Professional Documents
Culture Documents
History
Ver # Date
0.1
10-1216
Author
NSS
Reviewed
by
Approved
by
Changes made /
Remarks
Initial draft
Contents:
1
Introduction............................................................................................................. 4
1.1
Objectives......................................................................................................... 4
1.2
Purpose............................................................................................................. 4
1.3
Goal:.................................................................................................................. 4
1.4
1.4.1
Exclusions................................................................................................... 5
1.4.2
1.4.3
Metrics........................................................................................................ 5
1.5
Impact............................................................................................................... 6
1.6
Priority............................................................................................................... 6
1.7
Response........................................................................................................... 6
1.8
Resolution.......................................................................................................... 6
1.9
Service Agreement............................................................................................ 6
3.1
3.2
3.3
3.4
3.5
3.6
User................................................................................................................. 16
Categorization................................................................................................. 18
4.2
Priority Determination..................................................................................... 18
4.3
Target Times.................................................................................................... 20
6.2
7
Activity Descriptions........................................................................................ 29
7.2
Incident Management Verify, Document & Close Process Flow -- (Activity 3.0).....37
8.1
Activity Descriptions........................................................................................ 38
8.2
8.3
8.3.1
8.3.2
Metrics...................................................................................................... 45
8.3.3
Meetings................................................................................................... 45
1 Introduction
An incident is defined as, an unplanned interruption to an IT Service or reduction in
the quality of an IT service. This includes any events that disrupts or could disrupt a
service.
The goal of the incident management process is to restore a normal service operation
as quickly as possible and to minimize the impact on business operations, thus
ensuring that the best possible levels of service quality and availability are
maintained. 'Normal service operation' is defined here as service operation within
service-level agreement (SLA).
1.1 Objectives
Incident Management is the process responsible for managing the lifecycle of all
Incidents irrespective of their origination.
1.2 Purpose
The purpose of this document is to describe the incident process. The process
provides a consistent method to be followed for incident management across the
enterprise. It includes Incident Management goals, objectives, scope, benefits, key
terms, roles, responsibilities, authority, process diagrams and associated activity
descriptions.
The content within this general overview is based on the best practices of the ITIL
framework.
1.3 Goal:
The goals for the Incident Management process are to:
I
Restore normal service operation as quickly as possible
Minimize the adverse impact on business operations
Ensure that agreed levels of service quality are maintained
Identify MIM
The Incident Management Process, encompasses all IT service providers, internal and
third parties, reporting, recording or working on an Incident.
All Incident Management activities should be implemented in full, operated as
implemented, measured and improved as necessary.
1.4.1 Exclusions
Request fulfillment, i.e., Service Requests and Service Catalog Requests are not
handled by this process.
Root cause analysis of original cause of incident is not handled by this process. Refer
to Problem Management. The need for restoration of normal service supersedes the
need to find the root cause of the incident. The process is considered complete once
normal service is restored.
From
Customer
Categorization Tables
Functional Groups
Assignment Rules
Functional Groups
Output
To
Customer.
1.4.3 Metrics
Metric
Purpose
1.5 Impact
Impact is determined by how many personnel or functions are affected. There are
three grades of impact:
3 - Low One or two personnel. Service is degraded but still operating within
SLA specifications
2 - Medium Multiple personnel in one physical location. Service is degraded
and still functional but not operating within SLA specifications. It appears the
The impact of an incident will be used in determining the priority for resolution.
1.6 Priority
Priority is determined by utilizing a combination of the incidents impact and severity.
For a full explanation of the determination of priority refer to the paragraph titled
Priority Determination.
1.7 Response
Time elapsed between the time the incident is reported and the time it is assigned to
an individual for resolution.
1.8 Resolution
Service is restored to a point where the customer can perform their job. In some
cases, this may only be a work around solution until the root cause of the incident is
identified and corrected.
1.12 Severity
Severity is determined by how much the user is restricted from performing their work.
There are three grades of severity:
Low - Issue prevents the user from performing a portion of their duties.
Medium - Issue prevents the user from performing critical time sensitive
functions
1 - High - Service or major portion of a service is unavailable
The severity of an incident will be used in determining the priority for resolution.
Definition
A category used to identify the relative importance of an Incident,
Problem or Change. Priority is based on impact and urgency and is used
to identify required times for actions to be taken. For example, the SLA
may state that Priority 2 Incidents must be resolved within 12 hours.
Priority 1
Incident
Problem
Quality
Incidents.
The cause of one or more incidents.
Optional departmental process for ensuring a desired level of customer
Assuranc
e (QA)
RACI
Matrix
Consulted and Informed for each activity that is part of the Incident
Role
Management process.
A set of responsibilities, activities and authorities granted to a person or
team. A role is defined in a process. One person or team may have
multiple roles; for example, the roles of Configuration Manager and
Service
Desk
Severity
Service
Desk
Service
Provider
Group
User
Profile
Responsibi
lities
Process Owner.
Assist with and ultimately be responsible for the process
design
Define appropriate policies and standards to be employed
throughout the process
Define and review Key Performance Indicators to evaluate
the effectiveness and efficiency of the process and design
reporting specifications
Ensure that quality reports are produced, distributed and
utilized
Periodically audit the process to ensure compliance to policy
and standards
Address any issues with the running of the process
Review opportunities for process enhancements and for
improving the efficiency and effectiveness of the process
Ensure that all relevant staff have the required technical and
business understanding, knowledge and training in the
process and are aware of their role in the process
Ensure that the process, roles, responsibilities and
documentation are regularly reviewed and audited
Interface with the line management, ensuring that the
process receives the needed staff resources
Provide input to the on-going Service Improvement Program
Communicate process information or changes, as
appropriate, to ensure awareness
Review integration issues between the various processes
Integrate the process into the line organization
Promote the Service Management vision to top-level/senior
management
Function as a point of escalation when required
Ensure that there is optimal fit between people, process and
technology/tool
Ensure that the Incident Management process is Fit for
Purpose
Attend top-level management meetings to assess and
represent the Incident Management Requirements and
provide Management Information
Profile
Service Desk Technicians are the line staff who are the
subject matter experts for assessing, planning and
monitoring Incident Management for their functional
Responsibi
lities
Profile
Responsibi
lities
Incident Managers are the line staff who are responsible for the
planning and monitoring of the Incident Management process and
associated records. They function as contact people between the
different departments for a specific process and may be responsible
for the design of processes within their own departments.
In general, the Service Provider Group Incident Manager:
May be a department lead or a person identified as an Incident
Manager for a length of time.
Understands how the specific technology fits in with the overall IT
service and Service Lifecycle
Must be an effective communicator. Is a member of a department
who is able to combine daily departmental activities with the
Responsibil
ities
coordination role
Managing ownership of Incident records while providing monitoring
and tracking of Incidents for their department
Validates, accepts and assigns Incident records to Service Provider
Group Incident Technicians
Closing all assigned and resolved Incidents
Determine whether an Incident record requires special reporting
Understand the process, procedures, work instructions, policies,
required documentation and tools
Use the process, procedures, work instructions, policies, required
documentation and tools as designed
Produce usage and performance data for his or her specific
Profile
Responsibilit
ies
3.6 User
Profile
Responsibil
ities
4.1 Categorization
The goals of proper categorization are:
Incident Priority
Severity
3 - Low
2 - Medium
1 - High
Issue prevents
Issue prevents
Service or
major
performing a
performing
portion of a
portion of their
critical time
service is
duties.
sensitive
unavailable
functions
Low 3 -
Impact
One or two
1 - High
Medium 2 -
personnel
3 - Low
3 - Low
2 - Medium
2 - Medium
2 - Medium
1 - High
1 - High
1 - High
1 - High
Multiple personnel
in one physical
location
All users of a
specific service
Personnel from
multiple agencies
are affected
Target
Response
Resolve
3 - Low
90% - 24 hours
90% - 7 days*
2 - Medium
90% - 2 hours
90% - 4 hours
1 - High
95% - 15 minutes
90% - 2 hours
Description
1.0
Incident
Management
Service Desk
2.0 Incident
Management
Service
Provider Group
3.0 Incident
This process is used by both Service Desk and Service Provider
Management
Verify,
consistently.
Document &
Outputs
Metric
Incident record
Total number of incidents reported
Number of incidents by category
Number of incidents by priority
1.2
Purpose
Requirement Statement To
university
resolve incident at initial point of contact
Inputs
Procedure or Work
Instruction
Steps
Outputs
Metric
D.1.3
Purpose
Decision Logic
resources.
Yes
Go to 1.4 Relate to existing record
No Go to D.1.6 Resolved at Service Desk?
1.4
Purpose
based
on notification
method
step 1.1record.
Requirement Statement notified
All duplicate
incidents
will be relate
toin
a parent
Related
service requests should be combined together to
Inputs
Procedure or Work
Instruction
Steps
minimize
the number of incidents being worked on.
Incident record
Relate new incident to open incident using ITSM tool
referencing ERD managed by Incident Manager
If relationship error is made (not related appropriately
or mis-assigned) first line support will break relation
and modify parent/child relationships
Outputs
Metric
1.5
Update Priority
Purpose
Outputs
Metric
D.1.6
Purpose
Decision Logic
1.7
Purpose
Incident record
Procedure or Work
Instruction
Steps
Outputs
Metric
in
supportincident
of specific
services
Updated
record
Number of incidents escalated
Number of incidents resolved at Service Desk
D.1.8
Purpose
Decision Logic
1.9
Purpose
Procedure or Work
Instruction
Steps
incident record
Service Desk technician makes Service Provider
Group Incident Manager (or designee) aware of the
high priority incident
Service Desk technician passes along incident details
Updated incident record
Outputs
Metric
IM Process
Service
Service
Owner/Mana Desk
Provider
ger
Technician Group
Incident
1.1
Log, categorize and
prioritize incident
1.2
Troubleshoot using
knowledge base
D.1.1
Related to open
incident?
1.3
Relate to existing
record
1.4
Update priority
D.1.2
Resolved at Service
Desk?
1.5
Escalate to Service
Provider Group
D.1.3
Is this a high
priority?
Service
User
Provider
Group
Technician
C
1.6
Confirm receipt
with Incident
Manager
Requirement
incident
and acknowledged
team of the
When validating
Incidents, itby
is assignment
the responsibility
Statement
Incident
Coordinator to determine if the ticket is assigned,
Inputs
Procedure or Work
Instruction
Steps
Outputs
Metric
Update Incident
Updated
IncidentRecord
Record
Number of records incorrectly assigned Incidents
Number of tickets by priority
Time to assignment
2.2
Purpose
Departmental
requirement
Incident Record
Determine whether the priority of this ticket requires
Instruction
Outputs
Updated
reportingIncident Record
Metric
2.3
Purpose
Incident Record
Procedure or Work
Instruction Steps
Outputs
2.4
Purpose
them
that
request
is being worked
Requirement Statement informing
All incidents
must
betheir
assessed
to determine
steps on
to
resolution
and the user of the related record will be contacted
Inputs
Procedure or Work
notifying
them that work has begun
Incident Record
Technician will make initial contact with the user to
Instruction
Steps
Outputs
2.5
Purpose
troubleshooting
Requirement Statement Departmental knowledge bases assist technicians
with
Inputs
Procedure or Work
Incident Record
Technician will check the knowledgebase to see if
Instruction
there is
Steps
Outputs
Technician
will begin
troubleshooting
Updated Incident
Record
2.6
Purpose
Incident Record
Incident Technician begins initial work required to
Instruction
resolve
Steps
the incident
If resolution requires assistance from a vendor or the
acquisition and/or replacement of hardware:
o Set incident record status accordingly
o Annotate record with case, ticket, order or RMA
Outputs
D.2.7
Purpose
number
Updated Incident Record
Decision Logic
2.8
Purpose
Change
Processrecord
Documentation.
Yes
GoManagement
to 2.8 Open related
Requirement Statement an
If aIncident
Change is required to resolve an Incident, a
related Change
Inputs
Procedure or Work
Instruction
prioritized appropriately
Steps
Outputs
Metric
new/related
record.
Updated Incident
Record and Change Record
Number of Incidents that require a Change to
resolve
D.2.9
Purpose
Decision Logic
2.10
Purpose
Incident Record
Open a new/related Incident record classified and
Instruction
prioritized appropriately
Steps
Outputs
2.11
Purpose
new/related
Incident
record.
Updated Incident
Record
Incident Record
Ensure all related record have been closed and are
Instruction
Outputs
validated
Updated Incident Record
2.12
Purpose
Incident resolution
Requirement Statement All Incidents must be resolved
Inputs
Incident Record
Procedure or Work
Incident Technician completes all work required to
Instruction
finalize resolution
Outputs
2.1 Incident
Manager
Validates
&
2.2
Departmental
Reporting Per
Priority
2.3 Incident
Manager
IM Process
Owner/Man
ager
Service
Desk
Technici
an
Service
Provider
Group
Technician
Service
Provider
Group
Incident
Coordinato
R
C/I
2.4 Assessment
and
Initial Contact
2.5 Use Existing
Knowledge base,
Begin
2.6 Begin
Incident
Resolution
D.2.7 Incident
Require a
Change to
Resolve?
2.8 Open Related
Record
2.9 Assign
Appropriate
Priority to the
D.2.10 Is interdepartmental
work required?
2.11 Open
Related
Record
2.12 Validate
related
work
2.13 Complete
Incident
Resolution
C/I
C/I
Us
er
C/I
C/I
Incident
(specifically the resolution)
user wasrecord
experiencing.
Tech verifies fix applied resolves issue from techs
Instruction
end;
Steps
Outputs
Metric
3.2
Purpose
Instruction
validate
Steps
Outputs
Metric
3.3
Purpose
record
be routed
through the Tier2 process
Lengthmust
of time
to closure
Update Knowledge Base and Incident Record
Update the knowledge base accessed by your
department or by
whichever applies.
Requirement Statement ,Sharing
knowledge of incidents occurring throughout
campus is a
helpful tool when detecting root causes. Whether a
departmental knowledge base or one knowledge
Inputs
Procedure or Work
base
of , the knowledge base must be updated
Stepsfor
to all
resolution
Update Incident Record with actions taken for 3.1
Instruction
and
Steps
Outputs
D.3.4
Purpose
Decision Logic
Assurance
the
departmental
level. Incident
Yes Go to at
3.5
Tech
proposes closing
No Go to 3.11 Tech closes Incident record
3.5
Purpose
Outputs
Metric
Incident Incident
ManagerRecord
Updated
Number of additional Quality Assurance reviews by
department.
3.6
Purpose
appropriate
context is provided in the incident
Incident Record
Verify the record contains acceptable outputs for
activity 3.5.
Here are some examples of Quality Assurance
questions:
What were the steps completed to resolve the
Incident?
Outputs
Metric
D.3.7
Purpose
Decision Logic
Assurance Check.
Yes Go to 3.10 Incident Manager closes Incident
No Go to 3.8 Reassign record to tech
3.8
Purpose
Metric
3.9
Purpose
Requirement Statement In
Issues
order to pass a Quality Assurance check, the
technician ensures
Inputs
Incident Record
Procedure or Work
Instruction Steps
Outputs
3.10
Purpose
Incident Record
Incident Manager changes the status of the record
to closed.
Outputs
3.11
Purpose
3.12
Purpose
Incident Record
Technician changes the status of the record to
closed
Closed Incident Record
ITSM must
tool be notified when their Incident Record
Requirement Statement the
All users
has been
Inputs
Procedure or Work
Instruction
preference
Steps
Outputs
notified
and will follow
up with the User via
User Notification
of closure
Activity
IM Process
Service
Service
Owner/Mana Desk
Provider
ger
Technician Group
Incident
Manager
Service
Provider
Group
User
Technician
3.5 Technician
Proposes
Closing Incident
3.6 Incident
Manager
Verifies Optional QA
Questions
D.3.7 Passes QA
Check?
3.8 Reassign Record
to
Technician
3.9 Tech Resolves
QA
Issue
3.10 Incident
Coordinator Closes
Incident
3.11 Technician
Closes
Incident Record
R
R
8.3.2 Metrics
Metrics reports should generally be produced monthly with quarterly summaries.
Metrics to be reported are:
8.3.3 Meetings
The Quality Assurance Manager will conduct sessions with each service provider
group to review performance reports. The goal of the sessions is to identify: