Incident Management Best Practices

Incidents are unplanned interruptions to an IT service or a reduction in the quality of an IT service. Incident management is the process that the IT organization takes to record and resolve incidents. The team that predominantly takes care of incident management is the service desk team (also known as the L1 team). They take most of the brunt from unhappy users. Here are a few incident management  and incident response best practices that we have come up with, after talking to a number of experts in the industry.

Remember, no one thanks IT when things work well but when things break, all hell breaks loose and the service desk team comes in the line of fire.


This is the genesis of every incident record. Capturing incident records in an ad-hoc manner is part of every service desk persona, but it goes a long way in sticking to processes. Insist on incident records coming in through the right channels. Which isn’t always possible, so being empathetic to the user will be of great help.

People love choices – having various channels increase the chances of you getting all the data you need to make informed decisions, both for that particular incident, and also for the long run as more structured data translates to meaningful reports.

Having a well designed self-service portal is key to incident logging. It gives users a one-stop shop for raising new tickets, keeping track of their older tickets, as well as browsing through the knowledge base.

With the enterprise moving towards mobile, it would be a good idea to give your users a mobile app that they can use to accomplish the above.

Proliferation of robust, but affordable cloud services allow you to link services. Automate creation of tickets from cloud assets in your service desk tool by integrating your service desk to cloud services like PagerDuty, Amazon CloudWatch, etc.

Classify, Categorize and Prioritize

This is a crucial step any successful incident management process as this defines the SLAs. The importance of data from incoming incident records has already been established. Meaningful data to work with in this stage should be:

Data like timestamp, name of person raising the ticket, unique ID assigned to the record are all expected to be recorded by default.

Automate where possible

Do it once, do it twice, automate.

Plenty of important workflows can be automated in incident management. Some of them are:

  • Assignment of incidents to the service desk team

Most commonly referred to as “round robin scheduling” in computing parlance, this automation technique ensures that every service desk agent gets an even share of work. This saves a lot of time as an agent is automatically assigned to a ticket as soon as the incident is logged in the system.

Sysadman Incident Management

Source: The Sysadman Diaries

  • Escalation

The reason why incident management exists in the first place is to quickly restore things to normal, with a quick solution that can also act as a workaround. The service desk team should not be discouraged to escalate, but rather look to restoring services at the earliest. If escalation helps, so be it.

Learn how INCAE business school streamlined service management across teams, improved incident management process through innovative strategies, and enhanced their employee experience.

  • Communication

Communication is key in incident management. It is important to keep all stakeholders informed on a continuous basis throughout the lifecycle of the incident. There is a lot of scope to automate things here, and save you tons of time that can be utilized for problem solving. Some examples are sending a receipt of acknowledgement to the person who raised the ticket and triggering a note to the person when the incident record is escalated in the chain of command.


There is no such thing as over-communication

While managing incidents, communication is crucial especially among the management, executives, and recovery teams. But more often than not, teams forget to keep the requester in loop. Which basically means the IT team leads the user into thinking their issue is being tended to, while in fact, other problems might have hindered the same. It’s imperative that you acknowledge the fact that the users you’re helping are people too. Under-promise and over-deliver – one of the best ways to ensure customer satisfaction. Customer happiness is always underrated.

ITSM delivery is all about helping people and that’s why it’s important to keep the human touch intact. Click To Tweet

ITIL is your friend, but not your best friend

Despite scores of articles being written about this, and a lot of buzz happening in the conference circles, many organizations and people still think ITIL is the silver bullet that is bound to solve world’s problems. Though we’d love for this to be true, it is not unfortunately.

ITIL is a set of best practices that one can use to build their processes on. You can take what you like, and choose not to if you think it doesn’t make sense for the business.

Having said that, the ITIL defined processes are pretty robust for organizations of any size. Get your basics right, and invest in the right kind of training. Also, do remember that there are other IT frameworks too that help you do the same.

Have fun

Remember, no one thanks IT for things that work well, but when things break, the L1 team faces the brunt of it. Much of the service desk team work is all about communicating to customers, keeping them informed and happy. This sometimes leads to undesirable factors in work life – all credits go to demotivation, monotony and a thankless feeling. Hence, it is very crucial to remember to have fun while at it.

One way to do so is by gamifying the service desk. An example of how one can apply gamification concepts in incident management would be to reward points for quick resolution of incidents, resolution of incidents within the agreed SLA, and even bonus points for resolved incidents that result in happy customers through customer satisfaction surveys.

You think we have missed out on any of the major incident management best practices? Let us know! You should also check out our Ultimate Guide to ITSM Best Practices