate admin interface; assess task completion time	Important
O1.2	Configuration as code	Version-controllable configuration	Full: export/import, GitOps support. Partial: partial export. None: UI only	Export configuration; restore to test environment	Desirable
O1.3	Environment management	Development, staging, production separation	Full: environment cloning, config promotion. Partial: manual setup. None: single environment	Clone production to staging; verify data separation	Important
O1.4	Branding and customisation	White-label and visual customisation	Full: logo, colours, themes, custom CSS. Partial: logo only. Limited: no branding	Apply organisation branding; verify across portal and emails	Important

Backup and recovery

ID	Requirement	Description	Assessment criteria	Verification method	Typical priority
O2.1	Automated backup	Regular data backup capability	Full: configurable schedule, encryption, retention. Partial: manual backup. None: no backup capability	Configure daily backup; verify backup completeness	Essential
O2.2	Point-in-time recovery	Restore to specific moment	Full: granular PITR. Partial: daily snapshots. Limited: latest backup only	Test restore to specific timestamp; verify data accuracy	Important
O2.3	Disaster recovery	Documented recovery procedures	Full: tested DR runbook, RTO/RPO documented. Partial: general guidance. None: undocumented	Review DR documentation; verify RTO claims	Important

Support and maintenance

ID	Requirement	Description	Assessment criteria	Verification method	Typical priority
O3.1	Documentation quality	Technical documentation completeness	Full: comprehensive, current, searchable. Partial: incomplete. Poor: minimal	Assess documentation during evaluation; check update dates	Essential
O3.2	Release cadence	Update frequency and predictability	Full: published roadmap, regular releases. Partial: irregular releases	Review release history; check roadmap visibility	Important
O3.3	Breaking change policy	Advance notice for incompatible changes	Full: deprecation notices, migration guides. Partial: limited notice	Review changelog history; assess versioning policy	Important
O3.4	Community health (FOSS)	Open source project vitality	Assess: contributor count, commit frequency, issue response time	Review GitHub statistics; assess governance	Important for FOSS

Data management requirements

Data portability and lifecycle management.

Import and migration

ID	Requirement	Description	Assessment criteria	Verification method	Typical priority
D1.1	Data import formats	Supported import file types	List: CSV, JSON, XML, native formats from competitors	Review import documentation; test sample import	Important
D1.2	Migration tools	Utilities for migrating from other platforms	List supported source systems; note official vs community tools	Review migration documentation; assess complexity	Important
D1.3	Historical data import	Import tickets with original timestamps	Full: preserve creation/update dates, agents, status history. Partial: current state only	Import historical tickets; verify timestamp preservation	Important

Export and portability

ID	Requirement	Description	Assessment criteria	Verification method	Typical priority
D2.1	Complete data export	Export all organisation data	Full: tickets, attachments, users, configuration. Partial: tickets only. Limited: no export	Export complete dataset; verify attachment retrieval	Essential
D2.2	Export formats	Available export formats	List: CSV, JSON, XML, PDF, native format	Review export options; test format quality	Essential
D2.3	Attachment export	Retrieve stored files	Full: bulk export with metadata. Partial: individual download. None: locked	Export attachments; verify file integrity	Essential

Commercial requirements

Pricing, licensing, and vendor considerations.

Pricing and licensing

ID	Requirement	Description	Assessment criteria	Verification method	Typical priority
C1.1	Pricing transparency	Clarity of cost structure	Full: published pricing, calculator. Partial: quote required. Poor: opaque	Review public pricing; request detailed quote	Important
C1.2	Nonprofit programme	Discounted or donated licences	Full: established programme, significant discount. Partial: ad-hoc. None: standard pricing	Research programme; verify eligibility	Important
C1.3	Licensing model	How licences are counted	Document: per-agent, per-user, per-ticket, concurrent, unlimited	Clarify model; calculate for projected growth	Essential
C1.4	Open source licence (FOSS)	Source code licence terms	Document licence; note copyleft implications	Review licence; assess modification and distribution rights	Essential for FOSS

Vendor assessment

ID	Requirement	Description	Assessment criteria	Verification method	Typical priority
C2.1	Organisation stability	Financial and operational health	Assess: funding, revenue model, customer base, longevity	Research company/project history	Important
C2.2	Jurisdictional factors	Legal jurisdiction and implications	Document: HQ location, data centre locations, applicable laws	Review legal documentation; assess CLOUD Act exposure	Important
C2.3	Exit path	Ability to migrate away	Assess: data export completeness, format openness, documentation	Test full data export; evaluate migration complexity	Essential

Accessibility requirements

ID	Requirement	Description	Assessment criteria	Verification method	Typical priority
A1.1	WCAG 2.1 compliance	Web accessibility conformance	Full: Level AA documented. Partial: Level A. None: no statement	Review accessibility statement; test with screen reader	Important
A1.2	Keyboard navigation	Full functionality without mouse	Full: complete keyboard access. Partial: limited. None: mouse required	Navigate agent interface with keyboard only	Important
A1.3	Screen reader compatibility	Works with assistive technology	Full: tested and documented. Partial: basic compatibility	Test with NVDA or VoiceOver	Important

Assessment methodology

Tools are assessed against each requirement using the following scale:

Rating	Symbol	Definition
Full support	●	Requirement fully met with documented, production-ready capability
Partial support	◐	Requirement partially met; limitations documented in notes
Minimal support	○	Basic capability exists but significant gaps
Not supported	✗	Capability not available
Not applicable	-	Requirement not relevant to this tool
Not assessed	?	Insufficient documentation to assess

Additional notation:

$ indicates feature requires paid tier
E indicates enterprise tier only
P indicates plugin or extension required
C indicates community-provided (not vendor-supported)

Functional capability comparison

Ticket and request management

Req ID	Requirement	Zammad	osTicket	iTop	RT	OTOBO	JSM	Freshservice	Zendesk
F1.1	Multi-channel intake	●	●	◐	●	●	●	●	●
F1.2	Ticket classification	●	◐	●	●	●	●	●	●
F1.3	Assignment and routing	●	◐	●	●	●	●	●	●
F1.4	Ticket lifecycle	●	◐	●	●	●	●	●	●
F1.5	Parent-child relationships	●	○	●	●	●	●	●	●
F1.6	Merge and split	●	●	◐	●	●	●	●	●
F1.7	Collision detection	●	○	○	○	●	●	●	●
F1.8	Bulk operations	●	◐	●	●	●	●	●	●

Assessment notes:

osTicket F1.2: Fixed category structure; custom fields available but taxonomy less flexible than alternatives
osTicket F1.4: Predefined workflow states; limited customisation without code modification
iTop F1.1: Strong on web and email; chat integration via third-party; phone integration requires configuration
RT F1.7: No real-time collision detection; displays concurrent ticket access but no locking

Service level management

Req ID	Requirement	Zammad	osTicket	iTop	RT	OTOBO	JSM	Freshservice	Zendesk
F2.1	SLA definition	●	●P	●	●P	●	●	●	●
F2.2	Business hours	●	●P	●	●P	●	●	●	●
F2.3	SLA breach alerting	●	◐P	●	●P	●	●	●	●
F2.4	SLA reporting	●	◐P	●	●P	●	●	●	●
F2.5	OLA support	◐	✗	●	◐P	●	●$	●$	●$

Assessment notes:

osTicket: SLA functionality requires Service Level Agreements plugin (free); basic compared to dedicated ITSM platforms
RT: SLA features via RT::Extension::SLA (community-maintained); requires Perl expertise to configure
OTOBO F2.5: Full OLA support with ITSM packages installed
Commercial platforms F2.5: OLA tracking in premium tiers only

Self-service and portal

Req ID	Requirement	Zammad	osTicket	iTop	RT	OTOBO	JSM	Freshservice	Zendesk
F3.1	End-user portal	●	●	●	●	●	●	●	●
F3.2	Service catalogue	◐	✗	●	○	●	●	●	●
F3.3	Knowledge base integration	●	◐P	●	●	●	●	●	●
F3.4	Mobile self-service	●	◐	◐	○	◐	●	●	●
F3.5	Multi-language portal	●	●P	●	●	●	●	●	●

Assessment notes:

Zammad F3.2: Knowledge base included; formal service catalogue with workflow requires additional configuration
osTicket F3.3: FAQ module included; knowledge base plugin adds contextual suggestions
RT F3.4: Responsive design but no native mobile apps; mobile experience functional but limited
iTop/OTOBO F3.4: Responsive design; mobile usability varies by complexity of forms

ITIL process support

Req ID	Requirement	Zammad	osTicket	iTop	RT	OTOBO	JSM	Freshservice	Zendesk
F4.1	Incident management	●	◐	●	●	●	●	●	●
F4.2	Problem management	◐	○	●	◐	●	●	●	●$
F4.3	Change management	○	✗	●	◐P	●	●	●	●$
F4.4	Service request fulfilment	◐	◐	●	●	●	●	●	●
F4.5	Release management	✗	✗	●	○	●	●$	●$	✗
F4.6	Configuration management	○	✗	●	○P	●	●$	●	●$

Assessment notes:

Zammad: Designed as customer service platform; ITIL processes achievable through workflow customisation but not native
osTicket: Ticket-centric design; ITIL terminology not native; achievable through custom fields and workflows
iTop: Full ITIL 4 coverage; integrated CMDB is primary strength; processes tightly coupled with configuration items
RT: General-purpose ticket system; ITIL extensions available via RT::Extension modules
OTOBO: Fork of OTRS with full ITSM packages; comprehensive ITIL coverage

Automation and workflow

Req ID	Requirement	Zammad	osTicket	iTop	RT	OTOBO	JSM	Freshservice	Zendesk
F5.1	Trigger-based automation	●	◐	●	●	●	●	●	●
F5.2	Scheduled automation	●	◐P	●	●	●	●	●	●
F5.3	Approval workflows	◐	✗	●	◐P	●	●	●	●
F5.4	Email notifications	●	●	●	●	●	●	●	●
F5.5	Webhook triggers	●	◐	●	●P	●	●	●	●

Assessment notes:

osTicket F5.1: Basic automation through actions and filters; less flexible than alternatives
Zammad F5.3: Simple approval via groups; multi-stage approval workflows not native
RT: Scrips provide powerful automation; steep learning curve for complex workflows

Technical capability comparison

Deployment and hosting

Req ID	Requirement	Zammad	osTicket	iTop	RT	OTOBO	JSM	Freshservice	Zendesk
T1.1	Self-hosted	●	●	●	●	●	●E	✗	✗
T1.2	Cloud/SaaS	●	●	●	●	●	●	●	●
T1.3	Container deployment	●	●C	●C	◐C	●	●	-	-
T1.4	High availability	●	◐	●	●	●	●	●	●
T1.5	Horizontal scaling	●	◐	◐	●	●	●	●	●

Deployment details:

Tool	Self-hosted infrastructure	Container support	Minimum resources	Cloud regions
Zammad	Linux (Ubuntu 22.04+, Debian 12+), PostgreSQL 14+, Redis, Elasticsearch	Official Docker images, Docker Compose, Helm chart	4 CPU, 8GB RAM, 40GB storage	EU (via Zammad GmbH SaaS)
osTicket	Linux or Windows, PHP 8.2+, MySQL 8+	Community Docker images	2 CPU, 2GB RAM, 10GB storage	Various (via osTicket Cloud)
iTop	Linux, PHP 8.1+, MySQL 8+ or MariaDB 10.5+	Community Docker images	2 CPU, 4GB RAM, 20GB storage	EU (via Combodo SaaS)
RT	Linux, Perl 5.18+, PostgreSQL, MySQL, or MariaDB	Community Docker, partial support	2 CPU, 4GB RAM, 20GB storage	US (via Best Practical)
OTOBO	Linux (RHEL 9+, Debian 12+), PostgreSQL 14+, Redis, Elasticsearch	Official Docker images, recommended deployment	4 CPU, 8GB RAM, 50GB storage	EU (via Rother OSS)
JSM	SaaS (Cloud) or Data Center (self-hosted)	Official containers for Data Center	DC: 8 CPU, 16GB RAM	US, EU, APAC (multiple regions)
Freshservice	SaaS only	N/A	N/A	US, EU, APAC, India
Zendesk	SaaS only	N/A	N/A	US, EU, APAC

Assessment notes:

JSM T1.1: Data Center edition allows self-hosting; minimum 500 users for Data Center licensing
osTicket T1.3: Multiple community Docker images available; no official images
iTop/RT T1.3: Community containers exist; not officially maintained
OTOBO T1.3: Docker is recommended deployment method; well-documented

Integration architecture

Req ID	Requirement	Zammad	osTicket	iTop	RT	OTOBO	JSM	Freshservice	Zendesk
T3.1	REST API	●	●	●	●	●	●	●	●
T3.2	API authentication	OAuth 2.0, API token	API key	API key, basic auth	Token, OAuth	Token, OAuth 2.0	OAuth 2.0, API token	OAuth 2.0, API key	OAuth 2.0, API token
T3.3	Webhook support	●	◐	●	●P	●	●	●	●
T3.4	Pre-built integrations	20+	10+	30+	15+	40+	200+	1,000+	1,500+
T3.5	Custom field extensibility	●	●	●	●	●	●	●	●

API details:

Tool	API documentation	Rate limits	Versioning	SDK availability
Zammad	docs.zammad.org/en/latest/api	Configurable (self-hosted)	URL versioning	Ruby, Python (community)
osTicket	docs.osticket.com	Configurable (self-hosted)	None documented	PHP, Python (community)
iTop	itophub.io/wiki/page?id=latest:advancedtopics:rest_json	Configurable (self-hosted)	Not versioned	Python, PHP (community)
RT	docs.bestpractical.com/rt/latest/RT/REST2.html	Configurable (self-hosted)	URL versioning (REST2)	Perl (official), Python (community)
OTOBO	doc.otobo.org	Configurable (self-hosted)	Web service versioning	Perl (official)
JSM	developer.atlassian.com	100-1000/min by tier	Date versioning	Java, Python, JS (official)
Freshservice	api.freshservice.com	50-1000/min by tier	URL versioning (v2)	Python, Ruby, JS (community)
Zendesk	developer.zendesk.com	400-700/min by tier	Date versioning	Python, Ruby, PHP, JS (official)

Security capability comparison

Authentication and access control

Req ID	Requirement	Zammad	osTicket	iTop	RT	OTOBO	JSM	Freshservice	Zendesk
S1.1	MFA	●	●P	●P	●P	●	●	●	●
S1.2	SSO (SAML/OIDC)	●	●P	●	●P	●	●	●	●
S1.3	RBAC	●	◐	●	●	●	●	●	●
S1.4	Queue-based access	●	●	●	●	●	●	●	●
S1.5	Field-level security	◐	○	●	◐	●	●$	●	●$
S1.6	Session management	●	◐	●	●	●	●	●	●

Authentication methods:

Tool	MFA methods	SSO protocols	IdP tested
Zammad	TOTP, Security keys (WebAuthn)	SAML 2.0, OAuth 2.0, OpenID Connect	Keycloak, Azure AD, Okta
osTicket	TOTP (via plugin)	SAML 2.0, OAuth 2.0 (via plugins)	Azure AD, Google (plugins)
iTop	TOTP (via extension)	SAML 2.0 (native), OpenID Connect (extension)	Azure AD, ADFS
RT	TOTP (via extension)	SAML 2.0, LDAP (extensions)	Various via modules
OTOBO	TOTP	SAML 2.0, OAuth 2.0, OpenID Connect	Keycloak, Azure AD
JSM	TOTP, WebAuthn, Duo, Authy	SAML 2.0, OpenID Connect	All major IdPs
Freshservice	TOTP, SMS	SAML 2.0, OAuth 2.0	All major IdPs
Zendesk	TOTP, SMS	SAML 2.0, OpenID Connect	All major IdPs

Data protection

Req ID	Requirement	Zammad	osTicket	iTop	RT	OTOBO	JSM	Freshservice	Zendesk
S2.1	Encryption at rest	●*	●*	●*	●*	●*	●	●	●
S2.2	Encryption in transit	●	●	●	●	●	●	●	●
S2.3	Audit logging	●	◐	●	●	●	●	●	●
S2.4	Data masking	◐	○	◐	○	◐	●	●	●
S2.5	Data residency	●*	●*	●*	●*	●*	●	●	●

*Self-hosted: encryption and residency controlled by deployment configuration

Assessment notes:

FOSS platforms S2.1/S2.5: Encryption at rest and data residency are deployment-controlled; organisations using self-hosted options control these directly
osTicket S2.3: Basic logging; comprehensive audit trail requires customisation
Data masking: Commercial platforms offer configurable masking; FOSS platforms require custom implementation

Security certifications

Tool	SOC 2 Type II	ISO 27001	GDPR DPA	VPAT/Accessibility
Zammad (SaaS)	○	○	●	○
osTicket (SaaS)	○	○	○	○
iTop (SaaS)	○	●	●	○
RT (SaaS)	○	○	○	○
OTOBO (SaaS)	○	●	●	○
JSM	●	●	●	●
Freshservice	●	●	●	●
Zendesk	●	●	●	●

Assessment notes:

Self-hosted FOSS deployments: certifications depend on hosting organisation’s own compliance posture
Commercial SaaS platforms maintain certifications for their infrastructure
FOSS vendors with SaaS offerings (Zammad, iTop, OTOBO) have varying certification coverage

Operational capability comparison

Backup and recovery

Req ID	Requirement	Zammad	osTicket	iTop	RT	OTOBO	JSM	Freshservice	Zendesk
O2.1	Automated backup	●*	●*	●*	●*	●*	●	●	●
O2.2	Point-in-time recovery	●*	●*	●*	●*	●*	●	●	●
O2.3	Disaster recovery	●*	●*	●*	●*	●*	●	●	●

*Self-hosted: backup and DR are deployment responsibilities; documentation provided for database and file backup

Assessment notes:

FOSS platforms provide documentation for backup procedures; implementation is operator responsibility
Commercial SaaS platforms include backup and DR in service

Support comparison

Tool	Documentation quality	Community support	Paid support options	Response time (paid)
Zammad	● Good	Active forum, GitHub	Support contracts via Zammad GmbH	4-48 hours
osTicket	◐ Basic	Active forum	Professional support via osTicket	8-48 hours
iTop	● Good	Active forum	Support via Combodo	4-24 hours
RT	● Comprehensive	Mailing lists, forum	Enterprise support via Best Practical	4-24 hours
OTOBO	● Good	Active forum	Support via Rother OSS	4-24 hours
JSM	● Excellent	Community forums	Included in subscription	1-24 hours by tier
Freshservice	● Excellent	Community forums	Included in subscription	1-24 hours by tier
Zendesk	● Excellent	Community forums	Included in subscription	1-24 hours by tier

Data management comparison

Import and export

Req ID	Requirement	Zammad	osTicket	iTop	RT	OTOBO	JSM	Freshservice	Zendesk
D1.1	Import formats	CSV, JSON, API	CSV, API	CSV, XML, API	CSV, API	CSV, XML, API	CSV, API	CSV, API	CSV, API
D1.2	Migration tools	From OTRS, Zendesk, Kayako	Generic CSV	From various (documented)	Custom scripts	From OTRS	From multiple platforms	From multiple platforms	From multiple platforms
D1.3	Historical import	●	◐	●	●	●	●	●	●
D2.1	Complete export	●	●	●	●	●	●	●	●
D2.2	Export formats	JSON, CSV	CSV	CSV, XML	Tab-delimited, CSV	CSV, XML	CSV	CSV, JSON	JSON, CSV
D2.3	Attachment export	●	●	●	●	●	●	●	●

Migration complexity from common platforms:

Source platform	Zammad	osTicket	iTop	RT	OTOBO	JSM	Freshservice	Zendesk
OTRS	● Native	◐ Manual	◐ Manual	◐ Manual	● Native	◐ Manual	● Official	● Official
Zendesk	● Native	◐ Manual	◐ Manual	◐ Manual	◐ Manual	● Official	● Official	-
Freshdesk	◐ Manual	◐ Manual	◐ Manual	◐ Manual	◐ Manual	◐ Manual	● Official	● Official
Jira SM	◐ Manual	◐ Manual	◐ Manual	◐ Manual	◐ Manual	-	● Official	● Official
ServiceNow	◐ Manual	◐ Manual	◐ Manual	◐ Manual	◐ Manual	◐ Manual	● Official	● Official

Commercial comparison

Pricing models

Tool	Type	Model	Free tier	Nonprofit programme	Typical cost (10 agents)	Typical cost (50 agents)
Zammad	Open source	Free + optional support/SaaS	● Full product	N/A	£0 (self-hosted)	£0 (self-hosted)
osTicket	Open source	Free + optional SaaS	● Full product	N/A	£0 (self-hosted)	£0 (self-hosted)
iTop	Open source	Free + enterprise extensions	● Full product	N/A	£0 (self-hosted)	£0 (self-hosted)
RT	Open source	Free + optional support	● Full product	N/A	£0 (self-hosted)	£0 (self-hosted)
OTOBO	Open source	Free + optional support/SaaS	● Full product	N/A	£0 (self-hosted)	£0 (self-hosted)
JSM	Commercial	Per-agent subscription	● 3 agents	● 75% discount	£600-1,500/mo	£2,500-5,000/mo
Freshservice	Commercial	Per-agent subscription	✗ 21-day trial	● Via TechSoup	£700-1,700/mo	£3,000-7,000/mo
Zendesk	Commercial	Per-agent subscription	✗ 14-day trial	● Via Tech Impact	£800-2,000/mo	£3,500-8,000/mo

Cost notes:

Self-hosted costs exclude infrastructure (servers, database, storage, backup, SSL certificates)
Typical infrastructure cost for self-hosted: £50-300/month for 10 agents; £150-800/month for 50 agents
Commercial platform costs vary by tier; ranges shown cover entry to mid-tier plans
Enterprise features and premium support add 50-200% to base commercial costs

Detailed pricing: Commercial platforms

Jira Service Management Cloud

Tier	Price (per agent/month)	Key features	Limitations
Free	£0	Basic ITSM, 3 agents max	2GB storage, no SLA, limited automation
Standard	£17.65	Full ITSM, unlimited customers	250GB storage
Premium	£44.27	Advanced ITSM, AI, Assets	Unlimited storage, 99.9% SLA
Enterprise	Custom	Unlimited instances, advanced security	Minimum spend applies

Nonprofit programme: 75% discount through Atlassian Community License; requires registered charity status.

Freshservice

Tier	Price (per agent/month)	Key features	Limitations
Starter	£14	Basic ITSM, 300 assets	No change management, basic reporting
Growth	£39	Full ITSM, workflow automation	500 orchestrations/month
Pro	£78	Advanced ITSM, project management	5,000 orchestrations/month
Enterprise	£99	AI, sandbox, advanced analytics	Unlimited orchestrations

Nonprofit programme: Discounts available through TechSoup; discount level varies by region.

Zendesk

Tier	Price (per agent/month)	Key features	Limitations
Suite Team	£45	Basic ticketing, messaging	50 AI-assisted answers/month
Suite Growth	£75	SLA, automation, analytics	100 AI-assisted answers/month
Suite Professional	£95	Skills-based routing, side conversations	500 AI-assisted answers/month
Suite Enterprise	Custom	Sandbox, advanced security	Minimum seats apply

Nonprofit programme: Up to 50% discount through Tech Impact/Benevity; requires verification.

Vendor details

Tool	Organisation	Founded	HQ location	Business model
Zammad	Zammad Foundation / Zammad GmbH	2016	Germany	Open source foundation + commercial entity
osTicket	Enhancesoft	2006	United States	Open source + hosted service
iTop	Combodo	2010	France	Open source + enterprise services
RT	Best Practical Solutions	1999	United States	Open source + commercial support
OTOBO	Rother OSS GmbH	2020	Germany	Open source (OTRS fork) + services
JSM	Atlassian	2002	Australia (US HQ)	Public company, SaaS + Data Center
Freshservice	Freshworks	2010	United States (India origin)	Public company, SaaS
Zendesk	Zendesk (now private)	2007	United States	Private equity-owned, SaaS

Jurisdictional considerations:

US-headquartered (osTicket, RT, JSM, Freshservice, Zendesk): Subject to US CLOUD Act; government can compel data access regardless of storage location
German/EU-headquartered (Zammad, OTOBO): GDPR as primary framework; no CLOUD Act exposure
French-headquartered (iTop): GDPR as primary framework; no CLOUD Act exposure
Self-hosted options: Jurisdictional concerns mitigated by organisational control of infrastructure

Accessibility comparison

Req ID	Requirement	Zammad	osTicket	iTop	RT	OTOBO	JSM	Freshservice	Zendesk
A1.1	WCAG 2.1 compliance	◐ Partial	○ Limited	○ Limited	○ Limited	◐ Partial	● AA	● AA	● AA
A1.2	Keyboard navigation	●	◐	◐	◐	●	●	●	●
A1.3	Screen reader	◐	○	○	○	◐	●	●	●
A1.4	VPAT available	✗	✗	✗	✗	✗	●	●	●

Assessment notes:

Commercial platforms invest significantly in accessibility compliance; VPATs available on request
FOSS platforms have variable accessibility; Zammad and OTOBO lead among open source options
Organisations with accessibility requirements should evaluate agent and portal interfaces during trial

Detailed tool assessments

Zammad

Type: Open source
Licence: AGPL-3.0. Requires source disclosure if modified versions are distributed or provided as a service to third parties.
Current version: 6.5 (April 2025); 7.0 in development
Deployment options: Self-hosted (Linux), Docker, Kubernetes, SaaS
Source repository: github.com/zammad/zammad
Documentation: docs.zammad.org

Overview

Zammad is a web-based open source helpdesk and customer service platform developed by Zammad GmbH in Germany, with source code owned by the independent Zammad Foundation. Originally created by Martin Edenhofer (founder of OTRS), Zammad provides a modern ticketing system with emphasis on multichannel communication, real-time updates, and user experience. The platform uses Ruby on Rails with PostgreSQL, Elasticsearch for search, and Redis for caching.

Zammad focuses on customer service and support desk use cases rather than full ITIL compliance. The interface is modern and intuitive, requiring minimal training for agents. The system handles email, chat, phone (via CTI integration), Twitter, Facebook, and Telegram natively. Real-time updates via WebSockets create a responsive agent experience.

Capability assessment for ITSM

Zammad excels at ticket management, multichannel intake, and agent productivity. The knowledge base integrates with ticket creation for article suggestions. Workflow automation through triggers and schedulers handles routing, escalation, and notifications effectively.

For formal ITIL processes, Zammad requires configuration. While incident, request, and basic problem management work through ticket types and custom workflows, native change management, release management, and CMDB are not included. Organisations requiring formal ITIL alignment should consider OTOBO or iTop, or plan for significant customisation.

Key strengths:

Modern, responsive interface reduces agent training time
Strong multichannel support including social media and chat
Active open source community with regular releases
German/EU hosting available; GDPR-friendly deployment
Two-factor authentication and SSO built-in

Key limitations:

Limited native ITIL process support; requires workflow customisation
No integrated CMDB or asset management
Formal change management requires custom implementation
Enterprise features (reporting, advanced automation) require SaaS or development

Deployment and operations

Self-hosted requirements:

Operating system: Ubuntu 22.04+, Debian 12+, RHEL 8+ (with EPEL)
Database: PostgreSQL 14+ (PostgreSQL only from v7.0)
Runtime: Ruby (bundled), Node.js (bundled)
Dependencies: Elasticsearch 8.x, Redis 7+
Minimum resources: 4 CPU, 8GB RAM, 40GB storage
Recommended (100 agents): 8 CPU, 16GB RAM, 100GB storage

Deployment complexity: Medium. Package installation straightforward; Elasticsearch and Redis add operational overhead.

Operational overhead: Medium. Elasticsearch requires monitoring and index management. Regular updates released; upgrade process documented.

Upgrade path: Regular releases (approximately monthly). Major versions (6.x to 7.x) require migration steps. Breaking changes documented in release notes.

Integration capabilities

API coverage: Comprehensive REST API covering tickets, users, organisations, tags, and system configuration. GraphQL API in development.

Key integrations:

Integration	Type	Status	Documentation
Microsoft Entra ID	SSO	Native	docs.zammad.org
LDAP/Active Directory	Authentication	Native	docs.zammad.org
Keycloak	SSO	Native	docs.zammad.org
CTI (various)	Phone	Native	docs.zammad.org
Exchange/Office 365	Calendar	Native	docs.zammad.org
i-doit	CMDB	Community	External

Cost analysis

Direct costs:

Licence: Free (AGPL-3.0)
SaaS: From €5/agent/month (hosted by Zammad GmbH)
Support: Available through Zammad GmbH; pricing on request

Infrastructure costs (self-hosted):

Scale	Infrastructure estimate	Notes
Small (10 agents)	£100-200/month	Single server with separate PostgreSQL
Medium (50 agents)	£300-500/month	Application + database servers, Elasticsearch cluster
Large (200+ agents)	£800-1,500/month	HA deployment, dedicated Elasticsearch

Hidden costs:

Elasticsearch expertise or managed service
SSL certificate management
Backup infrastructure

Organisational fit

Best suited for:

Customer service and support desk operations
Organisations prioritising modern UX and multichannel support
Teams wanting EU-hosted open source solution
Environments where formal ITIL compliance is not required

Less suitable for:

Organisations requiring formal ITIL change and release management
Environments needing integrated CMDB
Teams requiring enterprise reporting without development

Migration considerations:

Native import from OTRS, Zendesk, Kayako, Freshdesk
CSV/API import for other platforms
Full data export available

osTicket

Type: Open source
Licence: GPL-2.0. Permits modification and distribution; derivative works must use compatible licence.
Current version: 1.18.2 (February 2025)
Deployment options: Self-hosted (Linux/Windows), SaaS
Source repository: github.com/osTicket/osTicket
Documentation: docs.osticket.com

Overview

osTicket is a widely-deployed open source support ticket system developed by Enhancesoft. First released in 2003, osTicket provides essential ticketing functionality with low resource requirements and straightforward deployment. The platform uses PHP with MySQL, making it deployable on standard LAMP/LEMP stacks and most shared hosting environments.

osTicket focuses on core ticketing rather than comprehensive ITSM. The system handles email, web portal, and API intake, with plugins adding additional channels. Custom forms and fields allow adaptation to various use cases. The extensive plugin ecosystem (some free, some commercial) extends functionality.

Capability assessment for ITSM

osTicket provides solid ticket management for help desk operations. Tickets flow through customisable statuses with assignment, collaboration, and response capabilities. The FAQ module offers basic knowledge management. Custom forms enable organisation-specific data capture.

For ITIL processes, osTicket is limited. The platform does not distinguish incident from service request natively, and problem, change, and release management are not included. The SLA plugin adds service level tracking. Organisations requiring ITIL alignment should consider alternatives or plan significant customisation.

Key strengths:

Low resource requirements; runs on shared hosting
Simple installation and administration
Long track record and extensive deployment base
Plugin ecosystem extends core functionality
Low barrier to entry for basic help desk

Key limitations:

Limited native ITIL support; no change or problem management
Basic automation compared to alternatives
No integrated CMDB
Plugin quality varies; some commercial, some unmaintained
Interface dated compared to modern platforms

Deployment and operations

Self-hosted requirements:

Operating system: Linux or Windows with web server
Web server: Apache 2.4+ or IIS 8+
Database: MySQL 8+ or MariaDB 10.4+
Runtime: PHP 8.2-8.4
Dependencies: PHP extensions (imap, json, mbstring, etc.)
Minimum resources: 1 CPU, 2GB RAM, 10GB storage

Deployment complexity: Low. Standard PHP application; installs via web wizard.

Operational overhead: Low. Minimal maintenance required for basic operation.

Upgrade path: Regular releases. Upgrade via file replacement; database migrations automatic.

Integration capabilities

API coverage: REST API for ticket, user, and organisation operations. Adequate for basic integrations.

Key integrations:

Integration	Type	Status	Documentation
OAuth2 (Azure, Google)	Authentication	Plugin	osticket.com
LDAP	Authentication	Core	docs.osticket.com
S3	Attachments	Plugin	osticket.com
Various	Plugins	Community	osticket.com

Cost analysis

Direct costs:

Licence: Free (GPL-2.0)
Plugins: Various (free and commercial)
SaaS: From $15/agent/month (via osTicket Cloud)

Infrastructure costs (self-hosted):

Scale	Infrastructure estimate	Notes
Small (10 agents)	£20-50/month	Shared hosting or small VPS
Medium (50 agents)	£100-200/month	Dedicated server or VPS
Large (200+ agents)	£300-600/month	Multiple servers with load balancing

Hidden costs:

Commercial plugins if required
Custom development for ITIL processes

Organisational fit

Best suited for:

Small teams needing basic ticket management
Organisations with limited IT resources
Environments where simple email-to-ticket workflow suffices
Budget-constrained deployments

Less suitable for:

ITIL-aligned IT service management
Complex workflow automation requirements
Organisations requiring integrated asset/configuration management
Teams needing modern, responsive interface

iTop

Type: Open source
Licence: AGPL-3.0. Requires source disclosure for modifications; commercial extensions available under separate licence.
Current version: 3.2.2 LTS (2025); 3.3 STS branch active
Deployment options: Self-hosted (Linux), SaaS
Source repository: github.com/Combodo/iTop
Documentation: itophub.io

Overview

iTop (IT Operational Portal) is an open source ITSM platform developed by Combodo in France. The platform differentiates itself through its CMDB-centric architecture: configuration items and their relationships form the foundation, with ticket management built around configuration data. This design supports impact analysis, dependency mapping, and service-aware incident management.

iTop provides comprehensive ITIL coverage including incident, problem, change, and release management. The low-code CMDB allows organisations to model their specific infrastructure and services without programming. Extensions available through iTop Hub add capabilities including SLA management, reporting, and integrations.

Capability assessment for ITSM

iTop’s CMDB is its primary strength. Organisations can model complex infrastructure with configuration items, relationships, and impact rules. When incidents occur, the system displays affected CIs and downstream impacts. Change management links changes to affected configurations, enabling impact assessment before implementation.

The ticketing system supports full ITIL processes with separate workflows for incidents, service requests, problems, and changes. The service catalogue defines available services linked to SLAs and supporting CIs. The interface is functional but dated compared to modern platforms; Combodo’s development focuses on capability rather than aesthetic refinement.

Key strengths:

Comprehensive CMDB with relationship modelling
Full ITIL process coverage in open source version
Impact analysis links incidents and changes to affected services
Low-code customisation via ITSM Designer (commercial extension)
French/EU vendor; GDPR-friendly

Key limitations:

Interface dated; learning curve for new users
Mobile experience limited
Documentation extensive but assumes technical knowledge
Some advanced features require commercial extensions
Performance tuning required for large CMDB

Deployment and operations

Self-hosted requirements:

Operating system: Linux (RHEL/CentOS, Debian, Ubuntu)
Web server: Apache 2.4+ with mod_php or PHP-FPM
Database: MySQL 8+ or MariaDB 10.5+
Runtime: PHP 8.1+
Dependencies: Graphviz (for impact diagrams)
Minimum resources: 2 CPU, 4GB RAM, 20GB storage
Recommended (50 agents): 4 CPU, 8GB RAM, 100GB storage

Deployment complexity: Medium. Standard PHP application; CMDB configuration requires planning.

Operational overhead: Medium. Database performance critical for large CMDB; periodic optimisation required.

Upgrade path: LTS branch (3.2.x) supported for 2 years; STS branch (3.3.x) for early features. Upgrade wizard handles database migrations.

Integration capabilities

API coverage: REST/JSON API for all objects; comprehensive CRUD operations on any CI or ticket type.

Key integrations:

Integration	Type	Status	Documentation
LDAP/AD	Authentication	Native	itophub.io
SAML 2.0	SSO	Native	itophub.io
Nagios/Icinga	Monitoring	Extension	iTop Hub
Ansible	Automation	Extension	iTop Hub
TeemIP	IP Management	Official	combodo.com

Cost analysis

Direct costs:

Licence: Free (AGPL-3.0)
Extensions: Many free; advanced extensions commercial
ITSM Designer (low-code): Commercial licence
Support: Through Combodo partners

Infrastructure costs (self-hosted):

Scale	Infrastructure estimate	Notes
Small (10 agents)	£80-150/month	Single server deployment
Medium (50 agents)	£200-400/month	Separate database server
Large (200+ agents)	£500-1,000/month	Clustered with optimised database

Hidden costs:

ITSM Designer if low-code customisation needed
Database performance optimisation expertise

Organisational fit

Best suited for:

Organisations requiring CMDB-centric ITSM
IT departments managing complex infrastructure
Environments where impact analysis is critical
Teams seeking full ITIL coverage in open source

Less suitable for:

Simple help desk requirements (over-engineered)
Organisations prioritising modern UX
Mobile-first environments
Teams without database administration capability

Request Tracker (RT)

Type: Open source
Licence: GPL-2.0. Permits modification and distribution under compatible terms.
Current version: 6.0.2 (October 2025); 5.0.9 maintenance
Deployment options: Self-hosted (Linux), Cloud RT (managed service)
Source repository: github.com/bestpractical/rt
Documentation: docs.bestpractical.com

Overview

Request Tracker (RT) is a mature open source ticket tracking system developed by Best Practical Solutions since 1996. RT serves diverse use cases from IT help desk to security incident response (via RT for Incident Response). The platform uses Perl with PostgreSQL, MySQL, or Oracle, and runs on Apache with mod_perl or Plack/Starman.

RT emphasises flexibility and extensibility. The system’s “scrips” (scripts triggered by ticket events) enable complex automation. Custom fields, lifecycle states, and workflows accommodate varied requirements. The RT ecosystem includes extensions for SLA management, approvals, assets, and integrations.

Capability assessment for ITSM

RT provides comprehensive ticket management with configurable lifecycles and workflows. Different queues can have different workflows, enabling separation of incident, request, and other ticket types. The scrip system handles complex automation including notifications, field updates, and external integrations.

RT for Incident Response (RTIR) extends RT specifically for security teams with incident states, constituencies, and investigation workflows. For general ITSM, RT requires configuration and extension installation to match platforms with native ITIL coverage.

Key strengths:

Mature codebase with 25+ years of development
Highly flexible workflow and automation system
Strong security incident response variant (RTIR)
Comprehensive audit trail and history
Active commercial support from Best Practical

Key limitations:

Perl expertise required for customisation
Interface functional but not modern
Extensions required for ITIL processes
Steeper learning curve than alternatives
Limited mobile experience

Deployment and operations

Self-hosted requirements:

Operating system: Linux (RHEL/CentOS, Debian, Ubuntu)
Web server: Apache with mod_perl or nginx with Plack
Database: PostgreSQL 13+ (recommended), MySQL 8+, MariaDB
Runtime: Perl 5.18+
Dependencies: Various CPAN modules
Minimum resources: 2 CPU, 4GB RAM, 20GB storage

Deployment complexity: Medium-High. Perl environment setup; CPAN dependency management.

Operational overhead: Medium. Stable in production; upgrades require attention to extension compatibility.

Upgrade path: Major versions (5.x to 6.x) require review of extensions. LTS available for enterprises.

Cost analysis

Direct costs:

Licence: Free (GPL-2.0)
Cloud RT: Managed service pricing on request
Support: Enterprise support from Best Practical

Infrastructure costs (self-hosted):

Scale	Infrastructure estimate	Notes
Small (10 agents)	£80-150/month	Single server
Medium (50 agents)	£200-400/month	Separate database
Large (200+ agents)	£500-1,000/month	Clustered deployment

Organisational fit

Best suited for:

Organisations with Perl expertise
Security teams (RT for Incident Response)
Environments requiring extensive customisation
Long-term stable deployments

Less suitable for:

Teams without Perl skills
Organisations prioritising modern UX
Simple help desk requirements
Mobile-centric environments

OTOBO

Type: Open source
Licence: GPL-3.0. Permits modification and distribution; derivative works under compatible licence.
Current version: 11 (2025)
Deployment options: Self-hosted (Linux), Docker, SaaS
Source repository: github.com/RotherOSS/otobo
Documentation: doc.otobo.org

Overview

OTOBO is an open source ITSM platform forked from OTRS Community Edition in 2020 by Rother OSS GmbH after OTRS AG restricted the open source version. OTOBO maintains compatibility with OTRS workflows and configurations while adding features and maintaining the open source development model. The platform uses Perl with PostgreSQL, Redis, and Elasticsearch.

OTOBO provides comprehensive ITSM functionality through core ticketing and optional ITSM packages. The modular architecture allows organisations to enable features as needed. Docker is the recommended deployment method, simplifying installation and updates.

Capability assessment for ITSM

OTOBO’s ITSM packages provide full ITIL coverage including incident, problem, change, and configuration management. The CMDB (via ITSMConfigurationManagement) links CIs to services and tickets. Version 11 introduced a redesigned CMDB with tree views, formula fields, and improved CI access controls.

The workflow engine handles complex processes with states, transitions, and automated actions. Generic agents (scheduled automation) and event-based notifications provide comprehensive automation. The customer portal supports self-service and service catalogue presentation.

Key strengths:

Full ITIL process coverage with ITSM packages
Modern CMDB redesign in version 11
Docker deployment simplifies operations
Active development and regular releases
German/EU vendor; GDPR-friendly
Migration path from OTRS

Key limitations:

Perl-based; customisation requires Perl knowledge
Interface improved but not as modern as some alternatives
ITSM packages add complexity
Elasticsearch required for search performance

Deployment and operations

Self-hosted requirements:

Operating system: Linux (RHEL 9+, Debian 12+, Ubuntu 22.04+)
Container: Docker and Docker Compose (recommended)
Database: PostgreSQL 14+
Dependencies: Redis 7+, Elasticsearch 8.x
Minimum resources: 4 CPU, 8GB RAM, 50GB storage
Recommended (50 agents): 8 CPU, 16GB RAM, 200GB storage

Deployment complexity: Low-Medium. Docker deployment well-documented; traditional install more complex.

Operational overhead: Medium. Elasticsearch and Redis require monitoring; Docker simplifies updates.

Upgrade path: Regular releases; Docker deployment enables straightforward container updates.

Integration capabilities

API coverage: Web services (REST/SOAP) for comprehensive ticket and CI operations; GenericInterface for custom integrations.

Key integrations:

Integration	Type	Status	Documentation
LDAP/AD	Authentication	Native	doc.otobo.org
SAML/OAuth	SSO	Native	doc.otobo.org
Nagios/Icinga	Monitoring	Package	otobo.io
Grafana	Dashboards	Community	github.com/zammad
FAQ	Knowledge base	Package	otobo.io

Cost analysis

Direct costs:

Licence: Free (GPL-3.0)
Packages: Most free; some commercial
SaaS: Through Rother OSS; pricing on request
Support: Through Rother OSS and partners

Infrastructure costs (self-hosted):

Scale	Infrastructure estimate	Notes
Small (10 agents)	£100-200/month	Docker host with PostgreSQL
Medium (50 agents)	£300-500/month	Separate database and Elasticsearch
Large (200+ agents)	£800-1,500/month	Clustered deployment

Organisational fit

Best suited for:

OTRS migrations seeking open source continuity
Organisations requiring full ITIL coverage
Environments comfortable with Docker deployment
Teams seeking EU-hosted open source ITSM

Less suitable for:

Simple help desk requirements
Organisations without Perl/Linux expertise
Teams requiring extensive mobile access
Environments preferring simpler architecture

Jira Service Management

Type: Commercial
Licence: Proprietary; subscription-based
Current version: Cloud (continuous updates); Data Center 11.3 LTS (December 2025)
Deployment options: Cloud (SaaS), Data Center (self-hosted)
Vendor: Atlassian
Documentation: support.atlassian.com/jira-service-management-cloud

Overview

Jira Service Management (JSM) is Atlassian’s ITSM platform, evolved from Jira Service Desk. JSM builds on Jira’s project and issue tracking foundation, adding ITSM-specific workflows, customer portal, SLA management, and integration with Atlassian’s ecosystem (Confluence, Opsgenie, Statuspage). The platform serves IT, HR, legal, and other service teams.

JSM Cloud receives continuous updates with AI features and advanced automation. Data Center edition provides self-hosted deployment for organisations with data residency or infrastructure control requirements, though Atlassian encourages cloud adoption.

Capability assessment for ITSM

JSM provides comprehensive ITSM with incident, problem, change, and request management. Integration with Opsgenie (included in Premium/Enterprise) adds on-call scheduling, alerting, and incident response. Assets (Premium+) provides CMDB functionality with discovery and dependency mapping.

The platform excels when combined with other Atlassian tools: Confluence for knowledge base, Jira Software for development team integration, and Statuspage for communication. Automation rules handle complex workflows. The Atlassian Marketplace offers 1,000+ apps for extended functionality.

Key strengths:

Deep integration with Atlassian ecosystem
Advanced automation and AI features
Comprehensive on-call and alerting (Premium+)
Large marketplace for extensions
Strong knowledge base via Confluence
Development team integration

Key limitations:

Pricing scales quickly with agents and tiers
Data Center minimum 500 users
US-headquartered; CLOUD Act applies to SaaS
Asset/CMDB requires Premium tier
Learning curve for non-Atlassian users

Deployment and operations

Cloud: Fully managed; no infrastructure management required.

Data Center requirements:

Operating system: Linux (RHEL 8+, Ubuntu 20.04+)
Database: PostgreSQL 13-16
Runtime: Java 11 (bundled)
Search: OpenSearch or Elasticsearch
Minimum resources: 8 CPU, 16GB RAM, 100GB storage
Recommended: 16+ CPU, 32GB RAM, SSD storage

Deployment complexity: Cloud: Low. Data Center: Medium-High; requires Atlassian expertise.

Operational overhead: Cloud: Low (managed). Data Center: Medium-High; backup, updates, performance tuning.

Cost analysis

Cloud pricing:

Tier	Price (per agent/month)	Key features
Free	£0	3 agents, basic ITSM
Standard	£17.65	Unlimited agents, full ITSM
Premium	£44.27	AI, Assets, Opsgenie, advanced SLA
Enterprise	Custom	Unlimited instances, advanced security

Nonprofit programme: 75% discount via Atlassian Community License; registered charities and qualifying nonprofits.

Data Center: Annual licence based on user tiers; minimum 500 users; starts ~$42,000/year.

Organisational fit

Best suited for:

Organisations already using Atlassian products
Development-heavy environments needing dev/IT integration
Teams requiring advanced on-call and alerting
Enterprises with budget for Premium tier

Less suitable for:

Small teams (pricing)
Organisations avoiding US cloud providers
Simple help desk requirements
Budget-constrained nonprofits (despite discount)

Freshservice

Type: Commercial SaaS
Licence: Proprietary; subscription-based
Current version: Continuous updates (SaaS)
Deployment options: Cloud only
Vendor: Freshworks
Documentation: support.freshservice.com

Overview

Freshservice is a cloud-based ITSM platform from Freshworks, designed for straightforward deployment and ease of use. The platform provides ITIL-aligned processes with a modern interface and gamification elements to encourage adoption. Freshservice emphasises quick time-to-value with pre-configured workflows and AI-assisted features.

Freshworks’ product suite includes Freshdesk (customer service), Freshsales (CRM), and other tools that integrate with Freshservice. The platform serves IT, HR, and facilities teams with a unified approach to service management.

Capability assessment for ITSM

Freshservice provides comprehensive ITSM with incident, problem, change, and release management. The service catalogue enables self-service with approval workflows. Asset management includes discovery and software licence tracking. Project management (Pro tier+) enables project ticket integration.

The platform excels at usability; agents can be productive with minimal training. Workflow automation handles routing, escalation, and notifications. AI features assist with categorisation and knowledge article suggestions. The mobile apps provide full functionality for remote agents.

Key strengths:

Intuitive interface; minimal training required
Quick deployment with pre-configured workflows
Integrated asset management with discovery
Strong mobile experience
Freddy AI for automation and insights
Extensive integration marketplace

Key limitations:

SaaS only; no self-hosted option
US-headquartered; CLOUD Act applies
Advanced features (project management, AI) require higher tiers
Pricing increases significantly with tier and agents
Customisation depth limited compared to FOSS

Cost analysis

Tier	Price (per agent/month)	Key features
Starter	£14	Basic ITSM, 300 assets
Growth	£39	Full ITSM, orchestration
Pro	£78	Project management, analytics
Enterprise	£99	AI, sandbox, SLA management

Nonprofit programme: Discounts via TechSoup; varies by region.

Organisational fit

Best suited for:

Organisations prioritising ease of use
Teams needing quick deployment
IT departments wanting integrated asset management
Environments comfortable with SaaS

Less suitable for:

Organisations requiring self-hosted deployment
Entities avoiding US cloud providers
Budget-constrained organisations (smaller teams)
Environments needing deep customisation

Zendesk

Type: Commercial SaaS
Licence: Proprietary; subscription-based
Current version: Continuous updates (SaaS)
Deployment options: Cloud only
Vendor: Zendesk (private equity-owned since 2022)
Documentation: developer.zendesk.com

Overview

Zendesk is a leading customer service and support platform used by organisations across industries. While primarily positioned for customer service, Zendesk’s flexibility enables internal IT help desk use. The platform provides omnichannel support, AI-powered automation, and extensive integration options.

Zendesk was acquired by private equity in 2022, transitioning from public company to private ownership. The platform continues active development with focus on AI features and enterprise capabilities.

Capability assessment for ITSM

Zendesk provides strong ticket management with multichannel support (email, chat, voice, social, messaging). The platform supports ITIL-style workflows through ticket types, automations, and macros. Knowledge base (Zendesk Guide) integrates with ticket creation for article suggestions.

For formal ITIL processes, Zendesk requires configuration. The platform lacks native change management, problem management, and CMDB. Organisations requiring these capabilities should consider Zendesk in combination with other tools, or evaluate ITSM-specific platforms.

Key strengths:

Leading omnichannel support platform
Extensive AI features for automation
Large integration marketplace (1,500+ apps)
Strong analytics and reporting
Mature, stable platform

Key limitations:

Customer service focus; ITIL processes require configuration
No native CMDB or asset management
No change/problem management without extensions
SaaS only; no self-hosted option
US-headquartered; CLOUD Act applies

Cost analysis

Tier	Price (per agent/month)	Key features
Suite Team	£45	Basic ticketing, messaging
Suite Growth	£75	SLA, automation
Suite Professional	£95	Advanced routing, side conversations
Suite Enterprise	Custom	Sandbox, advanced security

Nonprofit programme: Up to 50% discount via Tech Impact; verification required.

Organisational fit

Best suited for:

Customer service operations
Organisations already using Zendesk for external support
Environments prioritising omnichannel support
Teams needing strong analytics

Less suitable for:

ITIL-aligned IT service management
Organisations requiring change/problem management
Entities needing CMDB integration
Environments requiring self-hosted deployment

Selection guidance

Decision framework

                                      +------------------+
                                      | ITSM platform    |
                                      | needed?          |
                                      +--------+---------+
                                               |
                  +----------------------------+-------------------------+
                  |                                                      |
                Full ITIL                                        Help desk /
                coverage needed?                                 Customer support
                      |                                                  |
         +------------+------------+                        +------------+------------+
         |                         |                        |                         |
        Yes                       No                  Internal IT                External CS
         |                         |                        |                         |
    +-----+-----+           +------+------+          +------+------+           +------+------+
    |           |           |             |          |             |           |             |
Self-hosted    SaaS      Self-hosted     SaaS      Self-hosted    SaaS      Self-hosted    SaaS
    |           |           |             |          |             |           |             |
 iTop         JSM        Zammad         JSM        Zammad        JSM        Zammad        Zendesk
 OTOBO        Fresh-     osTicket       Fresh-     osTicket      Fresh-     osTicket      Fresh-
 RT           service                   service                  service                  service

Recommendations by organisational context

For organisations with minimal IT capacity

Primary recommendation: Freshservice (Starter) or osTicket (self-hosted)

Rationale: Freshservice provides quick deployment with minimal administration; pre-configured workflows reduce setup time. For organisations with existing web hosting and budget constraints, osTicket provides essential ticketing with low overhead.

Alternative: Zammad SaaS provides modern interface with straightforward administration; German hosting addresses EU data residency concerns.

Avoid: iTop, OTOBO, RT without dedicated IT staff; complexity exceeds benefit for simple requirements.

For organisations with established IT capacity

Primary recommendation: OTOBO or iTop (self-hosted) for full ITIL; Zammad for service desk focus

Rationale: OTOBO and iTop provide comprehensive ITIL coverage with CMDB integration. Docker deployment (OTOBO) simplifies operations. Organisations with Perl or PHP expertise can customise extensively.

Alternative: Jira Service Management (Cloud) if Atlassian ecosystem already deployed; Premium tier for Assets and advanced features.

Avoid: Basic platforms that require significant customisation to meet ITIL requirements.

For organisations with specific constraints

Data sovereignty/EU requirements:

Recommended: Zammad, OTOBO, or iTop (German/French vendors; self-hosted or EU SaaS)
Avoid: US-headquartered SaaS (Zendesk, Freshservice) for sensitive data

CMDB-centric operations:

Recommended: iTop (CMDB is foundational); JSM with Assets (Premium)
Avoid: Zammad, osTicket, Zendesk (no native CMDB)

Security incident response:

Recommended: Request Tracker with RTIR
Alternative: OTOBO with ITSM packages

Maximum budget constraint:

Recommended: osTicket (lowest resource requirements); Zammad (balanced capability/simplicity)
Avoid: Commercial platforms without nonprofit discounts

Migration paths

From	To	Complexity	Approach	Timeline
OTRS	OTOBO	Low	Native migration tools	1-2 weeks
OTRS	Zammad	Medium	Import wizard	2-4 weeks
Zendesk	Zammad	Low	Native import	1-2 weeks
Zendesk	JSM	Medium	Atlassian migration tools	2-4 weeks
ServiceNow	JSM	High	Custom migration	1-3 months
ServiceNow	OTOBO	High	API-based migration	1-3 months
Any	Freshservice	Medium	Freshworks migration service	2-6 weeks
Any	Zendesk	Medium	Zendesk migration service	2-6 weeks

Resources and references

Official documentation

Tool	Documentation	API reference	Community
Zammad	docs.zammad.org	docs.zammad.org/en/latest/api	community.zammad.org
osTicket	docs.osticket.com	docs.osticket.com	osticket.com/forum
iTop	itophub.io	itophub.io/wiki	itophub.io/forum
RT	docs.bestpractical.com	docs.bestpractical.com	forum.bestpractical.com
OTOBO	doc.otobo.org	doc.otobo.org	otobo.io/community
JSM	support.atlassian.com	developer.atlassian.com	community.atlassian.com
Freshservice	support.freshservice.com	api.freshservice.com	community.freshworks.com
Zendesk	support.zendesk.com	developer.zendesk.com	support.zendesk.com

Standard	Relevance	Source
ITIL 4	Service management framework	axelos.com
ISO/IEC 20000	IT service management	iso.org
WCAG 2.1	Accessibility compliance	w3.org/WAI