Incident management

From CNM Wiki
Jump to: navigation, search

Incident management (hereinafter, the Practice) is the practice to minimize the negative impact of incidents by restoring normal service operation as quickly as possible. The Practice relates to incident and service management. This Practice is a part of the ITIL practices.


Definitions

According to the ITIL Foundation 4e by Axelos,

Incident management. The practice of minimizing the negative impact of incidents by restoring normal service operation as quickly as possible.

Purpose

An incident is an unplanned interruption to a service, or reduction in the quality of service. The purpose of the incident management practice is to minimize the negative impact of incidents by restoring normal service operation as quickly as possible.

Best practices

All incidents should be logged, prioritized, and resolved while meeting agreed target resolution times. Other best practices include the following.

Design

To design the incident management practice appropriately for different types of incidents based on different impact. Major incidents include those that affect information security.

Prioritization

To prioritize incidents based on agreed classification while ensuring that the incidents with highest business impact are resolved first.

Systematization

To use a robust tool to log and manage incidents. This tool should be used to:
  • Link to configuration items, changes, problems, known errors and other knowledge
  • Provide incident matching to other incidents, problems or known errors

Escalation

Incidents may be escalated to a support team for resolution. The routing is typically based on the incident category. Anyone working on an incident should provide quality, timely updates. Incident management requires a high level of collaboration within and between teams.

Swarming

Main wikipage: Swarming
Some organizations use a technique called swarming to help manage incidents. This involves many different stakeholders working together initially, until it becomes very clear which of them is best placed to continue and which can move on to other tasks. Collaboration can facilitate information sharing and learning as well as helping to solve the incident more efficiently and effectively.