Incident Management

In practice, IT incident management often relies upon temporary workarounds to ensure services are up and running while the staff investigates the incident, identifies its root cause, and develops and rolls out a permanent fix. Specific workflows and processes in IT incident management differ depending on the way each IT organization works and the issue they are addressing. Tracking the incident data allows for better problem management and business decisions. Incident management also involves creating incident models, which allow support staff to efficiently resolve recurring issues

Key pieces of incident management

  • A service level agreement between the provider and the customer that defines incident priorities, escalation paths, and response/resolution time frames
  • Incident models, or templates, that allow incidents to be resolved efficiently
  • Categorization of incident types for better data gathering and problem management
  • Agreement on incident statuses, categories, and priorities
  • Establishment of a major incident response process
  • Agreement on incident management role assignment

  • fashion-person-woman-hand
  • pexels-photo-518244
  • woman-hand-smartphone-laptop

Incident management is not expected to perform root cause analysis to identify why an incident occurred. Rather, the focus is on doing whatever is necessary to restore the service. This often requires the use of a temporary fix, or workaround. An important tool in the diagnosis of incidents is the known error database (KEDB), which is maintained by problem management. The KEDB identifies any problems or known errors that have caused incidents in the past and provide information about any workarounds that have been identified.

  • Incident identification
  • Incident logging
  • Incident categorization
  • Incident prioritization         
  • Initial diagnosis
  • Escalation
  • Incident resolution
  • Incident closure




Various Incident Status

  • New
  • Assigned
  • In progress
  • On hold or pending
  • Resolved
  • Closed

The new status indicates that the service desk has received the incident but has not assigned it to an agent.

The assigned status means that an incident has been assigned to an individual service desk agent.

The in-progress status indicates that an incident has been assigned to an agent but has not been resolved. The agent is actively working with the user to diagnose and resolve the incident.

The on-hold status indicates that the incident requires some information or response from the user or from a third party. The incident is placed “on hold” so that SLA response deadlines are not exceeded while waiting for a response from the user or vendor.

The resolved status means that the service desk has confirmed that the incident is resolved and that the user’s service has restored to the SLA levels.

The closed status indicates that the incident is resolved and that no further actions can be taken.

Types of incidents

Incidents are generally categorized by low, medium and high priorities.

·         Low-priority incidents do not interrupt end users, who typically can complete work despite the issue. 

·         Medium-priority incidents are issues that affect end users, but the disruption is either slight or brief. 

·        High-priority incidents, however, are issues that will affect large amounts of end users and prevent the proper functioning of a system.