Incident Management

Incident Management is defined as a Service Support process in the Information Technology Infrastructure Library version 2.

Its primary objective is to restore normal service operation (as defined in the SLAs) as quickly as possible and minimise the adverse impact on business operations.

Definitions
An incident is any event which is not part of the standard operation of a service and which causes, or may cause, an interruption to, or a reduction in, the quality of that service.

A service request

Concepts
Impact and urgency.

Functional and hierarchical escalation.

Activities
The Six Incident Management activities are:
 * 1) Incident detection and recording
 * 2) Classification and initial support
 * 3) Investigation and diagnosis
 * 4) Resolution and recovery
 * 5) Incident closure
 * 6) Incident ownership, monitoring, tracking and communication

Handling of major Incidents
Major Incidents are those for which the degree of impact on the User community is extreme. Incidents for which the timescale of disruption - to even a relatively small percentage of Users - becomes excessive should also be regarded as major.

The Problem Manager should in these circumstances be notified (if not already aware) and should arrange a formal meeting with interested parties (or regular meetings if necessary). These should be attended by all key in-house support staff, vendor support staff and IT services management, with the purpose of reviewing review progress and determining the best course of action. The Service Desk representative should attend these meetings and ensure a record of actions/decisions is maintained, ideally as part of the overall Incident record.

Roles
An Incident Manager has the responsibility for:
 * driving the efficiency and effectiveness of the Incident Management process
 * producing management information
 * managing the work of Incident support staff (first-and second-line)
 * monitoring the effectiveness of Incident Management and making recommendations for improvement
 * developing and maintaining the Incident Management systems.

The Incident-handling support staff generally includes:
 * the First-Line support (the Service Desk)
 * the Second-line support (specialist groups that may be part of the Service Desk)

Benefits
For the business:
 * reduced business impact of Incidents, thereby increasing effectiveness
 * the proactive identification of beneficial system enhancements and amendments
 * the availability of business-focused management information related to the SLA.

For the IT:
 * improved monitoring, allowing performance against SLAs to be accurately measured
 * improved management information on aspects of service quality
 * better staff utilisation,
 * elimination of lost or incorrect Incidents and service requests
 * more accurate CMDB information (giving an ongoing audit while registering Incidents)
 * improved User and Customer satisfaction.

Key Performance Indicators
Typical performance indicators for Incident Management include:
 * total numbers of Incidents
 * mean elapsed time to achieve Incident resolution or circumvention, broken down by impact code
 * percentage of Incidents handled within agreed response time (Incident response-time targets may be specified in SLAs, for example, by impact code)
 * average cost per Incident
 * percentage of Incidents closed by the Service Desk without reference to other levels of support
 * Incidents processed per Service Desk workstation
 * number and percentage of Incidents resolved remotely, without the need for a visit.

Relationships with other processes
There should be a close interface between the Incident Management process and the Problem Management and Change Management processes as well as the function of the Service Desk. If not properly controlled, Changes may introduce new Incidents. A way of tracking back is required. It is therefore recommended that the Incident records should be held on the same CMDB as the Problem, Known Error and Change records, or at least linked without the need for re-keying, to improve the interfaces and ease interrogation and reporting.

Incident priorities and escalation procedures need to be agreed as part of the Service Level Management process and documented in the SLAs.

Change Management provides resolution.

Problem Management provides workarounds.