The Incident Management Process is one of the most important processes of the ITIL Service Operation stage of the ITIL lifecycle. The Incident Management Process is the process that deals with managing service problems that may cause a deficit in service quality and subsequently a drop in customer satisfaction. According to the ITIL training guidelines, an incident is referred to as a failure or service degradation of an IT service or configuration item. Therefore, an incident in an IT service provider causes the service quality to decrease. The Incident Management Process is designed to effectively deal with incidents to avoid a loss in service quality as explained in ITIL foundation certification training. Let’s look at what the Incident Management Process is all about.
The objective of the Incident Management Process
The main objective of the incident management process is to first restore normal service operations as quickly as possible and second to limit the adverse impact on business operations to a minimum such that availability and quality of service remain on the highest level possible. These two objectives are the purpose of the Incident Management Process.
The objective of the Incident Management Process can be explained by an example. Let’s assume that a money withdrawal service of an ATM is down. This is a critical incident and the Incident Management Process aims to restore this money withdrawal service as soon as possible in order to prevent service quality decreases that will be perceived by the customers. While the money withdrawal service is down, the ATM shows the nearest ATMs that the customer can withdraw money from. And this helps to limit the adverse impact on the customer satisfaction.
Normal service operation is that is defined here is service operation where the specifications of SLAs are observed. If we consider our previous example, fixing the money withdrawal service is getting back to the normal service operation. In some cases, agreed service levels cannot be met and these cases are incidents as well. For instance, if the agreed service level for money withdrawal is completing the transaction in less than eight seconds, and if one of the ATMs is completing the transactions in more than eight seconds, this is an example of an incident because the agreed service level was exceeded and must be fixed as soon as possible.
The scope of the Incident Management Process
What is the scope of the Incident Management Process? The Incident Management Process includes every event that interrupts or could interrupt a service. So any kind of event, issue or problem that can cause service delivery failures or degradation in service delivery quality must be treated appropriately and service operation must be ensured immediately through an Incident Management Process.
In an Incident Management Process, incidents are reported and/or logged by specialized staff. There can be several events occurring in an IT Service provider. But if an event means that agreed service levels cannot be met, these are flagged by the specialized staff as an incident. For instance, both the locking a user account after a password has been entered incorrectly three times and the failure of an application server are events. However, the locking of the user account is not an incident and after taking proper actions, the user account can be unlocked and this does not affect the service delivery to the other users of the IT Service provider. However, an application server failure affects other users, therefore needs to be reported and logged as an incident by the specialized staff.
Within the scope of the Incident Management Process, both incidents and service request are reported to the service desk. For instance, changing notebooks of the personnel every three years and updating all corresponding applications is a service request. These kinds of service requests and incidents faced by the customer are both reported to the service desk. Then, in the Incident Mangement Process escalation path, incidents are directed to more specialized staff who can solve the problems.
Incident Management Process: The Incident Model
The Incident Model is a process for predefining the measures that are associated with handling a certain type of incident. For instance, the procedure for handling a major incident, a normal incident or a low priority incident are defined in incident models as part of the Incident Management Process.
Incident Management Process support tools can be used to manage the necessary process. For example, security-relevant incidents may be forwarded to the information security management process and performance-related incidents may be forwarded to the capacity management process. Or similarly, if an incident is related to a third-party service provided by a supplier or partner, this might be forwarded to the partner or supplier. These kinds of escalations are documented in Incident Models as part of the Incident Management Process.
Incident Models also include activities, duration and escalation rules. For instance, if a major incident is escalated to the supplier, the supplier must take action in less than two hours. In another example of a rule, the service desk cannot directly escalate an incident to the supplier or partner. These kinds of rules, activities, and escalations are defined in Incident Models as part of the Incident Management Process.
The Incident Management Process Flow
In the Incident Management Process, the first step is the receiving of an event. Incidents, service requests or problems from the customer or business can come through the event management process, web interface, phone call or email. There can be also other channels where incidents are received such as tools or direct communication etc. After events are received, incident identification is done. Only events which can cause service failures or degradations are considered as incidents. Service requests are handled by the service desk and if the reported event is a request for change, these are not incidents and other relevant processes are progressed.
After an event is identified as an incident, it is logged in the next step of the Incident Management Process. And in the next step of the Incident Management Process, it is categorized. The impact and urgency of the incident are determined. Then in the next step, incident prioritization is done. If an incident is a major incident, a special procedure for major incidents is followed in next steps. Major incidents cause disruption in the business and must be treated immediately.
Incidents are diagnosed and functional escalations are done in the next steps of the Incident Management Process. An incident might travel through different departments, functions or suppliers. Until a resolution is found, the incident is diagnosed by all relevant parties. Once the resolution is found, it is applied and after it is seen that the incident is fixed, the incident is closed. And so the process flow of the Incident Management Process is completed.
