ITIL Incident Management: 7 Terms You Need to Know

No IT service provider worth its salt will operate without an incident management process. The incident management process is part of the ITIL Service Operation stage of the ITIL lifecycle. Online ITIL Training defines seven key terms that are used in the incident management process. All IT service owners and service managers should know these terms. ITIL certification exam usually assesses the knowledge about how these seven terms are used in the incident management process. Here are the seven incident management terms that you need to know.

Incident Management Term 1: Incident

In incident management, an incident is an unplanned interruption to an IT Service or reduction in the quality of an IT Service. Failure of a service, service degradation, failure of a server etc. are all incidents. These incidents all affect the service delivery to the customer or business. Note that, in incident management, not only failures but also decreases in the service levels are reported as incidents. For instance, if it is expected of a service to respond in one hundred milliseconds, but the service is returning the results after one hundred and fifty milliseconds, this is not a failure. But the service is not meeting the agreed service levels, therefore, this is an incident.

In incident management, failure of a configuration item that has not yet affected service is also an incident. Active-active working databases in IT service providers help to serve the customers even if one of the databases is down; because the other replicate of the database will be serving. However, although this won’t affect the service delivery to the customer, this is an incident as well because one of the databases of this configuration is down.

Incident Management Term 2: Service Request

In incident management, a service request is a request from a user for information or advice or for a standard change or for access to an IT Service. For instance, to reset a password or to provide standard IT Services for a new user are examples of service requests. These are standard changes from ITIL service management point of view. According to the incident management process, service requests are usually handled by a Service Desk and do not require a request for a change to be submitted. Resetting a password of a user, providing installed PC applications for a new employee etc. are all service requests which are standard. These kinds of requests are handled by the Service Desk without further escalation to the other teams. Incidents or problems that cannot be solved by the service desk are escalated further as stipulated by the incident management process.

Incident Management Term 3: Time Period

In incident management, a time period is a period of time that must be agreed on for all phases of incident management and the time period depends on the priority of the incident. For instance, an IT Service Provider and the customer can agree that the priority one incidents must be fixed in less than four hours, priority two incidents must be fixed in less than twelve hours and priority three incidents must be fixed in less than seventy-two hours. These kinds of time periods for the incidents and priority levels are negotiated and agreed between the IT service provider and the business. And these time periods directly affect the customer experience whenever an incident happens in a live environment.

A time period is based on the general response time and resolution rate (targets) of SLAs and incorporates the OLAs and contracts. Possible incidents that can occur in service operation and possible times to fix these incidents are evaluated by the IT Service provider and negotiated with the business. Then, these are written down in SLAs and OLAs in addition to respective penalties in case of not meeting these time periods.

The respective period of time is integrated into service management tools and is used for escalation in incident management. For instance, if an incident might travel between the different departments of the IT service provider, this must be integrated into service management tools. Whenever the incident will be escalated to another department, this must be progressed in the tool.

Incident Management Term 4: Impact

In incident management, the impact is a measure of the effect of an incident, problem or change on business processes. For instance, if one of the application servers will be down, one hundred thousand users will not be using the finance news service. Or, if database one hundred thirty-two fails, customers in the San Francisco region will not be able to withdraw money until it is fixed. These are examples of the impacts of incidents in incident management.

The impact is often based on how Service Levels will be affected. For instance, if it is expected that a customer will be able to withdraw the money in ten seconds, and due to an incident, the impact might be that the customer will only be able to withdraw money in twelve seconds. This incident’s impact is exceeding the money withdrawal service level of the IT Service Provider in this case.

Incident Management Term 5: Urgency

In incident management, the urgency is a measure of how long it will be, until an incident, problem or change has a significant impact on the business. For example, a high impact incident may have low urgency, if the impact will not affect the business until the end of the financial year. Let’s consider that a service updates the annual data of the customer and sends a report in the first week of the new year. If this service runs and generates output in last week of the year, and if there is an incident found in this service in June, this will not have an impact on the service till the end of the year. Therefore, it will have low urgency.

Impact and urgency are used to assign priority. A high impact incident might not be that urgent if it is not affecting the service delivery, while a low impact incident that causes service quality decreases may be more urgent. Priority can be found by multiplying the impact score with the urgency score. The impact and urgency score of an incident can be assigned on a one-to-ten scale for example. And based on the results, priorities of the incidents can be determined.

Incident Management Term 6: Priority

In incident management, priority is a category used to identify the relative importance of an incident, problem or change. And as we’ve defined already, the impact and urgency of an incident are used to determine the priority of an incident. And priority is used to identify the required times for actions to be taken. For instance, a Service Level Agreement between the IT service provider and the customer may declare that:

• Priority 1 incidents must be resolved within 6 hours
• Priority 2 incidents must be resolved within 48 hours
• Priority 3 incidents must be resolved within 72 hours.

These priorities are assigned as part of the incident management process and are handled according to their priority status and agreed action time periods.

Incident Management Term 7: Major Incident

In incident management, a major incident is the highest category of impact for an incident and generally, a major incident results in significant disruption of the business. For instance, an incident in a bank which causes money transfers to stop and an incident in a telecom operator causing subscribers to be unable to make voice calls are examples of major incidents. These are fundamental functionalities of a bank and telecom operator that the customers want to use. In incident management definitions, incidents affecting fundamental functionalities are major incidents.