Incident management
Incident management (hereinafter, the Practice) is the practice to minimize the negative impact of incidents by restoring normal service operation as quickly as possible. The Practice relates to incident and service management. This Practice is a part of the ITIL practices.
Contents
Definitions
According to the ITIL Foundation 4e by Axelos,
- Incident management. The practice of minimizing the negative impact of incidents by restoring normal service operation as quickly as possible.
Purpose
An incident is an unplanned interruption to a service, or reduction in the quality of service. The purpose of the incident management practice is to minimize the negative impact of incidents by restoring normal service operation as quickly as possible.
Best practices
All incidents should be logged, prioritized, and resolved while meeting agreed target resolution times. Other best practices include the following.
Design
- To design the incident management practice appropriately for different types of incidents based on different impact. Major incidents include those that affect information security.
Prioritization
- To prioritize incidents based on agreed classification while ensuring that the incidents with highest business impact are resolved first.
Systematization
- To use a robust tool to log and manage incidents. This tool should be used to:
- Link to configuration items, changes, problems, known errors and other knowledge
- Provide incident matching to other incidents, problems or known errors
Escalation
- Incidents may be escalated to a support team for resolution. The routing is typically based on the incident category. Anyone working on an incident should provide quality, timely updates. Incident management requires a high level of collaboration within and between teams.
Swarming
- Main wikipage: Swarming
- Some organizations use a technique called swarming to help manage incidents. This involves many different stakeholders working together initially, until it becomes very clear which of them is best placed to continue and which can move on to other tasks. Collaboration can facilitate information sharing and learning as well as helping to solve the incident more efficiently and effectively.