For enquiries call:
+1-469-442-0620
HomeBlogIT Service ManagementWhat is Incident Management in ITIL?
When most people think of IT, Incident Management process typically comes to the mind. It focuses solely on handling and escalating incidents as they occur to restore defined service levels. Incident management does not deal with root cause analysis or problem resolution. The main goal is to take user incidents from a reported stage to a closed stage.
Once established, effective incident management provides recurring value for the business. It allows incidents to be resolved in timeframes previously unseen. For most organizations, the process moves support from emailing back and forth to a formal ticketing system with built-in:
The formal structures take time to develop but results in better outcomes for users, support staff, and the business. The data gathered from tracking incidents allows for better problem management and business decisions.
Incident management also involves creating incident models, which allow support staff to efficiently resolve recurring issues. Models allow support staff to resolve incidents quickly with defined processes for incident handling. In some organizations, a dedicated staff has incident management as their only role. In most businesses, the task is relegated to the service desk and its owners, managers, and stakeholders. To have a detailed understanding of Incident Management you can take up ITIL foundation certification.
The visibility of incident management makes it the easiest to implement and get buy-in for, since its value is evident to users at all levels of the organization. Everyone has issues they need support or facilities staff to resolve and handling them quickly aligns with the needs of users at all levels.
An unplanned interruption to a service or reduction in the quality of a service. The purpose of the incident management practice is to minimize the negative impact of incidents by restoring normal service operation as quickly as possible.
This article describes incident management process. It will be used as a reference for the implementation and use of incident management process on an ongoing basis. This process guide is based on the best practices described on the Information Technology Infrastructure Library (ITIL).
Every participant in the process is expected to understand and adhere to the process and roadmap from which lower-level operation procedures can be defined and implemented by the service improvement team and IT Delivery staff.
The policy governs the Incident Management process and all procedures implemented for the management and execution of the process. This policy statement defines the system of governance that is used to ensure that support team members and contractors follow the prescribed process as requirement. The Incident Management policy is defined as a ser of ruled listed below:
Incident Management Process consists of the following major sub process, which includes further processes:
The document defines actual standards for delivering IT services, in case of customer has specific requirements the document can be customized to customer specific requirements. This document serves the purpose of providing material for high level training and education to end requestor and IT communities.
The intended audience for this document includes all incident management process roles, Service Desk Analyst, Manager, other service management process owners (Problem Manager, Change Manager), Application Development and Maintenance staff involved in incident management.
The high-level Incident Management process is depicted in the following diagram.
Requestor
Requestor is the authorized person to report issues:
Service Desk Analyst (SDA)
The Service Desk is the first role that the Requestor interfaces. This includes initial support.
Support Analyst/ Technical Support
Incident Manager
Major Incident Manager
Detailed Description of Recording and Classification
Procedure | Input | Description | Output |
Identify Incident | Disruption of service. |
| Incident Identified |
Email/Phone | Disruption of service |
| Call/Email sent to Service Desk |
Monitoring Tool Alert | Disruption of service |
| Incident Logged |
Validate Details | Email Incidents |
| Validation done. |
Collect and Record Information | Incident identified. |
| Incident details collected. |
Existing Record? | Incident Details Collected |
| Record identified. |
Current Incident | Incident Details on Call |
| Incident created. |
Is Incident Escalated? | Incident details on Call |
| Decision |
Invoke Escalation Procedure | Incident details on Call |
| Escalation Invoked |
Trigger Priority Change | Incident details on Call |
| Decision |
Update Incident | Incident details on Call |
| Updated Incident. |
Detailed Description of Classification and Initial Support
Procedure | Input | Description | Output |
Operational and Product Categorization | Incident Creation | Service Desk does the operational and product categorization and checks if it qualifies for an Incident. | Categorization completed. |
Prioritization & Linkage to CI | Categorization completed. Prioritization | Service Desk completes the impact and urgency of a ticket to generate priority if the incident and links the CI. | Prioritization & CI Linkage |
Initial Support | Prioritization | Provide an initial support to drive it towards resolution. | Resolved Incident & Assignment |
Incident Resolved | Initial Support | Checks to see if incident is resolved or not. | Assign to support Analyst. |
Assign to Support Analyst | Initial Support | After verification of the technical team, investigation and diagnosis is started. | Assign to support Analyst. |
Is the incident routed correctly? | Validation of Incident | Incident routed incorrectly. | Escalated to Incident Manager |
Escalation | Support group is not identified. | Ticket assigned to correct support team/ hierarchical escalation done. | Appropriate support group is assigned. |
Description of Investigation and Diagnosis
Procedure | Input | Description | Output |
Accept the ticket. | Ticket Assigned | The support Analyst accepts the ticket and ensure the response SLA being met. | Ticket Accepted |
Is it a Major Incident? | Ticket Acknowledged | Validate if the incident qualifies for Major Incident. | Major Incident Validated |
Refer Knowledge Article | Ticket Accepted | Knowledge article is referred for Workaround/Solution. | Workaround/Solution Checked |
Apply Workaround | Workaround Found | Workaround/Solution is applied. | Workaround/Solution applied. |
Investigate Further | Workaround not found. | Technical support specialist will investigate further. | Investigation started. |
Vendor Support | Vendor Support | Vendor contacted and ticket opened. | Vendor ticket logged. |
Contact Customer | Vendor Support not required. | Customer is contacted in case further information required. | Information gathered. |
Description of Resolution and Recovery
Procedure | Input | Description | Output |
Carry out the tasks for incident resolution. | Solution/Workaround identified. | Service Desk/Support analyst on identifying the solution/workaround, can start executing the task for resolution. | Resolution tasks executed. |
Is Incident Resolved? | Incident with updated logs | Support Analyst resolves the incident. | Decision taken. |
Functional Escalation Required | Incident with resolution steps | Support Analyst follows functional escalation. | Decision taken. |
Update worklog and resolve incident. | Resolved Incident | Incident work log updated. | Updated incident status and worklog |
Procedure | Input | Description | Output |
Confirm resolution with Requestor. | Incident Resolved | Resolution confirmed with Requestor. | Resolution accepted/rejected by Requestor |
Solution Accepted? | Resolved incident. | Requestor to validate incident resolution. | Decision taken. |
Reopen Incident | Resolution rejected by Requestor. | Requestor contacts service desk to reopen incident. | Incident Reassigned |
Closure of the incident | Incident was not reopened in 5 calendar days. | Incident auto closed in 5 business days. | Incident Closed |
Elevate your career with our online PMP courses taught by industry experts. Master project management and achieve new heights.
Definition
A major incident (MI) is an incident that results in significant disruption to the business and demands a response beyond the routine incident management process. Major incident has a separate procedure with shorter time scaled and urgency that is required to accelerate resolution process for incidents with high business impact. Take up KnowledgeHut IT service management certification to further boost your understanding of Incident Management.
Incident priority is based on two factors – Impact and Urgency. Impact is defined as the measure of the criticality of the issue. Urgency is defined as the necessary speed of resolving an incident in timeline.
Urgency Code | Description |
Critical | A full-service outage of a critical system. System is non-operational and urgent response required. The damage caused by the incident increases rapidly. Delaying in resolution may lead to high revenue/business/productivity loss. |
Impact Code | Description |
Critical | Multiple systems are non-operational with major financial implications and needs to be restored immediately. A large number of customers are affected and/or not able to perform their BAU activities with business reputation at higher level. Workaround not available
|
Procedure | Input | Description | Output |
MI Identified | Incident Submitted as Major Incident | Major incident process is invoked by Service Desk/ Support Specialist. | Incident accepted by Major Incident Manager |
Open Conference Bridge & notify stakeholders. | Incident Reviewed and communication sent. | Major Incident Manager opens a conference bridge and Initial communications is sent. | Conference Bridge Opened & Communications sent. |
Inform related support groups. | Incident Reviewed | Major Incident Manager drives the bridge towards incident resolution and support groups are involved. | Related support groups involved. |
Determine stakeholders for communication. | Incident Reviewed | Stakeholders and communication plan are determined. | Stakeholders identified. Communication plan decided. |
Co-ordinate resolution | Fix applied/to be applied. | Major Incident Manager/Support group coordinating to resolve the incident. | Co-ordination for resolution Incident Resolved |
Collect Status | Co-ordination for resolution | If incident is not yet resolved, the status is collected by Major Incident Manager, and history is updated. | Status update |
Communicate the status to stakeholders. | Stakeholders identified. Communication plan determined. Status update | Major Incident Manager sends communication to stakeholders. | Communication to stakeholders |
Perform Major Incident Review | Incident Resolved | Major Incident Review and Incident report is prepared. | Incident report prepared and submitted. |
Lesson Learned and Follow-up | Major Incident Review | Lessons learned is recorded in Incident Review and Report. | Lessons learned/ preventive actions documented, and follow-up done. |
This section describes on assessment of urgency and impact criteria and priority matrix calculation.
Urgency | Urgency Assessment |
Immediate Attention is required. | Critical |
Urgent attention is required as impact is same day. | High |
Urgent attention is required as impact is within 3 working days. | Medium |
There is no immediate attention required. Business as usual can continue, possibly with a workaround until resolved. | Low |
The following section explains the status of an Incident:
Top Cities where KnowledgeHut Conduct ITIL Certification Training Course Online
The following incident management practice has been designed for all parties whether internal such as IT departments or users, or external service providers that participate in service management including but not limited to IT functional areas such as Application, Infrastructure, Information Security, will adhere to the incident management process.
The process goal describes a specific purpose or achievement toward which the efforts of the process are directed. The purpose of incident management practice is to minimize the negative impact of incidents by restoring normal service operation as quickly as possible in a controlled and predictable manner. It is a fundamental element of service management. The quick restoration of a service is a key factor in user as well as customer satisfaction, the credibility of the provider and the value organization creates in the service relationships.
Scope of the practice includes activities that are undertaken as part of the practice aiming at reaching the goal of the practice. Scope of incident management includes:
The incident management process is triggered when Requestor contacts the service desk Single Point of Contact (SPOC) to report service disruption. When Auto-detected events generates an incident in the management tracking tool. When Internal support group identifies a service disruption (potential disruption) on managed system and generates an incident. The Incident Management is considered complete once work-around or solution is implemented, and Incident is resolved and closed. Take up KnowledgeHut ITIL foundation certification for better knowledge.
ITIL service management provides a set of best practices and techniques for selecting, planning, delivering, and maintaining IT services within a business that aligns the IT department's actions and expenses with changing business demands. Service Management is an organizational capability that is utilized to deliver a service to the customer.
Service Management focuses on providing value to the customer and also on the customer relationship. Service Management provides a framework to structure IT-related activities and the interactions of IT technical personnel with customers and clients.
Service management refers to the way you manage the information systems that deliver value to your customers. It is a generic term, Of the dozens of service management frameworks found in the wild, the most adopted is ITIL.
Name | Date | Fee | Know more |
---|