Incident is defined as any disruption in IT service. Incident can be reported either through the Service Desk or through an interface from event management to incident management tools.
Incident Management deals with handling incident and ensures to restore IT service soon as possible.
Incident Manager is the process owner of this process.
There are always some incidents which are not new. They may happen again over a period of time. Therefore, it is a best practice to have pre-defined model to handle such incidents.
An incident model should include −
Steps that should be taken to handle the incident
Chronological order these steps should be taken in, with any dependences or co-processing defined.
Responsibilities − who should do what
Timescales and thresholds for completion of the actions
Escalation procedures; who should be contacted and when
Any necessary evidence-preservation activities
The following diagram shows several standard steps to be taken when an incident occurs −
All incidents should be fully logged and date/time stamped.
It is important later when looking at incident types/frequencies to establish trends for use in Problem Management.
It deals with severity of an incident − Low, Medium or High.
Service Desk analyst must carry out initial diagnosis while the user is on call and try to discover the full symptoms of the incident and to determine exactly what has gone wrong and how to correct it.
Various aspects of incident escalation are as follows −
When it becomes clear that Service Desk is unable to resolve the incident or target time for Service Desk has been exceeded, the incident must be escalated immediately for further support.
Hierarchic escalation is done when either incident is serious in nature or ‘Investigation and Diagnosis’ is taking too long time.
It includes the following activities −
Understanding what exactly has gone wrong.
Understanding chronological order of the events
Confirming the full impact of the incident
Identifying any events that could have triggered the incident
Searching for previous similar kind of incidents
A potential resolution need to be identified, applied and tested.
Before closing an incident, Service desk should ask the user whether he is satisfied and agree to close the incident.
Service Request refers to demand by the users. These requests can be regarding small changes, changing the password, installing additional software application, requesting information etc.
An incident is unplanned event but Service Request can be planned.
Depending upon the number of Service Requests, an organization usually has, a specialized team that can be formed to fulfil those requests.
For frequently recurring requests, a predefined model can be devised to fulfil the requests.