# Incident Management*

# Acronyms, Abbreviations, and Initialisms

Short Form Full Form
IMT Incident Management Team
IRT Incident Response Team

# Glossary

According to the ITIL framework, an event is defined as a change of state that has significance for the management of an IT service or other CI. This could be any unscheduled adverse impact to the operating environment.

Events are anything that occur in the IT framework. As a result, the term can also be used to mean an alert or notification created by an IT service, CI, or monitoring tool.

Events often require IT operations staff to take actions and lead to incidents being logged.

According to the ITIL framework, an incident is defined as an unplanned interruption to an IT service or a reduction in the quality of an IT service.

Essentially, incidents are unscheduled events.

# Overview

Incident management deals with minimizing the impact to the business.

Incident management describes the activities of an organization to identify, analyze, and correct hazards to prevent a future reoccurrence. Incident management is typically involved in an initial attack and resolution of the attack. Identifying the root cause of the attack and deploying a fix to a known error is part of problem management.

Within a structured organization, an IRT or IMT typically addresses these types of incidents.

# Purpose

  • Restore normal service operation as quickly as possible
  • Minimize the adverse impact on business operations
  • Ensure service quality and availability are maintained

# Objectives

  • Ensure standardized methods and procedures are used for efficient and prompt response, analysis, documentation of ongoing management, and reporting of incidents
  • Increase visibility and communication of incidents to business and IT support staff
  • Enhance business perception of IT by using a professional approach in quickly resolving and communicating incidents when they occur
  • Align incident management activities with those of the business
  • Maintain user satisfaction

# Plan

  • Definitions of an incident by service type or offering
  • Customer and provider roles and responsibilities for an incident
  • Incident management process from detection to resolution
  • Response requirements
  • Media coordination
  • Legal and regulatory requirements such as data breach notification

# Incident Prioritization

Incident prioritization is made up of the following items (displayed in a matrix of 1-5 where 1 is highest and 5 is lowest).

# Impact

Effect on the business

# Urgency

Extent to which the resolution can be delayed

# Priority

Urgency * Impact

# Process

  1. Incident Occurs
  2. Incident is Reported
  3. Incident is Classified
  4. Investigate and Collect Data
  5. Resolution
  6. Approvals
  7. Implement Changes
  8. Review
  9. Reports