Beruflich Dokumente
Kultur Dokumente
PROCEDURE
LOGO
MODIFICATION HISTORY
DATE
VER
MM/DD/YY
1.0
DESCRIPTION OF
CHANGES
Baseline
EDITED BY
APPROVED BY
Name
Name
Title
Title
Date
Date
VALUE TO BUSINESS
Increased availability of services
Reduced impact on business operations
Timely resolution of incidents
Higher user and business satisfaction
Reduced unplanned labor costs for both the
business and IT support staff
REFERENCE DOCUMENTS
CMS
OLA
Priority
Second-level
Support
Service Desk
SLA
UC
Urgency
Workaround
Page: 1 / 7
Configuration Item
First-level support handles less
complicated technical incidents
An unplanned interruption or a
reduction in the quality of an IT
service
A measure of the effect of an
incident on business operations,
based on how service levels are
affected
Operational Level Agreement
Used to identify the relative
importance of an incident.
Priority is based on impact and
urgency and is also used to
identify the time required to take
action.
Request for Change
Handles complex and
specialized technical problems
(e.g., network specialists,
application specialists, and
database specialists)
Single point of contact to report
and track incidents
Service Level Agreement
Underpinning Contract
Urgency is a measure of how
long it will be until an incident
has a significant impact on the
business operations
Temporary solution to overcome
a service interruption
TRIGGERS
User contacts service desk and reports a
service disruption
Event management automatically reports a
service disruption or an event exceeding the
defined thresholds
Technical staff notices a potential failure and
reports it to the service desk
Supplier makes a request to raise an incident
ITEM
Impact
RFC
CI
First-level
Support
Incident
CODE: ICM_P1
DESCRIPTION
Configuration Management
System
Confidential
Copyright 2013 by IT Quality Management Solutions (PVT) LTD. All rights reserved. No part of this publication may be reproduced, stored in any
retrieval system, or transmitted in any form or by any means, electronic or otherwise, without written permission.
INCIDENT MANAGEMENT
PROCEDURE
LOGO
PROCESS INPUTS
Incident (occurrence)
SLA
CMS
Known Error Database
Customer Feedback
PROCESS OUTPUTS
Incident Log/Database
Temporary Solution/
Workaround
Request for Change
(RFC)
Problem Record
Resolved Incidents and
Resolution Actions
ROLE
-
RESPONSIBILITIES
Define and maintain
incident management
procedure.
Design incident models and
workflows.
Coordinate and manage
incidents throughout the
incident lifecycle.
Provide training to service
desk agents.
Coordinate with support
personnel at various levels
to find a workaround or
temporary fix.
Monitor the effectiveness
of the incident management
process.
Manage major incidents.
Open problem tickets and
RFCs if required.
Provide periodic
management reports.
Coordinate interfaces
between incident
management and other
Information Technology
Service Management
(ITSM) processes.
Page: 2 / 7
Incident Manager
CODE: ICM_P1
Efficiency
KPI
Mean time to resolve
incidents
Percentage of incidents
resolved by service desk
Percentage of incidents
incorrectly assigned
Percentage of incidents
reopened
Number of major incidents
for each IT service
User satisfaction survey
score
Number of incidents
incorrectly categorized
RISKS
INTERFACES
Service level management: Requires a process
capable of monitoring and resolving incidents
in specified times.
Information security management: Requires
information on security incidents to measure
the effectiveness of security controls.
Capacity management: Requires information
on performance issues and incidents related to
capacity.
Availability
management:
Requires
information on the availability of IT services
and incidents related to availability.
Confidential
Copyright 2013 by IT Quality Management Solutions (PVT) LTD. All rights reserved. No part of this publication may be reproduced, stored in any
retrieval system, or transmitted in any form or by any means, electronic or otherwise, without written permission.
LOGO
INCIDENT MANAGEMENT
PROCEDURE
CODE: ICM_P1
Page: 3 / 7
Confidential
Copyright 2013 by IT Quality Management Solutions (PVT) LTD. All rights reserved. No part of this publication may be reproduced, stored in any
retrieval system, or transmitted in any form or by any means, electronic or otherwise, without written permission.
LOGO
INCIDENT MANAGEMENT
PROCEDURE
PROCEDURE FLOWCHART
PROCEDURE DESCRIPTION
Detect, Filter, Record, & Categorize
Detect & Filter
CODE: ICM_P1
Page: 4 / 7
Record
4. Incidents should be recorded in a single central
database or file, regardless of how they are
received.
5. Incidents should be given a unique reference
number and the following details should be
recorded against each incident:
a.) Unique reference number
b.) Date and time
c.) Description of symptom
d.) Category
e.) Urgency
f.) Impact
g.) Priority
Confidential
Copyright 2013 by IT Quality Management Solutions (PVT) LTD. All rights reserved. No part of this publication may be reproduced, stored in any
retrieval system, or transmitted in any form or by any means, electronic or otherwise, without written permission.
LOGO
CODE: ICM_P1
INCIDENT MANAGEMENT
PROCEDURE
Page: 5 / 7
Categorize
6. Incident manager should ensure that incidents
are properly categorized.
GUIDANCE & TIPS: Part of the initial recording
is to categorize the incidents so that the exact type
of incident is recorded.
7. Incident categorization guidelines should be
clearly defined and communicated to service
desk agents.
GUIDANCE & TIPS: If the user is able to record
incidents directly in the system, the users must be
trained to record and categorize incidents.
8. Incidents should be categorized according to:
Incident type (standard incident, major
incident, RFC, standard change)
Category (hardware, software)
Sub-category (email, MS office)
Service (email, office automation)
Urgency and impact
Priority (high, medium, low)
Prioritize
9. Incident manager or service desk agent should
prioritize incidents based on urgency and
impact.
Urgency/Imp
act
High
Medium
Low
High
Medium
Low
Priority Code
Type
SLA
Major
1 hr
Critical
4 hr
High
8 hr
Medium
24 hr
Low
48 hr
Confidential
Copyright 2013 by IT Quality Management Solutions (PVT) LTD. All rights reserved. No part of this publication may be reproduced, stored in any
retrieval system, or transmitted in any form or by any means, electronic or otherwise, without written permission.
LOGO
INCIDENT MANAGEMENT
PROCEDURE
CODE: ICM_P1
Page: 6 / 7
Escalation
Functional Escalation
16. If a service desk agent is unable to resolve the
incident, it should be escalated (transferred) to
the first line support.
GUIDANCE & TIPS: Incident ownership remains
with the incident manager/service desk regardless
of where an incident is referred to during its life.
17. If it is obvious that the first line support would
be unable to resolve the incident, the incident
should be transferred/escalated directly to the
second line (technical or application support).
18. If the first line support is unable to resolve the
incident, it should be transferred to the second
level support for investigation and diagnosis.
GUIDANCE & TIPS: An incident may be
escalated to different levels of technical support
groups until the solution is found. The different
levels may be within the organization or
outsourced to suppliers. The escalation and
handling of each incident must be defined in an
Operational Level Agreement (OLA) and
Underpinning Contract (UC) with internal and
external groups.
19. Incident manager should track progress and
keep users informed during the incident
resolution process.
20. Incident manager should also ensure that the
incident record is updated with the full incident
history.
Hierarchic Escalation
21. If the incidents are serious in nature, the
Incident manager must notify the appropriate
IT and business managers.
22. Incident manager should also notify the
appropriate IT managers if the investigation
and diagnosis steps are taking too long or
proving too difficult.
Confidential
Copyright 2013 by IT Quality Management Solutions (PVT) LTD. All rights reserved. No part of this publication may be reproduced, stored in any
retrieval system, or transmitted in any form or by any means, electronic or otherwise, without written permission.
LOGO
INCIDENT MANAGEMENT
PROCEDURE
CODE: ICM_P1
Page: 7 / 7
Reopening Incidents
36. If the incident recurs within a specified short
period, the incident should be reopened and its
status updated.
GUIDANCE & TIPS: Predefined rules should be
established regarding if and when an incident can
be reopened. If an incident does not recur within
the specified period, a new incident should be
raised.
Monitor, Measure, & Report
37. Incident manager should monitor, measure,
and improve the incident lifecycle.
38. The incident resolution rate should be
compared with a defined SLA target.
39. Incidents not resolved within the specified
SLA target should be analyzed and reported to
senior management.
Major Incident Guidelines
40. Incident manager should clearly define a major
incident.
GUIDANCE & TIPS: Incident definition can be
based on financial impact, reputational impact,
Confidential
Copyright 2013 by IT Quality Management Solutions (PVT) LTD. All rights reserved. No part of this publication may be reproduced, stored in any
retrieval system, or transmitted in any form or by any means, electronic or otherwise, without written permission.