Incident Management: Difference between revisions
From IT Process Wiki
mNo edit summary |
No edit summary |
||
| (15 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
< | <itpmch><title>Incident Management | IT Process Wiki</title> | ||
<meta name="keywords" content="itil incident management, incident management itil, incident itil" /> | |||
<meta name="description" content="Incident Management aims to manage the lifecycle of all Incidents (unplanned interruptions or reductions in quality of IT services). The primary objective of this ITIL process is to return the IT service to users as quickly as possible." /> | |||
<meta property="og:url" content="https://wiki.en.it-processmaps.com/index.php/Incident_Management" /> | |||
<meta property="og:title" content="Incident Management | IT Process Wiki" /> | |||
<meta property="og:description" content="Incident Management aims to manage the lifecycle of all Incidents (unplanned interruptions or reductions in quality of IT services). The primary objective of this ITIL process is to return the IT service to users as quickly as possible." /> | |||
<meta property="og:site_name" content="IT Process Wiki - the ITIL® Wiki"> | |||
<meta property="og:type" content="article" /> | |||
<meta property="article:publisher" content="https://www.facebook.com/itprocessmaps" /> | |||
<meta property="fb:admins" content="100002035253209" /> | |||
<meta property="fb:admins" content="100002592864414" /> | |||
<meta property="og:image" content="https://wiki.en.it-processmaps.com/images/7/73/Incident-management-itil.jpg" /> | |||
<meta property="og:image:width" content="1200" /> | |||
<meta property="og:image:height" content="1200" /> | |||
<meta name="twitter:card" content="summary"> | |||
<link href="https://plus.google.com/108613479011811316823/posts" rel="publisher" /> | |||
</itpmch> | |||
<imagemap> | <imagemap> | ||
Image:ITIL-Wiki-de-es.jpg|DE - ES - Incident Management| | Image:ITIL-Wiki-de-es.jpg|right|DE - ES - Incident Management|163px | ||
rect 0 | rect 81 0 114 36 [https://wiki.de.it-processmaps.com/index.php/Incident_Management diese Seite auf Deutsch] | ||
rect | rect 115 0 163 36 [https://wiki.es.it-processmaps.com/index.php/ITIL_Gestion_de_Incidentes esta página en español] | ||
desc none | desc none | ||
</imagemap> | </imagemap> | ||
<br style="clear:both;"/> | <br style="clear:both;"/> | ||
== | '''<span id="Overview">Objective:</span>''' <html><span id="md-webpage-description" itemprop="description"><i>Incident Management</i> aims to manage the lifecycle of all Incidents (unplanned interruptions or reductions in quality of IT services). The primary objective of this ITIL process is to return the IT service to users as quickly as possible.</span></p> | ||
<p><b>Part of</b>: <a href="https://wiki.en.it-processmaps.com/index.php/ITIL_Service_Operation" title="ITIL Service Operation">Service Operation</a></html> | |||
'''Process Owner''': [[#Incident-Manager|Incident Manager]] | |||
<p> </p> | <p> </p> | ||
== | ==ITIL 4 Incident Management== | ||
The [[#Process_Description|Incident Management process described here]] ([[Media:Incident-management-itil.jpg|fig. 1]]) follows the specifications of ITIL V3, where Incident Management is a process in the service lifecycle stage of [[ITIL Service Operation|Service Operation]]. | |||
ITIL V4 is no longer prescriptive about processes but shifts the focus on 34 'practices', giving organizations more freedom to define tailor-made processes. | |||
<blockquote>ITIL 4 therefore refers to Incident Management as a [[ITIL_4#Service_management_practices|service management practice]], describing the key activities, inputs, outputs and roles. Based on this guidance, organizations are advised to design [[#Process_Description|a process for managing Incidents]] in line with their specific requirements.</blockquote> | |||
<html>Since the processes defined in ITIL V3 have not been invalidated with the introduction of ITIL V4, organizations can still use the ITIL V3 process of Incident Management as a template.</p> | |||
; | <p style="border: 8px solid #cef6e3; padding: 0.5em 1em;"><i><u>Note</u>:</i><br /> In our <i>YaSM Service Management Wiki</i> we describe a <a class="external" href="https://yasm.com/wiki/en/index.php/Service_Management_Processes" title="Service management processes">leaner set of 19 service management processes</a> that are more in tune with ITIL 4 and its focus on simplicity and "just enough process".<br /><br /> The YaSM service management model includes a <a class="external" href="https://yasm.com/wiki/en/index.php/LP4.6:_Resolve_incidents_and_service_requests" title="YaSM incident management process">process for managing incidents</a> that is a good starting point for organizations that wish to adopt ITIL 4.</html> | ||
: | |||
==Process Description== | |||
ITIL distinguishes between [[#Incident|Incidents]] (service interruptions) and [[Request Fulfilment#Service Request|Service Requests]] (customer or user requests that do not represent a service disruption, such as a password reset). Service interruptions are handled through Incident Management, and Service Requests through [[Request Fulfilment]]. | |||
[[Image:Incident-management-itil.jpg|right|thumb|500px|alt=Incident Management ITIL|link=https://wiki.en.it-processmaps.com/index.php/File:Incident-management-itil.jpg|[https://wiki.en.it-processmaps.com/images/pdf/process_overview_incident_management_itilv3.pdf ITIL Incident Management (.pdf)]]] | |||
The Incident Management process can be triggered in various ways: A user, customer or supplier may report an issue, technical staff may notice a (potential or actual) failure, or an Incident may be raised automatically by an event monitoring system. | |||
All [[#Incident-Categorization|Incidents should be logged as Incident Records]], where their status can be tracked, and a complete historical record maintained. Initial categorization and prioritization of Incidents is a critical step for determining how the Incident will be handled and how much time is available for its resolution (see [[Checklist Incident Priority|checklist Incident Prioritization Guideline]]). | |||
If possible, Incidents should be matched to other Incidents, Problems and Known Errors. | |||
Organizations should use automated resolution tools and provide support portals with self-help information so users can resolve simple Incidents themselves. For other Incidents, [[#ITIL-Incident-Management-1st-Level|1st Level Support will try to diagnose and resolve the issue]], typically using information from a knowledge base or pre-defined Incident Models. | |||
If 1st Level Support is unable to resolve an Incident, it must be escalated to an appropriate specialist support group in 2nd Level Support ("functional escalation"). If required, [[#ITIL-Incident-Management-2nd-Level|2nd Level Support]] may in turn involve external parties such as suppliers and vendors (in ITIL referred to as "3rd Level Support"). | |||
ITIL defines a special [[#Handling-of-Major-Incidents|process for dealing with Major Incidents]] (emergencies that affect business-critical services and require immediate attention). Major Incidents typically require a temporary Major Incident Team to identify and implement the resolution. | |||
Once Incidents are resolved, 1st Level Support will formally close them. This includes verifying that the users are satisfied and ensuring that the Incident Record is fully documented (see [[#Incident-Closure|Incident Closure and Evaluation]]). Any new Problems, Workarounds or Known Errors identified during Incident resolution should be forwarded to the [[Problem Management|Problem Management process]]. | |||
Incident Management interfaces with a number of other ITIL processes: | |||
* [[Event Management]] may raise an Incident Record if monitoring systems identify a condition that requires a response. | |||
* [[Problem Management]] provides information to the Incident Management process, such as [[Problem_Management#Workaround|Workarounds]] and [[Problem_Management#Known_Error|Known Errors]]. Problem Management uses data collected during Incident resolution for Problem identification. | |||
* [[Change Management]] may be invoked from Incident Management if a [[Change_Management#ITIL-Change|Change]] is needed to resolve an Incident. | |||
* [[Service Asset and Configuration Management|Configuration Management]] provides data used to identify Incidents and link them to particular [[Service_Asset_and_Configuration_Management#CI|Configuration Items]]. | |||
The overview diagram of '[[Media:Incident-management-itil.jpg|ITIL Incident Management]]' (fig. 1) shows the key information flows and interfaces of the process. | |||
[[ITIL 4]] refers to "Incident management" as a [[ITIL_4#Service_management_practices|service management practice]] ([[Incident_Management#ITIL_4_Incident_Management|see above]]). The service desk activities are described in the ITIL4 practice of "Service desk". | |||
==Sub-Processes== | |||
<html><div itemscope="itemscope" itemtype="https://schema.org/ItemList"><!-- define schema.org/ItemList --> | |||
:The Incident | <meta itemprop="itemListOrder" content="Ascending" /> | ||
<p><span itemprop="name" content="Incident Management sub-processes:">These are the <strong class="selflink">ITIL Incident Management</strong> sub-processes and their process objectives:</span> | |||
</p> | |||
<p><b><span id="ITIL_Incident_Management_Support" itemprop="itemListElement">Incident Management Support</span></b> | |||
</p> | |||
<ul><li itemprop="description">Process Objective: ITIL Incident Management Support aims to provide and maintain the tools, processes, skills and rules for an effective and efficient handling of <a href="/index.php/Incident_Management#Incident" title="Incident Management">Incidents</a>. | |||
</li></ul> | |||
<p><b><span id="Incident-Categorization" itemprop="itemListElement">Incident Logging and Categorization</span></b> | |||
</p> | |||
<ul><li itemprop="description">Process Objective: To <a href="/index.php/Incident_Management#Incident-Record" title="Incident Management">record</a> and <a href="/index.php/Incident_Management#Incident-Prioritization-Guideline" title="Incident Management">prioritize</a> the Incident with appropriate diligence, in order to facilitate a swift and effective resolution. | |||
</li></ul> | |||
<p><b><span id="ITIL-Incident-Management-1st-Level" itemprop="itemListElement">Immediate Incident Resolution by 1st Level Support</span></b> | |||
</p> | |||
<ul><li itemprop="description">Process Objective: To solve an Incident (service interruption) within the agreed time schedule. The aim is the fast recovery of the IT service, where necessary with the aid of a <a href="/index.php/Problem_Management#Workaround" title="Problem Management">Workaround</a>. As soon as it becomes clear that <a href="/index.php/Incident_Management#1st-Level" title="Incident Management">1st Level Support</a> is not able to resolve the Incident itself or when target times for 1st level resolution are exceeded, the Incident is transferred to a suitable group within <a href="/index.php/Incident_Management#2nd-Level" title="Incident Management">2nd Level Support</a>. | |||
</li></ul> | |||
<p><b><span id="ITIL-Incident-Management-2nd-Level" itemprop="itemListElement">Incident Resolution by 2nd Level Support</span></b> | |||
</p> | |||
<ul><li itemprop="description">Process Objective: To solve an Incident (service interruption) within the agreed time schedule. The aim is the fast recovery of the service, where necessary by means of a Workaround. If required, specialist support groups or third-party suppliers (<a href="/index.php/Incident_Management#3rd-Level" title="Incident Management">3rd Level Support</a>) are involved. If the correction of the root cause is not possible, a <a href="/index.php/Problem_Management#Problem_Record" title="Problem Management">Problem Record</a> is created and the error-correction transferred to <a href="/index.php/Problem_Management" title="Problem Management">Problem Management</a>. | |||
</li></ul> | |||
<p><b><span id="Handling-of-Major-Incidents" itemprop="itemListElement">Handling of Major Incidents</span></b> | |||
</p> | |||
<ul><li itemprop="description">Process Objective: To resolve a <a href="/index.php/Incident_Management#Major-Incident" title="Incident Management">Major Incident</a>. Major Incidents cause serious interruptions of business activities and must be resolved with greater urgency. The aim is the fast recovery of the service, where necessary by means of a Workaround. If required, specialist support groups or third-party suppliers (3rd Level Support) are involved. If the correction of the root cause is not possible, a Problem Record is created and the error-correction transferred to <a href="/index.php/Problem_Management" title="Problem Management">Problem Management</a>. | |||
</li></ul> | |||
<p><b><span id="Incident-Monitoring" itemprop="itemListElement">Incident Monitoring and Escalation</span></b> | |||
</p> | |||
<ul><li itemprop="description">Process Objective: To continuously monitor the processing status of outstanding Incidents, so that counter-measures may be introduced as soon as possible if service levels are likely to be breached. | |||
</li></ul> | |||
<p><b><span id="Incident-Closure" itemprop="itemListElement">Incident Closure and Evaluation</span></b> | |||
</p> | |||
<ul><li itemprop="description">Process Objective: To submit the <a href="/index.php/Incident_Management#Incident-Record" title="Incident Management">Incident Record</a> to a final quality control before it is closed. The aim is to make sure that the Incident is actually resolved and that all information required to describe the Incident's life-cycle is supplied in sufficient detail. In addition to this, findings from the resolution of the Incident are to be recorded for future use. | |||
</li></ul> | |||
<p><b><span id="Pro-Active-User-Information" itemprop="itemListElement">Pro-Active User Information</span></b> | |||
</p> | |||
<ul><li itemprop="description">Process Objective: To inform users of service failures as soon as these are known to the Service Desk, so that users are in a position to adjust themselves to interruptions. Proactive user information also aims to reduce the number of inquiries by users. This process is also responsible for distributing other information to users, e.g. <a href="/index.php/IT_Security_Management#Security_Alert" title="IT Security Management">security alerts</a>. | |||
</li></ul> | |||
<p><b><span id="Incident-Mgmt-Reporting" itemprop="itemListElement">Incident Management Reporting</span></b> | |||
</p> | |||
<ul><li itemprop="description">Process Objective: ITIL Incident Management Reporting aims to supply <a href="/index.php/Incident_Management#Incident-Management-Report" title="Incident Management">Incident-related information</a> to the other Service Management processes, and to ensure that that improvement potentials are derived from past Incidents. | |||
</li></ul> | |||
</div><!-- end of schema.org/ItemList --><p></html> | |||
==Definitions== | |||
<html><div itemscope="itemscope" itemtype="https://schema.org/ItemList"><!-- define schema.org/ItemList --> | |||
<meta itemprop="itemListOrder" content="Ascending" /> | |||
<p><span itemprop="name">The following <a href="/index.php/ITIL_Glossary#ITIL_Glossary_A-Z" title="ITIL Glossary">ITIL terms and acronyms</a> (<i>information objects</i>) are used in the ITIL Incident Management process to represent process outputs and inputs:</span> | |||
</p> | |||
<p><b><span id="Incident" itemprop="itemListElement">Incident</span></b> | |||
</p> | |||
<ul><li itemprop="description">An Incident is defined as an unplanned interruption or reduction in quality of an IT service (a Service Interruption). | |||
</li></ul> | |||
<p><b><span id="Incident-Escalation-Rules" itemprop="itemListElement">Incident Escalation Rules</span></b> | |||
</p> | |||
<ul><li itemprop="description">A set of rules defining a hierarchy for escalating Incidents, and triggers which lead to escalations. Triggers are usually based on Incident severity and resolution times. See also: <a href="/index.php/Checklist_Incident_Priority" title="Checklist Incident Priority">Checklist Incident Priority</a> | |||
</li></ul> | |||
<p><b><span id="Incident-Management-Report" itemprop="itemListElement">Incident Management Report</span></b> | |||
</p> | |||
<ul><li itemprop="description">A report supplying Incident-related information to the other Service Management processes. | |||
</li></ul> | |||
<p><b><span id="Incident-Model" itemprop="itemListElement">Incident Model</span></b> | |||
</p> | |||
<ul><li itemprop="description">An Incident Model contains the pre-defined steps that should be taken for dealing with a particular type of Incident. This is a way to ensure that routinely occurring Incidents are handled efficiently and effectively. | |||
</li></ul> | |||
<p><b><span id="Incident-Prioritization-Guideline" itemprop="itemListElement">Incident Prioritization Guideline</span></b> | |||
</p> | |||
<ul><li itemprop="description">The Incident Prioritization Guideline describes the rules for assigning priorities to Incidents, including the definition of what constitutes a <a href="/index.php/Incident_Management#Major-Incident" title="Incident Management">Major Incident</a>. Since Incident Management escalation rules are usually based on priorities, assigning the correct priority to an Incident is essential for triggering <a href="/index.php/Incident_Management#Incident-Escalation-Rules" title="Incident Management">appropriate escalations</a>. See also: <a href="/index.php/Checklist_Incident_Priority" title="Checklist Incident Priority">Checklist Incident Prioritization Guideline</a> | |||
</li></ul> | |||
<p><b><span id="Incident-Record" itemprop="itemListElement">Incident Record</span></b> | |||
</p> | |||
<ul><li itemprop="description">A set of data with all details of an <a href="/index.php/Incident_Management#Incident" title="Incident Management">Incident</a>, documenting the history of the Incident from registration to closure. An Incident is defined as an unplanned interruption or reduction in quality of an IT service. Every event that could potentially impair an IT service in the future is also an Incident (e.g. the failure of one hard-drive of a set of mirrored drives). See also: <a href="/index.php/Checklist_Incident_Record" title="Checklist Incident Record">ITIL Checklist Incident Record</a> | |||
</li></ul> | |||
<p><b><span id="Incident-Status-Info" itemprop="itemListElement">Incident Status Information</span></b> | |||
</p> | |||
<ul><li itemprop="description">A message containing the present status of an Incident sent to a user who earlier reported a service interruption. Status information is typically provided to users at various points during an Incident's lifecycle. | |||
</li></ul> | |||
<p><b><span id="Major-Incident" itemprop="itemListElement">Major Incident</span></b> | |||
</p> | |||
<ul><li itemprop="description">Major Incidents cause serious interruptions of business activities and must be solved with greater urgency. See also: <a href="/index.php/Checklist_Incident_Priority#Circumstances_that_warrant_the_Incident_to_be_treated_as_a_Major_Incident" title="Checklist Incident Priority">Checklist Incident Priority: Major Incidents</a>. | |||
</li></ul> | |||
<p><b><span id="Major-Incident-Review" itemprop="itemListElement">Major Incident Review</span></b> | |||
</p> | |||
<ul><li itemprop="description">A Major Incident Review takes place after a <a href="/index.php/Incident_Management#Major-Incident" title="Incident Management">Major Incident</a> has occurred. The review documents the Incident's underlying causes (if known) and the complete resolution history, and identifies opportunities for improving the handling of future Major Incidents. | |||
</li></ul> | |||
<p><b><span id="Service-Failure" itemprop="itemListElement">Notification of Service Failure</span></b> | |||
</p> | |||
<ul><li itemprop="description">The reporting of a service failure to the <a href="/index.php/Incident_Management#1st-Level" title="Incident Management">Service Desk</a>, for example by a user via telephone or e-mail, or by a system monitoring tool. | |||
</li></ul> | |||
<p><b><span id="Pro-active-User-Info" itemprop="itemListElement">Pro-Active User Information</span></b> | |||
</p> | |||
<ul><li itemprop="description">A notification to users of existing or imminent service failures even if the users are not yet aware of the interruptions, so that users are in a position to prepare themselves for a period of service unavailability. | |||
</li></ul> | |||
<p><b><span id="Status-Inquiry" itemprop="itemListElement">Status Inquiry</span></b> | |||
</p> | |||
<ul><li itemprop="description">An inquiry regarding the present status of an Incident or Service Request, usually from a user who earlier reported an Incident or submitted a request. | |||
</li></ul> | |||
<p><b><span id="Support-Request" itemprop="itemListElement">Support Request</span></b> | |||
</p> | |||
<ul><li itemprop="description">A request to support the resolution of an Incident or Problem, usually issued from the Incident or Problem Management processes when further assistance is needed from technical experts. | |||
</li></ul> | |||
<p><b><span id="User-Escalation" itemprop="itemListElement">User Escalation</span></b> | |||
</p> | |||
<ul><li itemprop="description">Escalation regarding the processing of an Incident or Service Request, initiated by a user experiencing delays or a failure to restore their services. | |||
</li></ul> | |||
<p><b><span id="User-FAQ" itemprop="itemListElement">User FAQs</span></b> | |||
</p> | |||
<ul><li itemprop="description">Self-help information for users supplied by the Service Desk, usually as part of the Support Pages on the intranet. | |||
</li></ul> | |||
</div><!-- end of schema.org/ItemList --><p></html> | |||
==<span id="Checklists_.7C_KPIs">Templates | KPIs</span>== | |||
<html><ul><li><a href="https://wiki.en.it-processmaps.com/index.php/ITIL_KPIs_Service_Operation#ITIL_KPIs_Incident_Management" title="ITIL KPIs Incident Management, Service Desk">Key Performance Indicators (KPIs) Incident Management</a> | |||
: | </li><li><a href="/index.php/ITIL-Checklists#Incident_Management_.2F_Service_Desk" title="ITIL Incident Management templates">Incident Management templates and checklists</a>: | ||
<ul><li><a href="https://wiki.en.it-processmaps.com/index.php/Checklist_Incident_Record" title="Incident Record - How to record incidents">Incident Record template</a> | |||
</li><li><a href="https://wiki.en.it-processmaps.com/index.php/Checklist_Incident_Priority" title="Incident Priority - How to prioritize incidents">Checklist Incident Priority</a>, and | |||
</li><li><a href="/index.php/Checklist_Initial_Analysis_of_an_Incident" title="Initial Analysis of an Incident">Checklist Initial Analysis of an Incident</a> | |||
</li><li><a href="/index.php/Checklist_Incident_Escalation" title="Incident Escalation">Checklist Incident Escalation</a> | |||
</li><li><a href="/index.php/Checklist_Closure_of_an_Incident" title="Closure of an Incident">Checklist Closure of an Incident</a> | |||
</li><li><a href="/index.php/Checklist_Incident_Report" title="Incident Report">Incident Report template</a> | |||
</li></ul> | |||
</li></ul><p></html> | |||
==<span id="roles-responsibilities-matrix">Roles | Responsibilities</span>== | |||
'''<span id="Incident-Manager">Incident Manager - Process Owner</span>''' | |||
*The Incident Manager is responsible for the effective implementation of the Incident Management process and carries out the corresponding reporting. He represents the first stage of escalation for Incidents, should these not be resolvable within the agreed Service Levels. | |||
'''<span id="1st-Level">1st Level Support</span>''' | |||
*The responsibility of 1st Level Support is to register and classify received Incidents and to undertake an immediate effort in order to restore a failed IT service as quickly as possible. If no ad-hoc solution can be achieved, 1st Level Support will transfer the Incident to expert technical support groups (2nd Level Support). 1st Level Support also keeps users informed about their Incidents' status at agreed intervals. | |||
'''<span id="2nd-Level">2nd Level Support</span>''' | |||
*2nd Level Support takes over Incidents which cannot be solved immediately with the means of 1st Level Support. If necessary, it will request external support, e.g. from software or hardware manufacturers. The aim is to restore a failed IT service as quickly as possible. If no solution can be found, the 2nd Level Support passes on the Incident to Problem Management. | |||
'''<span id="3rd-Level">3rd Level Support</span>''' | |||
*3rd Level Support is typically located at hardware or software manufacturers (third-party suppliers). Its services are requested by 2nd Level Support if required for solving an Incident. The aim is to restore a failed IT Service as quickly as possible. | |||
'''<span id="Major-Incident-Team">Major Incident Team</span>''' | |||
*A dynamically established team of IT managers and technical experts, usually under the leadership of the Incident Manager, formulated to concentrate on the resolution of a Major Incident. | |||
<p> </p> | <p> </p> | ||
== | {| class="wikitable" style="background: white;" | ||
|- | |||
==== | |+ style="background:#013b5e; color:#ffffff; font-size: 120%" colspan="8"|'''<span id="RACI-Matrix-Incident-Management">Responsibility Matrix: ITIL Incident Management</span>''' | ||
|- | |||
!style="background:#ffffee; width: 40%; text-align:center" | ITIL Role / Sub-Process[[#Sub-Processes| <small>[Details]</small>]] | |||
! style="background:#eeeeee; font-size: 90%" | [[#Incident-Manager|Incident Manager]] | |||
! style="background:#eeeeee; font-size: 90%" | [[#1st-Level|1st Level Support]] | |||
! style="background:#eeeeee; font-size: 90%" | [[#2nd-Level|2nd Level Support]] | |||
! style="background:#eeeeee; font-size: 90%" | [[#Major-Incident-Team|Major Incident Team]] | |||
! style="background:#eeeeee; font-size: 90%" | Applications Analyst[[#Team|<small>[3]</small>]] | |||
! style="background:#eeeeee; font-size: 90%" | Technical Analyst[[#Team|<small>[3]</small>]] | |||
! style="background:#eeeeee; font-size: 90%" | IT Operator[[#Team|<small>[3]</small>]] | |||
|- | |||
|style="text-align:left;" |Incident Management Support | |||
| A[[#Accountable|<small>[1]</small>]]R[[#Responsible|<small>[2]</small>]] | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
|- | |||
|style="text-align:left;" |Incident Logging and Categorization | |||
| A | |||
| R | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
|- | |||
|style="text-align:left;" |Immediate Incident Resolution by 1st Level Support | |||
| A | |||
| R | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
|- | |||
|style="text-align:left;" |Incident Resolution by 2nd Level Support | |||
| A | |||
| - | |||
| R | |||
| - | |||
| R[[#Support|<small>[4]</small>]] | |||
| R[[#Support|<small>[4]</small>]] | |||
| R[[#Support|<small>[4]</small>]] | |||
|- | |||
|style="text-align:left;" |Handling of Major Incidents | |||
| AR | |||
| R | |||
| - | |||
| R | |||
| - | |||
| - | |||
| R | |||
|- | |||
|style="text-align:left;" |Incident Monitoring and Escalation | |||
| AR | |||
| R | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
|- | |||
|style="text-align:left;" |Incident Closure and Evaluation | |||
| A | |||
| R | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
|- | |||
|style="text-align:left;" |Pro-Active User Information | |||
| A | |||
| R | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
|- | |||
|style="text-align:left;" |Incident Management Reporting | |||
| AR | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
|- | |||
|} | |||
'''Remarks''' | |||
= | <span id="Accountable">[1] ''A: Accountable'' according to the RACI Model: Those who are ultimately accountable for the correct and thorough completion of the Incident Management process.</span> | ||
<span id="Responsible">[2] ''R: Responsible'' according to the RACI Model: Those who do the work to achieve a task within Incident Management.</span> | |||
: | |||
<span id="Team">[3] see [[ITIL Roles|→ Role descriptions...]]</span> | |||
<span id="Support">[4] In cooperation, as required. 2nd Level Support Groups often include Applications Analysts and/ or Technical Analysts.</span> | |||
== Example == | |||
<html> | |||
: | <a href="https://demo.it-processmaps.com/visio_en/itil-process-map.html" ><img src="https://demo.it-processmaps.com/visio_en/itil-process-map-video.jpg" width="253" height="150" class="thumbimage" alt="Video: Introduction - ITIL Process Templates" title="Start the video: Introduction - The ITIL Process Map" style="display: block; float: right; margin-left: 20px; margin-bottom: 10px; margin-top: 5px; margin-right: 30px" /></a> | ||
<p style="margin-top: 0; word-wrap:normal;">The introductory <a class="external" href="https://demo.it-processmaps.com/visio_en/itil-process-map.html" title="ITIL Process Map video">ITIL Process Map video</a> shows samples of the ITIL process templates with contents from Service Operation and Incident Management processes, including the | |||
<ul><li>high-level view of the ITIL Service Lifecycle (Level 0)</li> | |||
<li>overview of the Service Operation process (Level 1)</li> | |||
<li>overview of ITIL Incident Management (Level 2)</li> | |||
<li>detailed process flow for the process "Incident Management: Incident Resolution by 1st Level Support" (Level 3)</li></ul> | |||
<p>Watch the video: "<a href="https://demo.it-processmaps.com/visio_en/itil-process-map.html" title="Start the video: Introduction - The ITIL Process Map">The ITIL Process Map - Introduction</a>" (10:58 min.) | |||
<br style="clear:both;"/></html> | |||
==Notes== | |||
== | <html>By:  Stefan Kempter <a rel="author" href="https://www.linkedin.com/in/stefankempter"><img style="margin:0px 0px 0px 0px;" src="/images/bookmarking/linkedin.png" width="16" height="16" title="By: Stefan Kempter | Profile on LinkedIn" alt="Author: Stefan Kempter, IT Process Maps GbR" /></a>, IT Process Maps.</p> | ||
<p> </p> | <p> </p> | ||
== | <p><small> | ||
<span itemprop="breadcrumb" itemscope itemtype="http://schema.org/BreadcrumbList"> | |||
<span itemprop="itemListElement" itemscope itemtype="http://schema.org/ListItem"> | |||
<a itemprop="item" href="https://wiki.en.it-processmaps.com/index.php/Incident_Management#ITIL_4_Incident_Management"> | |||
<span itemprop="name">ITIL 4 Incident Management</span></a> | |||
<meta itemprop="position" content="1"></span> › | |||
<span itemprop="itemListElement" itemscope itemtype="http://schema.org/ListItem"> | |||
<a itemprop="item" href="https://wiki.en.it-processmaps.com/index.php/Incident_Management#Process_Description"> | |||
<span itemprop="name">Process Description</span></a> | |||
<meta itemprop="position" content="2"></span> › | |||
<span itemprop="itemListElement" itemscope itemtype="http://schema.org/ListItem"> | |||
<a itemprop="item" href="https://wiki.en.it-processmaps.com/index.php/Incident_Management#Sub-Processes"> | |||
<span itemprop="name">Sub-Processes</span></a> | |||
<meta itemprop="position" content="3"></span> › | |||
<span itemprop="itemListElement" itemscope itemtype="http://schema.org/ListItem"> | |||
<a itemprop="item" href="https://wiki.en.it-processmaps.com/index.php/Incident_Management#Definitions"> | |||
<span itemprop="name">Definitions</span></a> | |||
<meta itemprop="position" content="4"></span> | |||
</span> | |||
</small></p> | |||
<!-- define schema.org/WebPage --> <span itemscope itemtype="https://schema.org/WebPage" itemref="md-webpage-description"> | |||
<meta itemprop="alternativeHeadline" content="ITIL Incident Management" /> | |||
<meta itemprop="name" content="Incident Management" /> | |||
<meta itemprop="significantLinks" content="https://wiki.en.it-processmaps.com/index.php/ITIL_KPIs_Service_Operation#ITIL_KPIs_Incident_Management" /> | |||
<meta itemprop="significantLinks" content="https://wiki.en.it-processmaps.com/index.php/Checklist_Incident_Record" /> | |||
<meta itemprop="significantLinks" content="https://wiki.en.it-processmaps.com/index.php/Checklist_Incident_Priority" /> | |||
<link itemprop="url" href="https://wiki.en.it-processmaps.com/index.php/Incident_Management" /> | |||
<meta itemprop="inLanguage" content="en" /> | |||
<link itemprop="citation" href="https://wiki.de.it-processmaps.com/index.php/Incident_Management" /> | |||
<link itemprop="citation" href="https://wiki.es.it-processmaps.com/index.php/ITIL_Gestion_de_Incidentes" /> | |||
<meta itemprop="Headline" content="Incident Management" /> | |||
<link itemprop="isPartOf" href="https://wiki.en.it-processmaps.com/index.php/ITIL_Service_Operation" /> | |||
<link itemprop="primaryImageOfPage" href="https://wiki.en.it-processmaps.com/images/7/73/Incident-management-itil.jpg" /> | |||
<span id="https://wiki.en.it-processmaps.com/images/7/73/Incident-management-itil.jpg" itemprop="image" itemscope itemtype="https://schema.org/ImageObject"> | |||
<meta itemprop="caption" content="ITIL Incident Management"> | |||
<meta itemprop="contentUrl" content="https://wiki.en.it-processmaps.com/images/7/73/Incident-management-itil.jpg" /> | |||
<meta itemprop="width" content="1200" /> | |||
<meta itemprop="height" content="1200" /> | |||
<meta itemprop="representativeOfPage" content="true"/> | |||
<meta itemprop="dateCreated" content="2011-10-02" /> | |||
<meta itemprop="dateModified" content="2019-12-09" /> | |||
<span itemprop="thumbnail" itemscope itemtype="https://schema.org/ImageObject"> | |||
<meta itemprop="url" content="https://wiki.en.it-processmaps.com/images/thumb/7/73/Incident-management-itil.jpg/600px-Incident-management-itil.jpg" /> | |||
<meta itemprop="width" content="600" /> | |||
<meta itemprop="height" content="600" /> | |||
</span> | |||
<meta itemprop="keywords" content="Incident Management" /> | |||
<meta itemprop="keywords" content="ITIL Incident Management" /> | |||
</span> | |||
<meta itemprop="mentions" content="https://yasm.com/wiki/en/index.php/LP4.6:_Resolve_incidents_and_service_requests" /> | |||
<link itemprop="author" href="https://www.linkedin.com/in/stefankempter" /> | |||
<meta itemprop="author" content="Stefan Kempter" /> | |||
<meta itemprop="creator copyrightHolder publisher" content="IT Process Maps" /> | |||
</span><p></html> | |||
<!-- This page is assigned to the following categories: --> | <!-- This page is assigned to the following categories: --> | ||
[[Category:ITIL V3]][[Category:ITIL process]][[Category:Service Operation|Incident Management]][[Category:Incident Management|!]] | [[Category:ITIL 4]][[Category:ITIL 2011]][[Category:ITIL V3]][[Category:ITIL practice]][[Category:ITIL process]][[Category:Service Operation|Incident Management]][[Category:Incident Management|!]] | ||
<!-- --- --> | <!-- --- --> | ||
Latest revision as of 12:56, 31 December 2023
Objective: Incident Management aims to manage the lifecycle of all Incidents (unplanned interruptions or reductions in quality of IT services). The primary objective of this ITIL process is to return the IT service to users as quickly as possible.
Part of: Service Operation
Process Owner: Incident Manager
ITIL 4 Incident Management
The Incident Management process described here (fig. 1) follows the specifications of ITIL V3, where Incident Management is a process in the service lifecycle stage of Service Operation.
ITIL V4 is no longer prescriptive about processes but shifts the focus on 34 'practices', giving organizations more freedom to define tailor-made processes.
ITIL 4 therefore refers to Incident Management as a service management practice, describing the key activities, inputs, outputs and roles. Based on this guidance, organizations are advised to design a process for managing Incidents in line with their specific requirements.
Since the processes defined in ITIL V3 have not been invalidated with the introduction of ITIL V4, organizations can still use the ITIL V3 process of Incident Management as a template.
Note:
In our YaSM Service Management Wiki we describe a leaner set of 19 service management processes that are more in tune with ITIL 4 and its focus on simplicity and "just enough process".
The YaSM service management model includes a process for managing incidents that is a good starting point for organizations that wish to adopt ITIL 4.
Process Description
ITIL distinguishes between Incidents (service interruptions) and Service Requests (customer or user requests that do not represent a service disruption, such as a password reset). Service interruptions are handled through Incident Management, and Service Requests through Request Fulfilment.
The Incident Management process can be triggered in various ways: A user, customer or supplier may report an issue, technical staff may notice a (potential or actual) failure, or an Incident may be raised automatically by an event monitoring system.
All Incidents should be logged as Incident Records, where their status can be tracked, and a complete historical record maintained. Initial categorization and prioritization of Incidents is a critical step for determining how the Incident will be handled and how much time is available for its resolution (see checklist Incident Prioritization Guideline).
If possible, Incidents should be matched to other Incidents, Problems and Known Errors.
Organizations should use automated resolution tools and provide support portals with self-help information so users can resolve simple Incidents themselves. For other Incidents, 1st Level Support will try to diagnose and resolve the issue, typically using information from a knowledge base or pre-defined Incident Models.
If 1st Level Support is unable to resolve an Incident, it must be escalated to an appropriate specialist support group in 2nd Level Support ("functional escalation"). If required, 2nd Level Support may in turn involve external parties such as suppliers and vendors (in ITIL referred to as "3rd Level Support").
ITIL defines a special process for dealing with Major Incidents (emergencies that affect business-critical services and require immediate attention). Major Incidents typically require a temporary Major Incident Team to identify and implement the resolution.
Once Incidents are resolved, 1st Level Support will formally close them. This includes verifying that the users are satisfied and ensuring that the Incident Record is fully documented (see Incident Closure and Evaluation). Any new Problems, Workarounds or Known Errors identified during Incident resolution should be forwarded to the Problem Management process.
Incident Management interfaces with a number of other ITIL processes:
- Event Management may raise an Incident Record if monitoring systems identify a condition that requires a response.
- Problem Management provides information to the Incident Management process, such as Workarounds and Known Errors. Problem Management uses data collected during Incident resolution for Problem identification.
- Change Management may be invoked from Incident Management if a Change is needed to resolve an Incident.
- Configuration Management provides data used to identify Incidents and link them to particular Configuration Items.
The overview diagram of 'ITIL Incident Management' (fig. 1) shows the key information flows and interfaces of the process.
ITIL 4 refers to "Incident management" as a service management practice (see above). The service desk activities are described in the ITIL4 practice of "Service desk".
Sub-Processes
These are the ITIL Incident Management sub-processes and their process objectives:
Incident Management Support
- Process Objective: ITIL Incident Management Support aims to provide and maintain the tools, processes, skills and rules for an effective and efficient handling of Incidents.
Incident Logging and Categorization
- Process Objective: To record and prioritize the Incident with appropriate diligence, in order to facilitate a swift and effective resolution.
Immediate Incident Resolution by 1st Level Support
- Process Objective: To solve an Incident (service interruption) within the agreed time schedule. The aim is the fast recovery of the IT service, where necessary with the aid of a Workaround. As soon as it becomes clear that 1st Level Support is not able to resolve the Incident itself or when target times for 1st level resolution are exceeded, the Incident is transferred to a suitable group within 2nd Level Support.
Incident Resolution by 2nd Level Support
- Process Objective: To solve an Incident (service interruption) within the agreed time schedule. The aim is the fast recovery of the service, where necessary by means of a Workaround. If required, specialist support groups or third-party suppliers (3rd Level Support) are involved. If the correction of the root cause is not possible, a Problem Record is created and the error-correction transferred to Problem Management.
Handling of Major Incidents
- Process Objective: To resolve a Major Incident. Major Incidents cause serious interruptions of business activities and must be resolved with greater urgency. The aim is the fast recovery of the service, where necessary by means of a Workaround. If required, specialist support groups or third-party suppliers (3rd Level Support) are involved. If the correction of the root cause is not possible, a Problem Record is created and the error-correction transferred to Problem Management.
Incident Monitoring and Escalation
- Process Objective: To continuously monitor the processing status of outstanding Incidents, so that counter-measures may be introduced as soon as possible if service levels are likely to be breached.
Incident Closure and Evaluation
- Process Objective: To submit the Incident Record to a final quality control before it is closed. The aim is to make sure that the Incident is actually resolved and that all information required to describe the Incident's life-cycle is supplied in sufficient detail. In addition to this, findings from the resolution of the Incident are to be recorded for future use.
Pro-Active User Information
- Process Objective: To inform users of service failures as soon as these are known to the Service Desk, so that users are in a position to adjust themselves to interruptions. Proactive user information also aims to reduce the number of inquiries by users. This process is also responsible for distributing other information to users, e.g. security alerts.
Incident Management Reporting
- Process Objective: ITIL Incident Management Reporting aims to supply Incident-related information to the other Service Management processes, and to ensure that that improvement potentials are derived from past Incidents.
Definitions
The following ITIL terms and acronyms (information objects) are used in the ITIL Incident Management process to represent process outputs and inputs:
Incident
- An Incident is defined as an unplanned interruption or reduction in quality of an IT service (a Service Interruption).
Incident Escalation Rules
- A set of rules defining a hierarchy for escalating Incidents, and triggers which lead to escalations. Triggers are usually based on Incident severity and resolution times. See also: Checklist Incident Priority
Incident Management Report
- A report supplying Incident-related information to the other Service Management processes.
Incident Model
- An Incident Model contains the pre-defined steps that should be taken for dealing with a particular type of Incident. This is a way to ensure that routinely occurring Incidents are handled efficiently and effectively.
Incident Prioritization Guideline
- The Incident Prioritization Guideline describes the rules for assigning priorities to Incidents, including the definition of what constitutes a Major Incident. Since Incident Management escalation rules are usually based on priorities, assigning the correct priority to an Incident is essential for triggering appropriate escalations. See also: Checklist Incident Prioritization Guideline
Incident Record
- A set of data with all details of an Incident, documenting the history of the Incident from registration to closure. An Incident is defined as an unplanned interruption or reduction in quality of an IT service. Every event that could potentially impair an IT service in the future is also an Incident (e.g. the failure of one hard-drive of a set of mirrored drives). See also: ITIL Checklist Incident Record
Incident Status Information
- A message containing the present status of an Incident sent to a user who earlier reported a service interruption. Status information is typically provided to users at various points during an Incident's lifecycle.
Major Incident
- Major Incidents cause serious interruptions of business activities and must be solved with greater urgency. See also: Checklist Incident Priority: Major Incidents.
Major Incident Review
- A Major Incident Review takes place after a Major Incident has occurred. The review documents the Incident's underlying causes (if known) and the complete resolution history, and identifies opportunities for improving the handling of future Major Incidents.
Notification of Service Failure
- The reporting of a service failure to the Service Desk, for example by a user via telephone or e-mail, or by a system monitoring tool.
Pro-Active User Information
- A notification to users of existing or imminent service failures even if the users are not yet aware of the interruptions, so that users are in a position to prepare themselves for a period of service unavailability.
Status Inquiry
- An inquiry regarding the present status of an Incident or Service Request, usually from a user who earlier reported an Incident or submitted a request.
Support Request
- A request to support the resolution of an Incident or Problem, usually issued from the Incident or Problem Management processes when further assistance is needed from technical experts.
User Escalation
- Escalation regarding the processing of an Incident or Service Request, initiated by a user experiencing delays or a failure to restore their services.
User FAQs
- Self-help information for users supplied by the Service Desk, usually as part of the Support Pages on the intranet.
Templates | KPIs
Roles | Responsibilities
Incident Manager - Process Owner
- The Incident Manager is responsible for the effective implementation of the Incident Management process and carries out the corresponding reporting. He represents the first stage of escalation for Incidents, should these not be resolvable within the agreed Service Levels.
1st Level Support
- The responsibility of 1st Level Support is to register and classify received Incidents and to undertake an immediate effort in order to restore a failed IT service as quickly as possible. If no ad-hoc solution can be achieved, 1st Level Support will transfer the Incident to expert technical support groups (2nd Level Support). 1st Level Support also keeps users informed about their Incidents' status at agreed intervals.
2nd Level Support
- 2nd Level Support takes over Incidents which cannot be solved immediately with the means of 1st Level Support. If necessary, it will request external support, e.g. from software or hardware manufacturers. The aim is to restore a failed IT service as quickly as possible. If no solution can be found, the 2nd Level Support passes on the Incident to Problem Management.
3rd Level Support
- 3rd Level Support is typically located at hardware or software manufacturers (third-party suppliers). Its services are requested by 2nd Level Support if required for solving an Incident. The aim is to restore a failed IT Service as quickly as possible.
Major Incident Team
- A dynamically established team of IT managers and technical experts, usually under the leadership of the Incident Manager, formulated to concentrate on the resolution of a Major Incident.
| ITIL Role / Sub-Process [Details] | Incident Manager | 1st Level Support | 2nd Level Support | Major Incident Team | Applications Analyst[3] | Technical Analyst[3] | IT Operator[3] |
|---|---|---|---|---|---|---|---|
| Incident Management Support | A[1]R[2] | - | - | - | - | - | - |
| Incident Logging and Categorization | A | R | - | - | - | - | - |
| Immediate Incident Resolution by 1st Level Support | A | R | - | - | - | - | - |
| Incident Resolution by 2nd Level Support | A | - | R | - | R[4] | R[4] | R[4] |
| Handling of Major Incidents | AR | R | - | R | - | - | R |
| Incident Monitoring and Escalation | AR | R | - | - | - | - | - |
| Incident Closure and Evaluation | A | R | - | - | - | - | - |
| Pro-Active User Information | A | R | - | - | - | - | - |
| Incident Management Reporting | AR | - | - | - | - | - | - |
Remarks
[1] A: Accountable according to the RACI Model: Those who are ultimately accountable for the correct and thorough completion of the Incident Management process.
[2] R: Responsible according to the RACI Model: Those who do the work to achieve a task within Incident Management.
[3] see → Role descriptions...
[4] In cooperation, as required. 2nd Level Support Groups often include Applications Analysts and/ or Technical Analysts.
Example
The introductory ITIL Process Map video shows samples of the ITIL process templates with contents from Service Operation and Incident Management processes, including the
- high-level view of the ITIL Service Lifecycle (Level 0)
- overview of the Service Operation process (Level 1)
- overview of ITIL Incident Management (Level 2)
- detailed process flow for the process "Incident Management: Incident Resolution by 1st Level Support" (Level 3)
Watch the video: "The ITIL Process Map - Introduction" (10:58 min.)
Notes
By: Stefan Kempter 
, IT Process Maps.
ITIL 4 Incident Management › Process Description › Sub-Processes › Definitions
