Incident Management: Difference between revisions
From IT Process Wiki
No edit summary |
mNo edit summary |
||
| Line 1: | Line 1: | ||
<seo metakeywords="itil incident management, itil v3 incident management, incident management process" metadescription="Incident Management: ITIL process definition - subprocesses - Additional information on Incident Management." /> | |||
<imagemap> | |||
Image:ITIL-Wiki-de-es.jpg|DE - ES - Incident Management|100px | |||
rect 0 0 50 30 [https://wiki.de.it-processmaps.com/index.php/Incident_Management diese Seite auf Deutsch] | |||
rect 50 0 100 30 [https://wiki.es.it-processmaps.com/index.php/ITIL_Gestion_de_Incidentes esta página en español] | |||
desc none | |||
</imagemap> | |||
<br style="clear:both;"/> | |||
''' | == ITIL Incident Management: Overview == | ||
'''Process Objective''': To manage the lifecycle of all Incidents. The primary objective of Incident Management is to return the IT service to users as quickly as possible. | |||
'''Part of''': [[ITIL V3 Service Operation|Service Operation]] | '''Part of''': [[ITIL V3 Service Operation|Service Operation]] | ||
'''Process | '''Process Owner''': [[Incident Management#ITIL Roles and Boards in Incident Management|Incident Manager]] | ||
== ITIL Incident Management: Process Definition == | |||
[[Image:Itil-incident-management.jpg|thumb=overview_incident_management_itilv3_thumb.jpg|left|[https://wiki.en.it-processmaps.com/images/pdf/process_overview_incident_management_itilv3.pdf ITIL Incident Management]]] | |||
Essentially, the activities and process objectives of the Incident Management process are identical in ITIL V2 and V3. | |||
ITIL V3 distinguishes between [[Incident Management#Incident|Incidents]] (Service Interruptions) and [[Request Fulfilment#Service Request|Service Requests]] (standard requests from users, e.g. password resets). Service Requests are no longer fulfilled by Incident Management; instead there is a new process called [[Request Fulfilment]]. There is a dedicated process now for dealing with emergencies ("[[Incident Management#Handling of Major Incidents|Major Incidents]]"). A process interface was added between [[Event Management]] and Incident Management. Significant [[Event Management#Event Record|Events]] are now triggering the creation of an [[Incident Management#Incident|Incident]]. | |||
The following sub-processes are part of [[Incident Management|ITIL Incident Management]]: | |||
<br style="clear:both;"/> | |||
==Sub-Processes | === Sub-Processes === | ||
;Incident Management Support | ;Incident Management Support | ||
:Process Objective: To provide and maintain the tools, processes, skills and rules for an effective and efficient handling of Incidents. | :Process Objective: To provide and maintain the tools, processes, skills and rules for an effective and efficient handling of [[Incident Management#Incident|Incidents]]. | ||
;Incident Logging and Categorization | ;Incident Logging and Categorization | ||
:Process Objective: To record and prioritize the Incident with appropriate | :Process Objective: To [[Incident Management#Incident Record|record and prioritize the Incident]] with appropriate diligence, in order to facilitate a swift and effective resolution. | ||
;Immediate Incident Resolution by 1st Level Support | ;Immediate Incident Resolution by 1st Level Support | ||
:Process Objective: An Incident (service interruption) is to be solved within the agreed | :Process Objective: An [[Incident Management#Incident|Incident]] (service interruption) is to be solved within the agreed time schedule. The aim is the fast recovery of the IT service, where necessary with the aid of a [[Problem Management#Workaround|Workaround]]. As soon as it becomes clear that [[Roles within ITIL V3#ITIL V3 roles and boards within Service Operation|1st Level Support]] is not able to resolve the Incident itself or when target times for 1st level resolution are exceeded, the Incident is transferred to a suitable group within [[Roles within ITIL V3#ITIL V3 roles and boards within Service Operation|2nd Level Support]]. | ||
;Incident Resolution by 2nd Level Support | ;Incident Resolution by 2nd Level Support | ||
:Process Objective: An Incident (service interruption) is to be solved within the agreed | :Process Objective: An [[Incident Management#Incident|Incident]] (service interruption) is to be solved within the agreed time schedule. The aim is the fast recovery of the service, where necessary by means of a Workaround. If required, specialist support groups or third-party suppliers ([[Roles within ITIL V3#ITIL V3 roles and boards within Service Operation|3rd Level Support]]) are involved. If the correction of the root cause is not possible, a [[Problem Management#Problem Record|Problem Record]] is created and the error-correction transferred to [[Problem Management]]. | ||
;Handling of Major Incidents | ;<span id="Handling of Major Incidents">Handling of Major Incidents</span> | ||
:Process Objective: A major Incident is to be solved. Major Incidents cause serious | :Process Objective: A major Incident is to be solved. Major Incidents cause serious interruptions of business activities and must be solved with greater urgency. The aim is the fast recovery of the service, where necessary by means of a workaround. If required, specialist support groups or third-party suppliers (3rd Level Support) are involved. If the correction of the root cause is not possible, a Problem Record is created and the error-correction transferred to [[Problem Management]]. | ||
;Incident Closure and Evaluation | ;Incident Closure and Evaluation | ||
:Process Objective: To submit the Incident Record to a final quality control before it is closed. The aim is to make sure that the Incident is actually resolved and that all information required to describe the Incident's life-cycle is supplied in sufficient detail. In addition to this, findings from the resolution of the Incident are to be | :Process Objective: To submit the [[Incident Management#Incident Record|Incident Record]] to a final quality control before it is closed. The aim is to make sure that the Incident is actually resolved and that all information required to describe the Incident's life-cycle is supplied in sufficient detail. In addition to this, findings from the resolution of the Incident are to be recorded for future use. | ||
;Incident Monitoring and Escalation | ;Incident Monitoring and Escalation | ||
:Process Objective: The processing status of outstanding Incidents | :Process Objective: The processing status of outstanding Incidents is to be continuously monitored, so that counter-measures may be introduced as soon as possible if service levels are likely to be breached. | ||
;Pro-Active User Information | ;Pro-Active User Information | ||
:Process Objective: To inform users of service failures as soon as these are known to the Service Desk, so that users are in a position to adjust themselves to interruptions. Proactive user information also aims to reduce the number of inquiries by users. This process is also responsible for distributing other information to users, e.g. security alerts. | :Process Objective: To inform users of service failures as soon as these are known to the Service Desk, so that users are in a position to adjust themselves to interruptions. Proactive user information also aims to reduce the number of inquiries by users. This process is also responsible for distributing other information to users, e.g. [[IT Security Management#Security Alert|security alerts]]. | ||
;Incident Management Reporting | ;Incident Management Reporting | ||
:Process Objective: To supply Incident-related information to the other Service Management processes, and to ensure that that improvement potentials are derived from past Incidents. | :Process Objective: To supply Incident-related information to the other Service Management processes (see [[Incident Management#Incident Management Report|Incident Management Report]], and to ensure that that improvement potentials are derived from past Incidents. | ||
===== Downloads ===== | |||
Use the following links to open the process overview of Incident Management showing the most important interfaces: | |||
* [[:Image:Itil-incident-management.jpg|ITIL Incident Management (.JPG)]] | |||
* [https://wiki.en.it-processmaps.com/images/pdf/process_overview_incident_management_itilv3.pdf ITIL Incident Management (.PDF)]'' | |||
=== ITIL Terms: Incident Management === | |||
;<span id="Incident">Incident</span> | |||
:An Incident is defined as an unplanned interruption or reduction in quality of an IT service (a Service Interruption). | |||
;<span id="Incident Escalation Rules">Incident Escalation Rules</span> | |||
:A set of rules defining a hierarchy for escalating Incidents, and triggers which lead to escalations. Triggers are usually based on Incident severity and resolution times. | |||
;<span id="Incident Management Report">Incident Management Report</span> | |||
:A series of reports produced by the Incident Manager for various target groups (IT Management, Service Level Management, other Service Management processes, or Incident Management itself). Depending on the target group, the Report will focus upon process quality, volume of inquiries, service quality, itemization of Incidents by category, ... | |||
;<span id="Incident Model">Incident Model</span> | |||
:An Incident Model contains the pre-defined steps that should be taken for dealing with a particular type of Incident. This is a way to ensure that routinely occurring Incidents are handled efficiently and effectively. | |||
;<span id="Incident Record">Incident Record</span> | |||
:A set of data with all details of an Incident, documenting the history of the Incident from registration to resolution. An Incident is defined as an unplanned interruption or reduction in quality of an IT service. Every event that could potentially impair an IT service in the future is also an Incident (e.g. the failure of one hard-drive of a set of mirrored drives). See also: [[Checklist Incident Record|ITIL Checklist Incident Record]] | |||
;<span id="Incident Status Information">Incident Status Information</span> | |||
:A message containing the present status of an Incident, usually sent to a user who earlier reported that Incident. | |||
;<span id="Incident Status Inquiry">Incident Status Inquiry</span> | |||
:An inquiry regarding the present status of an Incident, usually from a user who earlier reported that Incident. | |||
;<span id="Notification of Service Failure">Notification of Service Failure</span> | |||
:The reporting of a service failure to the Service Desk, for example by a user via telephone or e-mail, or by a system monitoring tool. | |||
;<span id="Pro-Active User Information">Pro-Active User Information</span> | |||
:A notification to users of existing or imminent service failures even if the users are not yet aware of the interruptions, so that users are in a position to prepare themselves for a period of service unavailability. | |||
;<span id="Support Request">Support Request</span> | |||
:A request to support the resolution of an Incident or Problem, usually issued from the Incident or Problem Management processes when further assistance is needed from technical experts. | |||
;<span id="User Escalation">User Escalation</span> | |||
:Escalation regarding the processing of an Incident, initiated by a user experiencing delays or a failure to restore their services. | |||
;<span id="User-FAQs">User-FAQs</span> | |||
:Self-help information for users supplied by the Service Desk, usually as part of the Support Pages on the intranet. | |||
== Additional Information on Incident Management == | |||
==== ITIL KPIs and Checklists ==== | |||
* [[ITIL KPIs Service Operation#ITIL KPIs Incident Management|Key Performance Indicators (KPIs) Incident Management]] | |||
* [[Checklist Incident Record|Checklists Incident Management: Checklist Incident Record]] | |||
==== ITIL Roles and Boards in Incident Management ==== | |||
;Incident Manager - Process Owner | |||
:The Incident Manager is responsible for the effective implementation of the process "Incident Management" and carries out the respective reporting procedure. | |||
:He represents the first stage of escalation for Incidents, should these not be resolvable within the agreed Service Levels. | |||
;1st Level Support | |||
:The responsibility of 1st Level Support is to register and classify received Incidents and to undertake an immediate effort in order to restore a failed IT Service as quickly as possible. | |||
:If no ad-hoc solution can be achieved, 1st Level Support will transfer the Incident to expert Technical Support Groups (2nd Level Support). | |||
:1st Level Support also processes Service Requests and keeps users informed about their Incidents' status at agreed intervals. | |||
;2nd Level Support | |||
: 2nd Level Support takes over Incidents which cannot be solved immediately with the means of 1st Level Support. | |||
:If necessary, it will request external support, e.g. from software or hardware manufacturers. | |||
:The aim is to restore a failed IT Service as quickly as possible. | |||
:If no solution can be found, the 2nd Level Support passes on the Incident to Problem Management. | |||
;3rd Level Support | |||
:3rd Level Support is typically located at hardware or software manufacturers. | |||
:Its services are requested by 2nd Level Support if required for solving an Incident. | |||
:The aim is to restore a failed IT Service as quickly as possible. | |||
;Major Incident Team | |||
:A dynamically established team of IT managers and technical experts, usually under the leadership of the Incident Manager, formulated to concentrate on the resolution of a Major Incident. | |||
== Demo ITIL Process Map V3: Incident Management == | |||
The [https://en.it-processmaps.com/products/demo-itil-process-map.html ITIL Process Map V3 video] shows samples of the ITIL process templates with contents from Service Operation and Incident Management processes, including the | |||
* high-level view of the ITIL V3 Service Lifecycle (Level 0) | |||
* overview of the Service Operation process (Level 1) | |||
* overview of the Incident Management process (Level 2) | |||
* detailed process flow for the process "Incident Resolution by 1st Level Support" (Level 3) | |||
<i><small>[[Main Page|Home]] > [[ITIL Processes]] > [[ITIL V3 Service Operation|Service Operation]] > [[Incident Management|Incident Management]]</small></i> | |||
<!-- This page is assigned to the following categories: --> | |||
[[Category:ITIL V3]][[Category:ITIL process]][[Category:Service Operation|Incident Management]][[Category:Incident Management|!]] | |||
<!-- --- --> | |||
Revision as of 20:50, 2 July 2011
<seo metakeywords="itil incident management, itil v3 incident management, incident management process" metadescription="Incident Management: ITIL process definition - subprocesses - Additional information on Incident Management." />
ITIL Incident Management: Overview
Process Objective: To manage the lifecycle of all Incidents. The primary objective of Incident Management is to return the IT service to users as quickly as possible.
Part of: Service Operation
Process Owner: Incident Manager
ITIL Incident Management: Process Definition
Essentially, the activities and process objectives of the Incident Management process are identical in ITIL V2 and V3.
ITIL V3 distinguishes between Incidents (Service Interruptions) and Service Requests (standard requests from users, e.g. password resets). Service Requests are no longer fulfilled by Incident Management; instead there is a new process called Request Fulfilment. There is a dedicated process now for dealing with emergencies ("Major Incidents"). A process interface was added between Event Management and Incident Management. Significant Events are now triggering the creation of an Incident.
The following sub-processes are part of ITIL Incident Management:
Sub-Processes
- Incident Management Support
- Process Objective: To provide and maintain the tools, processes, skills and rules for an effective and efficient handling of Incidents.
- Incident Logging and Categorization
- Process Objective: To record and prioritize the Incident with appropriate diligence, in order to facilitate a swift and effective resolution.
- Immediate Incident Resolution by 1st Level Support
- Process Objective: An Incident (service interruption) is to be solved within the agreed time schedule. The aim is the fast recovery of the IT service, where necessary with the aid of a Workaround. As soon as it becomes clear that 1st Level Support is not able to resolve the Incident itself or when target times for 1st level resolution are exceeded, the Incident is transferred to a suitable group within 2nd Level Support.
- Incident Resolution by 2nd Level Support
- Process Objective: An Incident (service interruption) is to be solved within the agreed time schedule. The aim is the fast recovery of the service, where necessary by means of a Workaround. If required, specialist support groups or third-party suppliers (3rd Level Support) are involved. If the correction of the root cause is not possible, a Problem Record is created and the error-correction transferred to Problem Management.
- Handling of Major Incidents
- Process Objective: A major Incident is to be solved. Major Incidents cause serious interruptions of business activities and must be solved with greater urgency. The aim is the fast recovery of the service, where necessary by means of a workaround. If required, specialist support groups or third-party suppliers (3rd Level Support) are involved. If the correction of the root cause is not possible, a Problem Record is created and the error-correction transferred to Problem Management.
- Incident Closure and Evaluation
- Process Objective: To submit the Incident Record to a final quality control before it is closed. The aim is to make sure that the Incident is actually resolved and that all information required to describe the Incident's life-cycle is supplied in sufficient detail. In addition to this, findings from the resolution of the Incident are to be recorded for future use.
- Incident Monitoring and Escalation
- Process Objective: The processing status of outstanding Incidents is to be continuously monitored, so that counter-measures may be introduced as soon as possible if service levels are likely to be breached.
- Pro-Active User Information
- Process Objective: To inform users of service failures as soon as these are known to the Service Desk, so that users are in a position to adjust themselves to interruptions. Proactive user information also aims to reduce the number of inquiries by users. This process is also responsible for distributing other information to users, e.g. security alerts.
- Incident Management Reporting
- Process Objective: To supply Incident-related information to the other Service Management processes (see Incident Management Report, and to ensure that that improvement potentials are derived from past Incidents.
Downloads
Use the following links to open the process overview of Incident Management showing the most important interfaces:
ITIL Terms: Incident Management
- Incident
- An Incident is defined as an unplanned interruption or reduction in quality of an IT service (a Service Interruption).
- Incident Escalation Rules
- A set of rules defining a hierarchy for escalating Incidents, and triggers which lead to escalations. Triggers are usually based on Incident severity and resolution times.
- Incident Management Report
- A series of reports produced by the Incident Manager for various target groups (IT Management, Service Level Management, other Service Management processes, or Incident Management itself). Depending on the target group, the Report will focus upon process quality, volume of inquiries, service quality, itemization of Incidents by category, ...
- Incident Model
- An Incident Model contains the pre-defined steps that should be taken for dealing with a particular type of Incident. This is a way to ensure that routinely occurring Incidents are handled efficiently and effectively.
- Incident Record
- A set of data with all details of an Incident, documenting the history of the Incident from registration to resolution. An Incident is defined as an unplanned interruption or reduction in quality of an IT service. Every event that could potentially impair an IT service in the future is also an Incident (e.g. the failure of one hard-drive of a set of mirrored drives). See also: ITIL Checklist Incident Record
- Incident Status Information
- A message containing the present status of an Incident, usually sent to a user who earlier reported that Incident.
- Incident Status Inquiry
- An inquiry regarding the present status of an Incident, usually from a user who earlier reported that Incident.
- Notification of Service Failure
- The reporting of a service failure to the Service Desk, for example by a user via telephone or e-mail, or by a system monitoring tool.
- Pro-Active User Information
- A notification to users of existing or imminent service failures even if the users are not yet aware of the interruptions, so that users are in a position to prepare themselves for a period of service unavailability.
- Support Request
- A request to support the resolution of an Incident or Problem, usually issued from the Incident or Problem Management processes when further assistance is needed from technical experts.
- User Escalation
- Escalation regarding the processing of an Incident, initiated by a user experiencing delays or a failure to restore their services.
- User-FAQs
- Self-help information for users supplied by the Service Desk, usually as part of the Support Pages on the intranet.
Additional Information on Incident Management
ITIL KPIs and Checklists
- Key Performance Indicators (KPIs) Incident Management
- Checklists Incident Management: Checklist Incident Record
ITIL Roles and Boards in Incident Management
- Incident Manager - Process Owner
- The Incident Manager is responsible for the effective implementation of the process "Incident Management" and carries out the respective reporting procedure.
- He represents the first stage of escalation for Incidents, should these not be resolvable within the agreed Service Levels.
- 1st Level Support
- The responsibility of 1st Level Support is to register and classify received Incidents and to undertake an immediate effort in order to restore a failed IT Service as quickly as possible.
- If no ad-hoc solution can be achieved, 1st Level Support will transfer the Incident to expert Technical Support Groups (2nd Level Support).
- 1st Level Support also processes Service Requests and keeps users informed about their Incidents' status at agreed intervals.
- 2nd Level Support
- 2nd Level Support takes over Incidents which cannot be solved immediately with the means of 1st Level Support.
- If necessary, it will request external support, e.g. from software or hardware manufacturers.
- The aim is to restore a failed IT Service as quickly as possible.
- If no solution can be found, the 2nd Level Support passes on the Incident to Problem Management.
- 3rd Level Support
- 3rd Level Support is typically located at hardware or software manufacturers.
- Its services are requested by 2nd Level Support if required for solving an Incident.
- The aim is to restore a failed IT Service as quickly as possible.
- Major Incident Team
- A dynamically established team of IT managers and technical experts, usually under the leadership of the Incident Manager, formulated to concentrate on the resolution of a Major Incident.
Demo ITIL Process Map V3: Incident Management
The ITIL Process Map V3 video shows samples of the ITIL process templates with contents from Service Operation and Incident Management processes, including the
- high-level view of the ITIL V3 Service Lifecycle (Level 0)
- overview of the Service Operation process (Level 1)
- overview of the Incident Management process (Level 2)
- detailed process flow for the process "Incident Resolution by 1st Level Support" (Level 3)
Home > ITIL Processes > Service Operation > Incident Management
