This page is currently queued for revision.
#
Incident Management*
#
Acronyms, Abbreviations, and Initialisms
#
Glossary
According to the ITIL framework, an event is defined as a change of state that has significance for the management of an IT service or other CI. This could be any unscheduled adverse impact to the operating environment.
Events are anything that occur in the IT framework. As a result, the term can also be used to mean an alert or notification created by an IT service, CI, or monitoring tool.
Events often require IT operations staff to take actions and lead to incidents being logged.
Not all events are incidents, but all incidents are events.
An event is distinguished form a disaster by the duration of impact. We consider events impact to last 3 days or less.
According to the ITIL framework, an incident is defined as an unplanned interruption to an IT service or a reduction in the quality of an IT service.
Essentially, incidents are unscheduled events.
Not all events are incidents, but all incidents are events.
#
Overview
Incident management deals with minimizing the impact to the business.
Incident management describes the activities of an organization to identify, analyze, and correct hazards to prevent a future reoccurrence. Incident management is typically involved in an initial attack and resolution of the attack. Identifying the root cause of the attack and deploying a fix to a known error is part of problem management.
Within a structured organization, an IRT or IMT typically addresses these types of incidents.
Incident management should be focused on the identification, classification, investigation, and resolution of an incident, with the ultimate goal of returning the effected systems to normal as soon as possible.
#
Purpose
- Restore normal service operation as quickly as possible
- Minimize the adverse impact on business operations
- Ensure service quality and availability are maintained
#
Objectives
- Ensure standardized methods and procedures are used for efficient and prompt response, analysis, documentation of ongoing management, and reporting of incidents
- Increase visibility and communication of incidents to business and IT support staff
- Enhance business perception of IT by using a professional approach in quickly resolving and communicating incidents when they occur
- Align incident management activities with those of the business
- Maintain user satisfaction
#
Plan
- Definitions of an incident by service type or offering
- Customer and provider roles and responsibilities for an incident
- Incident management process from detection to resolution
- Response requirements
- Media coordination
- Legal and regulatory requirements such as data breach notification
#
Incident Prioritization
Incident prioritization is made up of the following items (displayed in a matrix of 1-5 where 1 is highest and 5 is lowest).
#
Impact
Effect on the business
#
Urgency
Extent to which the resolution can be delayed
#
Priority
Urgency * Impact
#
Process
- Incident Occurs
- Incident is Reported
- Incident is Classified
- Investigate and Collect Data
- Resolution
- Approvals
- Implement Changes
- Review
- Reports