5.2 Scope of Incident Management

In ITIL terminology, an 'Incident' is defined as:

any event which is not part of the standard operation of a service and which causes, or may cause, an interruption to, or a reduction in, the quality of that service.

Examples of categories of Incidents are:

application
- service not available
- application bug/query preventing Customer from working
- disk-usage threshold exceeded
hardware
- system down
- automatic alert
- printer not printing
- configuration inaccessible
service requests
- request for information/advice/documentation
- forgotten password.

A request for new or additional service (i.e. software or hardware) is often not regarded as an Incident but as a Request for Change (RFC). However, practice shows that handling of both failures in the infrastructure and of service requests are similar, and both are therefore included in the definition and scope of the process of Incident Management. The word 'Incident' in this chapter applies to both, if not explicitly stated otherwise, although organisations may decide to develop their own service-request procedures to isolate them from the more technical issues.

Within the more technically oriented systems-management function, an automatically registered event such as exceeding a disk-usage threshold, is often regarded as part of 'normal' operations. These events are included in the definition of Incidents even though service delivery to Customers is not affected.

Figure 5.1 shows the

process. These are split down as follows:

Figure 5.1-Incident Management process

Inputs:

Incident details sourced from (for example) Service Desk, networks or computer operations
configuration details from the Configuration Management Database (CMDB)
response from Incident matching against Problems and Known Errors
resolution details
response on RFC to effect resolution for Incident(s).

Outputs:

RFC for Incident resolution; updated Incident record (including resolution and/or Work-arounds)
resolved and closed Incidents
communication to Customers
management information (reports).

Incident Management activities:

Incident detection and recording
Classification and initial support
investigation and diagnosis
resolution and recovery
Incident closure
Incident ownership, monitoring, tracking and communication

The roles and functions related to the Incident Management process are:

first, second-and third-line support groups, including specialist support groups and external suppliers (roles)
Incident Manager (role)
Service Desk manager (function).