Process: A65 - Incident Management
Incident Management provides rapid response to possible service disruptions. To get more information, select Description (introduction and list of tool mentors), Work Breakdown Structure (workflow diagram and table), Team Allocation (table of roles), or Work Product Usage (table of work products).
DescriptionWorkflowRolesWork Products
Purpose

The purpose of the Incident Management process is to focus on the restoration of a service affected by any real or potential interruption which has impact upon the quality of that service.

See the definition of incident.  

Relationships
Context
Description

Read the Incident Management Key Concepts.

Important links

Outcomes

As a result of the successful implementation of the Incident Management Process:

  • Following interruptions, IT service is rapidly restored
  • IT service availability is sustained at a high level
  • Workarounds to resolve similar service interruptions are created
  • Potential improvements to services may be identified

'Normal service operation' is defined here as working within agreed service level targets.

Scope

The management of the lifecycle of incidents (including reception, logging, acknowledgement, classification, response, tracking and reporting) for all components involved in the provision of IT service.

Includes

  • Incidents reported by users or discovered within the IT organization by automation or people
  • Handling (automatically or with human assistance) of system events that have been identified as incidents by the Event Management process
  • Creation of workarounds
    • Whilst service restoration has the highest priority, consideration has to be made of the risk that a workaround could exacerbate the original incident. For example, certain virus infections might spread beyond their initial scope if a simple service restoration is put into effect
  • Implementation of workarounds (with Change Management, where required by the change policy)
  • Participation within the procedures (typically involving several processes working in conjunction) defined for handling 'major incidents'

Excludes

  • Monitoring (Service Execution, Data Management)
  • Responding to business-as-usual perturbations in the running of services (Event Management)
  • Service requests (Request Fulfillment)
  • IT Resilience – ensuring the continued readiness and integrity of the IT services (Resilience category processes)

Key performance indicators

  • Number of incidents opened, closed, and pending (by severity level)
  • The elapsed time and direct costs
    • In this process domain
    • In each process step and between steps
  • Percent of incidents closed with automated responses against manual responses
  • Percent of incidents closed using existing documentation (known errors)
  • Service and infrastructure availability and unavailability
  • Value of service and infrastructure availability and unavailability

Relation to other processes

  • An incident can be raised by many processes. 
  • While responding to an incident, it is possible that a change request might be created, which would be handled by Change Management. In addition, an incident may be raised during the processing of a change request. 
  • When a fault is detected by Event Management, an incident may be raised and submitted to Incident Management.  Once the incident is resolved, the incident record is closed and Event Management is notified. 
  • Problem Management looks at groups of related incidents to determine if there is a root cause to those related incidents.  During incident closure problems may be raised where there is an underlying or ongoing problem needing Root Cause Analysis and problem resolution.
  • Request Fulfillment is the user-facing process for the Service Desk. When a request is recognized as an incident, it is routed to Incident Management.
  • Incident Management provides CI information to Configuration Management and vice versa. Incident Incident Management typically uses information from Configuration Management to identify and resolve incidents.
  • The resolution of incidents is important to the management of service levels in Service Level Management.
  • The resolution of incidents may involve the implementation of changes using Change Management.  

For more information

For more information, see Incident Management in the ITIL® documentation.

Properties
Event DrivenYes
Multiple Occurrences
OngoingYes
Optional
Planned
RepeatableYes
Usage
Usage Notes
  • All activities performed during an incident’s lifecycle and relevant incident details are documented in the incident record to ensure a complete historical record is maintained at all times.
  • Where possible incident lifecycle tasks are performed in parallel to reduce the time taken to manage an incident.
  • An incident may be escalated (functionally and/or hierarchically) at any point during the incident lifecycle (based on standard policy).
  • Within this process the Requestor role can be fulfilled by a user or a user proxy (i.e.. a person, process or tool) acting on behalf of the user.
More Information
Concepts

©Copyright IBM Corp. 2005, 2008. All Rights Reserved.