Incident Management: Difference between revisions
From IT Process Wiki
mNo edit summary |
|||
| Line 1: | Line 1: | ||
<seo metakeywords="itil incident management, | <seo metakeywords="itil incident management, incident management itil" metadescription="Incident Management: ITIL process definition - Sub-processes - Terms - Additional information on Incident Management." /> | ||
<imagemap> | <imagemap> | ||
Image:ITIL-Wiki-de-es.jpg|DE - ES - Incident Management|100px | Image:ITIL-Wiki-de-es.jpg|DE - ES - Incident Management|100px | ||
| Line 8: | Line 8: | ||
<br style="clear:both;"/> | <br style="clear:both;"/> | ||
<p> </p> | |||
''ITIL Incident Management'' aims to manage the lifecycle of all Incidents. The primary objective of Incident Management is to return the IT service to users as quickly as possible. | ''ITIL Incident Management'' aims to manage the lifecycle of all Incidents. The primary objective of Incident Management is to return the IT service to users as quickly as possible. | ||
| Line 18: | Line 18: | ||
<p> </p> | <p> </p> | ||
== | == ITIL Incident Management == | ||
==== Process Definition ==== | |||
Essentially, the activities and process objectives of ITIL Incident Management are identical in ITIL V2 and V3. | |||
[[Image:Itil-incident-management.jpg|right|thumb|375px|alt=Incident Management ITIL|[https://wiki.en.it-processmaps.com/images/pdf/process_overview_incident_management_itilv3.pdf ITIL Incident Management]]] | |||
Incident Management distinguishes between [[Incident Management#Incident|Incidents]] (Service Interruptions) and [[Request Fulfilment#Service Request|Service Requests]] (standard requests from users, e.g. password resets). Service Requests are no longer fulfilled by Incident Management; instead there is a new process in ITIL V3 called Request Fulfilment. | |||
There is a dedicated process now for dealing with emergencies ("[[Incident Management#Handling of Major Incidents|Major Incidents]]"). A process interface was added between | There is a dedicated process now for dealing with emergencies ("[[Incident Management#Handling of Major Incidents|Major Incidents]]"). A process interface was added between Event Management and Incident Management. Significant [[Event Management#Event|Events]] are now triggering the creation of an [[Incident Management#Incident|Incident]]. | ||
<p> </p> | |||
< | |||
= | <span id="Sub-Processes">''These are the [[Incident Management|ITIL Incident Management]] sub-processes:''</span> | ||
<p> </p> | |||
;Incident Management Support | ;Incident Management Support | ||
| Line 62: | Line 64: | ||
<p> </p> | <p> </p> | ||
== ITIL Terms | ==== ITIL Terms ==== | ||
;<span id="Incident">Incident</span> | ;<span id="Incident">Incident</span> | ||
| Line 68: | Line 70: | ||
;<span id="Incident Escalation Rules">Incident Escalation Rules</span> | ;<span id="Incident Escalation Rules">Incident Escalation Rules</span> | ||
:A set of rules defining a hierarchy for [[Incident Management#Incident Escalation|escalating Incidents]], and triggers which lead to escalations. Triggers are usually based on Incident severity and resolution times. | :A set of rules defining a hierarchy for [[Incident Management#Incident Escalation|escalating Incidents]], and triggers which lead to escalations. Triggers are usually based on Incident severity and resolution times. See also: [[Checklist Incident Priority]] | ||
;<span id="Incident Management Report">Incident Management Report</span> | ;<span id="Incident Management Report">Incident Management Report</span> | ||
| Line 77: | Line 79: | ||
;<span id="Incident Prioritization Guideline">Incident Prioritization Guideline</span> | ;<span id="Incident Prioritization Guideline">Incident Prioritization Guideline</span> | ||
:The Incident Prioritization Guideline describes the rules for assigning priorities to Incidents, including the definition of what constitutes a [[Incident Management#Major Incident|Major Incident]]. Since Incident Management escalation rules are usually based on priorities, assigning the correct priority to an Incident is essential for triggering [[Incident Management#Incident Escalation Rules|appropriate escalations]]. | :The Incident Prioritization Guideline describes the rules for assigning priorities to Incidents, including the definition of what constitutes a [[Incident Management#Major Incident|Major Incident]]. Since Incident Management escalation rules are usually based on priorities, assigning the correct priority to an Incident is essential for triggering [[Incident Management#Incident Escalation Rules|appropriate escalations]]. See also: [[Checklist Incident Priority|Checklist Incident Prioritization Guideline]] | ||
;<span id="Incident Record">Incident Record</span> | ;<span id="Incident Record">Incident Record</span> | ||
| Line 89: | Line 91: | ||
;<span id="Major Incident">Major Incident</span> | ;<span id="Major Incident">Major Incident</span> | ||
:Major Incidents cause serious interruptions of business activities and must be solved with greater urgency. | :Major Incidents cause serious interruptions of business activities and must be solved with greater urgency. See also: [[Checklist Incident Priority#Circumstances that warrant the Incident to be treated as a Major Incident|Checklist Incident Priority: Major Incidents]] | ||
;<span id="Major Incident Review">Major Incident Review</span> | ;<span id="Major Incident Review">Major Incident Review</span> | ||
| Line 111: | Line 113: | ||
<p> </p> | <p> </p> | ||
== | ==== Checklists | KPIs ==== | ||
* [[ITIL KPIs Service Operation#ITIL KPIs Incident Management|Key Performance Indicators (KPIs) Incident Management]] | |||
*[[ITIL-Checklists#The most sought-after ITIL V3 Checklists|Checklists Incident Management]]: | |||
** [[Checklist Incident Record]] | |||
** [[Checklist Incident Priority]] | |||
<p> </p> | |||
==== | ==== Roles | Boards ==== | ||
;<span id="Incident Manager">Incident Manager - Process Owner</span> | ;<span id="Incident Manager">Incident Manager - Process Owner</span> | ||
:The Incident Manager is responsible for the effective implementation of the | :The Incident Manager is responsible for the effective implementation of the [[Incident Management]] process and carries out the corresponding reporting procedure. | ||
:He represents the first stage of escalation for Incidents, should these not be resolvable within the agreed Service Levels. | :He represents the first stage of escalation for Incidents, should these not be resolvable within the agreed Service Levels. | ||
;<span id="1st Level Support">1st Level Support</span> | ;<span id="1st Level Support">1st Level Support</span> | ||
:The responsibility of 1st Level Support is to register and classify received Incidents and to undertake an immediate effort in order to restore a failed IT | :The responsibility of 1st Level Support is to register and classify received Incidents and to undertake an immediate effort in order to restore a failed IT service as quickly as possible. | ||
:If no ad-hoc solution can be achieved, 1st Level Support will transfer the Incident to expert | :If no ad-hoc solution can be achieved, 1st Level Support will transfer the Incident to expert technical support groups (2nd Level Support). | ||
:1st Level Support also processes Service Requests and keeps users informed about their Incidents' status at agreed intervals. | :1st Level Support also processes Service Requests and keeps users informed about their Incidents' status at agreed intervals. | ||
| Line 145: | Line 149: | ||
<p> </p> | <p> </p> | ||
== | ==== Downloads ==== | ||
{| | {| | ||
Revision as of 17:48, 23 September 2011
<seo metakeywords="itil incident management, incident management itil" metadescription="Incident Management: ITIL process definition - Sub-processes - Terms - Additional information on Incident Management." />
ITIL Incident Management aims to manage the lifecycle of all Incidents. The primary objective of Incident Management is to return the IT service to users as quickly as possible.
Part of: Service Operation
Process Owner: Incident Manager
ITIL Incident Management
Process Definition
Essentially, the activities and process objectives of ITIL Incident Management are identical in ITIL V2 and V3.
Incident Management distinguishes between Incidents (Service Interruptions) and Service Requests (standard requests from users, e.g. password resets). Service Requests are no longer fulfilled by Incident Management; instead there is a new process in ITIL V3 called Request Fulfilment.
There is a dedicated process now for dealing with emergencies ("Major Incidents"). A process interface was added between Event Management and Incident Management. Significant Events are now triggering the creation of an Incident.
These are the ITIL Incident Management sub-processes:
- Incident Management Support
- Process Objective: To provide and maintain the tools, processes, skills and rules for an effective and efficient handling of Incidents.
- Incident Logging and Categorization
- Process Objective: To record and prioritize the Incident with appropriate diligence, in order to facilitate a swift and effective resolution.
- Immediate Incident Resolution by 1st Level Support
- Process Objective: To solve an Incident (service interruption) within the agreed time schedule. The aim is the fast recovery of the IT service, where necessary with the aid of a Workaround. As soon as it becomes clear that 1st Level Support is not able to resolve the Incident itself or when target times for 1st level resolution are exceeded, the Incident is transferred to a suitable group within 2nd Level Support.
- Incident Resolution by 2nd Level Support
- Process Objective: To solve an Incident (service interruption) within the agreed time schedule. The aim is the fast recovery of the service, where necessary by means of a Workaround. If required, specialist support groups or third-party suppliers (3rd Level Support) are involved. If the correction of the root cause is not possible, a Problem Record is created and the error-correction transferred to Problem Management.
- Handling of Major Incidents
- Process Objective: To resolve a Major Incident. Major Incidents cause serious interruptions of business activities and must be resolved with greater urgency. The aim is the fast recovery of the service, where necessary by means of a workaround. If required, specialist support groups or third-party suppliers (3rd Level Support) are involved. If the correction of the root cause is not possible, a Problem Record is created and the error-correction transferred to Problem Management.
- Incident Monitoring and Escalation
- Process Objective: The processing status of outstanding Incidents is to be continuously monitored, so that counter-measures may be introduced as soon as possible if service levels are likely to be breached.
- Incident Closure and Evaluation
- Process Objective: To submit the Incident Record to a final quality control before it is closed. The aim is to make sure that the Incident is actually resolved and that all information required to describe the Incident's life-cycle is supplied in sufficient detail. In addition to this, findings from the resolution of the Incident are to be recorded for future use.
- Pro-Active User Information
- Process Objective: To inform users of service failures as soon as these are known to the Service Desk, so that users are in a position to adjust themselves to interruptions. Proactive user information also aims to reduce the number of inquiries by users. This process is also responsible for distributing other information to users, e.g. security alerts.
- Incident Management Reporting
- Process Objective: To supply Incident-related information to the other Service Management processes, and to ensure that that improvement potentials are derived from past Incidents.
ITIL Terms
- Incident
- An Incident is defined as an unplanned interruption or reduction in quality of an IT service (a Service Interruption).
- Incident Escalation Rules
- A set of rules defining a hierarchy for escalating Incidents, and triggers which lead to escalations. Triggers are usually based on Incident severity and resolution times. See also: Checklist Incident Priority
- Incident Management Report
- A report supplying Incident-related information to the other Service Management processes.
- Incident Model
- An Incident Model contains the pre-defined steps that should be taken for dealing with a particular type of Incident. This is a way to ensure that routinely occurring Incidents are handled efficiently and effectively.
- Incident Prioritization Guideline
- The Incident Prioritization Guideline describes the rules for assigning priorities to Incidents, including the definition of what constitutes a Major Incident. Since Incident Management escalation rules are usually based on priorities, assigning the correct priority to an Incident is essential for triggering appropriate escalations. See also: Checklist Incident Prioritization Guideline
- Incident Record
- A set of data with all details of an Incident, documenting the history of the Incident from registration to resolution. An Incident is defined as an unplanned interruption or reduction in quality of an IT service. Every event that could potentially impair an IT service in the future is also an Incident (e.g. the failure of one hard-drive of a set of mirrored drives). See also: ITIL Checklist Incident Record
- Incident Status Information
- A message containing the present status of an Incident, usually sent to a user who earlier reported that Incident.
- Incident Status Inquiry
- An inquiry regarding the present status of an Incident, usually from a user who earlier reported that Incident.
- Major Incident
- Major Incidents cause serious interruptions of business activities and must be solved with greater urgency. See also: Checklist Incident Priority: Major Incidents
- Major Incident Review
- A Major Incident Review takes place after a Major Incident has occurred. The review documents the Incident's underlying causes (if known) and the complete resolution history, and identifies opportunities for improving the handling of future Major Incidents.
- Notification of Service Failure
- The reporting of a service failure to the Service Desk, for example by a user via telephone or e-mail, or by a system monitoring tool.
- Pro-Active User Information
- A notification to users of existing or imminent service failures even if the users are not yet aware of the interruptions, so that users are in a position to prepare themselves for a period of service unavailability.
- Support Request
- A request to support the resolution of an Incident or Problem, usually issued from the Incident or Problem Management processes when further assistance is needed from technical experts.
- User Escalation
- Escalation regarding the processing of an Incident, initiated by a user experiencing delays or a failure to restore their services.
- User FAQs
- Self-help information for users supplied by the Service Desk, usually as part of the Support Pages on the intranet.
Checklists | KPIs
Roles | Boards
- Incident Manager - Process Owner
- The Incident Manager is responsible for the effective implementation of the Incident Management process and carries out the corresponding reporting procedure.
- He represents the first stage of escalation for Incidents, should these not be resolvable within the agreed Service Levels.
- 1st Level Support
- The responsibility of 1st Level Support is to register and classify received Incidents and to undertake an immediate effort in order to restore a failed IT service as quickly as possible.
- If no ad-hoc solution can be achieved, 1st Level Support will transfer the Incident to expert technical support groups (2nd Level Support).
- 1st Level Support also processes Service Requests and keeps users informed about their Incidents' status at agreed intervals.
- 2nd Level Support
- 2nd Level Support takes over Incidents which cannot be solved immediately with the means of 1st Level Support.
- If necessary, it will request external support, e.g. from software or hardware manufacturers.
- The aim is to restore a failed IT Service as quickly as possible.
- If no solution can be found, the 2nd Level Support passes on the Incident to Problem Management.
- 3rd Level Support
- 3rd Level Support is typically located at hardware or software manufacturers.
- Its services are requested by 2nd Level Support if required for solving an Incident.
- The aim is to restore a failed IT Service as quickly as possible.
- Major Incident Team
- A dynamically established team of IT managers and technical experts, usually under the leadership of the Incident Manager, formulated to concentrate on the resolution of a Major Incident.
Downloads
|
Use the following links to open the process overview of Incident Management showing the most important interfaces: |
|
Demo ITIL Process Map V3: Incident Management
The ITIL Process Map V3 video shows samples of the ITIL process templates with contents from Service Operation and Incident Management processes, including the
- high-level view of the ITIL V3 Service Lifecycle (Level 0)
- overview of the Service Operation process (Level 1)
- overview of the Incident Management process (Level 2)
- detailed process flow for the process "Incident Resolution by 1st Level Support" (Level 3)
