"> Incident Management (ITIL 4) – Process-Symphony – ITSM Knowledge Orchestrators

Search Knowledge

Incident Management (ITIL 4)

Parent Process Reference Framework: ITIL 4

Service Value Stream Activities

Highly impacted Service Value System(SVS) Activities:

  • Engage
  • Deliver and support


The purpose of the incident management practice is to minimize the negative impact of incidents by restoring normal service operation as quickly as possible. 

Incident is an unplanned interruption to a service or reduction in the quality of a service. 

Incident management can have an enormous impact on customer and user satisfaction, and on how customers and users perceive the service provider. Every incident should be logged and managed to ensure that it is resolved in a time that meets the expectations of the customer and user. Target resolution times are agreed, documented, and communicated to ensure that expectations are realistic. Incidents are prioritized based on an agreed classification to ensure that incidents with the highest business impact are resolved first. 

Organizations should design their incident management practice to provide appropriate management and resource allocation to different types of incident. Incidents with a low impact must be managed efficiently to ensure that they do not consume too many resources. Incidents with a larger impact may require more resources and more complex management. There are usually separate processes for managing major incidents, and for managing information security incidents. 

Information about incidents should be stored in incident records in a suitable tool. Ideally, this tool should also provide links to related CIs, changes, problems, known errors, and other knowledge to enable quick and efficient diagnosis and recovery. Modern IT service management tools can provide automated matching of incidents to other incidents, problems, or known errors, and can even provide intelligent analysis of incident data to generate recommendations for helping with future incidents. 

It is important that people working on an incident provide good-quality updates in a timely fashion. These updates should include information about symptoms, business impact, CIs affected, actions completed, and actions planned. Each of these should have a timestamp and information about the people involved, so that the people involved or interested can be kept informed. There may also be a need for good collaboration tools so that people working on an incident can collaborate effectively. 

Incidents may be diagnosed and resolved by people in many different groups, depending on the complexity of the issue or the incident type. All of these groups need to understand the incident management process, and how their contribution to this helps to manage the value, outcomes, costs, and risks of the services provided: 

  • Some incidents will be resolved by the users themselves, using self-help. Use of specific self-help records should be captured for use in measurement and improvement activities. 
  • Some incidents will be resolved by the service desk. 
  • More complex incidents will usually be escalated to a support team for resolution. Typically, the routing is based on the incident category, which should help to identify the correct team. 
  • Incidents can be escalated to suppliers or partners, who offer support for their products and services. 
  • The most complex incidents, and all major incidents, often require a temporary team to work together to identify the resolution. This team may include representatives of many stakeholders, including the service provider, suppliers, users, etc. 
{{ reviewsOverall }} / 5 Users (0 votes)
What people say... Login to rate
Order by:

Be the first to leave a review.

/ 5
{{{review.rating_comment | nl2br}}}

Show more
{{ pageNumber+1 }}