Incident Management
Incident Logging and Classification
Logging
The essential first step in managing incidents correctly is to receive and log them.
Incidents may be reported from various sources, such as users, application managers, the Service Desk or technical support, among others.
Incidents should be logged immediately as it is much more difficult to log them later and there is a risk of new incidents emerging, causing the process to be postponed indefinitely.
- Commencing handling of the incident: the Service Desk must be able to evaluate whether the service required is included in the customer's SLA in the first instance and if not, forward it to a competent authority.
- Checking that the incident has not already been logged: it is commonplace for more than one user to report an incident, so it is necessary to check to avoid unnecessary duplication.
- Assigning a reference: the incident will be assigned a reference number to uniquely identify it in both internal processes and when communicating with the customer.
- Initial logging: the basic information needed to process the incident (time, description of the incident, systems affected, etc.) has to be entered on the associated database.
- Supporting information: any relevant information for the resolution of the incident that may be asked for from the customer using a specific form, or which may be obtained from the CMDB (interrelated hardware), etc.
- Incident notification: in those cases where the incident may affect other users, these should be notified so that they are aware of how the incident may impact their usual workflow.
Classification
The main aim of incident classification is to collect all the information that may be used to resolve it.
The classification process should implement at least the following steps:
- Categorisation: a category is assigned (this may in turn be subdivided into several levels) depending on the type of incident and the workgroup responsible for resolving it. The services affected by the incident are identified.
- Establishing the level of priority: the incident is assigned a level of priority, based on predefined criteria, depending on its impact and urgency.
- Allocation of resources: if the Service Desk cannot resolve the incident in the first instance, it will designate the technical support personnel responsible for resolving it (second level).
- Monitoring the status and the expected response time: an incident is associated with the incident (for example, logged, active, suspended, resolved, closed) and the resolution time for the incident is estimated based on the relevant SLA and the priority.
