IT Incident Management

What is an incident?

An incident in the context of IT is an event that takes place that isn’t part of normal operations that disrupts a user’s activities or a business process. An incident begins when normal operations are disrupted and continues until normal operations are restored. Incidents are technology events that disrupt business activities and typically require some sort of intervention to resolve. An incident may involve the failure of a technology component or feature; it may be an issue with the integrations between components; or it may be the failure of workflows that are configured to run on a system. Some examples of incidents include:

Software Incident Examples

• Service not available - This is a common incident with Software as a Service (SaaS) when a user tries to access a service and is either not able to connect or receives an error that the service is unavailable

• Data issue - The purpose of most software is to record, store, update and present data. Data issues are frequently software issues.Form customization - Customize incident form template to capture the right information in order to improve First Call Resolution(FCR) and assign the ticket to right agent.

• Application bug- Software bugs and defects impact users from performing normal tasks and are treated as incidents when they occur

• Report not formatting properly - With data playing a critical role in decision making, failure in reporting capabilities can cause significant business disruption.

• Application causing operating system to hang - Software compatibility, application bugs and environmental issues can cause disruptions in the use of a single piece of software or an entire system.

Hardware Incidents

• System-down - Server issues, component failures and issues with infrastructure such as power and cooling can disrupt the availability and performance of hardware components

• Unable to connect to resource- Network issues may prevent users from accessing centralized resources such as servers and software services.

• Capacity & resource utilization alerts - Software bugs and defects impact users from performing normal tasks and are treated as incidents when they occur

• Report not formatting properly - With data playing a critical role in decision making, failure in reporting capabilities can cause significant business disruption.

• Printer not printing - For many businesses, printers form an essential link between digital capabilities and operational processes. Disruption in printing capabilities can cause entire production processes to be interrupted.

Not all incidents are equal in importance, impact and urgency. Some incidents represent full work stoppages while others are only an inconvenience that can be easily navigated around. An incident may impact a single person (or no people at all), a team, a location or an entire organization. Depending on the time of day and degree of impact and the criticality of the business operations being impacted, incidents will require different levels of urgency and attention. Most companies utilize formalized Service Level Agreements (SLAs) to bring objective structure to the assessment of impact and urgency and to assign incident priority and criticality scores that are used to ensure resources are focused on addressing the most pressing incidents first.

What is the difference between an incident and a request?

Helpdesks and IT service desks often address more user issues than just incidents. One of the more common issues they handle are user requests. While an incident is a disruption of normal processing (something is broken), a request is simply an activity that requires assistance to complete (something that needs to be done). Examples of requests might be setting up systems for a new employee, granting access to data, or performing an update to system software. While incidents and requests often follow similar processes and may leverage the same tools for tracking, requests do not represent a failure and disruption – they are a part of normal business processing.

What is a Major Incident and how is it different?

There is a special classification of incidents for crisis situations called Major Incidents that represent widespread disruption to business operations, a critical security risk or inability for the company to deliver on expectations to customers. Major incidents often include increased management involvement to assess impacts and coordinate communication, enhanced incident manager involvement as well as more formalized decision-making structures. Major incidents are highly time-sensitive and could include engaging resources outside of normal business hours to assist in diagnosis and resolution of the issue.

What is the difference between incident management and problem management?

The terms incident and problem are frequently used interchangeably, however there is an important distinction to be made between them. Incident management is concerned with addressing the symptoms and impact of an issue while problem management is concerned with addressing the cause and potential for recurrence of the issue.

The timeline of an incident starts when normal operations are disrupted and ends when service is restored, and normal operations resume. The timeline of a problem starts when the underlying issue was introduced into the environment (often a change in configuration, release, or change in usage) and ends when the underlying issue is removed (which may not be until a future release). Problem management includes activities like root cause analysis, risk assessment and the prioritization and selection of a long-term fix solution.

Incident management standards

There are two main industry standards that companies use to guide their incident management processes. Because incident management is so common and performed by almost every IT organization with very little need for customization, standards play a helpful role in instructing organizations on what needs to be done and how to manage the incident management process.

The IT Infrastructure Library (ITIL) is the most commonly cited incident management reference used to design operational processes used within companies. As part of the overall IT Service Operations process area, ITIL devotes considerable attention to the processes surrounding incident management including interfaces with other processes such as change management, problem management and request management.

ISO 20000-1 defines the international standard definitions for incident management. The ISO standard is used less frequently for operational design and more often for establishing contractual relationships and defining standards of performance for service provider organizations.