Join Mark Thomas for an in-depth discussion in this video Activities of incident management, part of Cert Prep: ITIL Foundations.
-Okay, so let's take this box right here called incident management and let's break it down in some of the activities. Remember the service desk owns every incident throughout its life cycle. There may be escalations that will have to take place. But let's really figure out where those things might take place here. Okay? So as you walk down, down the list of activities. First of all we have to identify it. We talked about this earlier. We can identify that incident through an alerting system, an event monitoring. A service, a customer can call in the service desk third party and so on.
So it gets identified. Then that ticket gets logged or that incident gets logged in which case we have a date time stamp to officially recognize that that has been entered into the system. Okay? We go through the categorization. And on categorization many organizations and it's a good practice to your categorization hierarchy or schema where you have different selections of drop down boxes and based on what you select through the high level categories going to drive what's in the sub-category, the sub-sub category.
You have to be real careful. It is not always a good idea to have multiple multiple levels and sub-levels of categories and sub-categories because then you start really getting into some granularity that you may find hard to, hard to manage. So you have to be very cognizant of the types of categorization you have. And one of the reasons why I like to categorize pretty early in the process actually because sometimes that categorization we determine right here will help us determine where it may have to be escalated if and when we have to escalate it.
Now I also found in many cases this is real data that a lot of time we miscategorize that early in the process because we assumed we knew what the issue was. But during the process of investigation we found out there was a little different. Those are things that you follow up with on the closure. So you categorize it. Maybe software, hardware. However you wanna do it or maybe based on service or so on. Okay? Then you go on to the next one which is prioritization. Okay? And you, most folks generally use p one ,p two, p three, sev one, sev two , sev three based on the prioritization table that you have.
And remember we talked about urgency and impact. They help you determine the general priorities and then you can trace those priorities back to certain time scales, thresholds, and service levels associated with resolution times for each one of those types of tickets. Of course one of the priorities might be your highest level of priority and that's what we called the major incident when we talked about, we talked about major incidents here just a few videos ago. Okay? So that's basically what were doing initially. Now initial call as we're trying to figure this out.
So now at the service desk I'm trying to do some initial diagnosis. Now what I'm trying to do is match that what I'm hearing from my customer with, with maybe predetermined scripts that we have or information in the CMS. I'm trying to find out if maybe there is a known error that exists because I want to resolve that incident at the lowest level of pos, at level possible. In this case the service desk still is the, is the function that's dealing with this. Okay? That's what we may consider level one or tier one in some organizations.
But there may be a certain point at this initial diagnosis where at the service desk we cry uncle. Right, and that might be we know this is bigger than us. Or based on the operation level agreement, the agreement I have with my tier two, tier three teams, this point I need to be able to escalate this to the next higher level. So we go through the escalation. Now there is two types of escalation we're dealing with here. One's called functional escalation. Think about we have functions in here in the model.
So a functional escalation would be goes from the service desk to maybe technical management, applications management or IT operations management right? Hierarchical management means it's gotta go to bigger brass okay? We have someone with more managerial backing from a hierarchy standpoint. Sometimes it may be both okay? So now we've got that escalation goes up. Let's say it's functional. It goes to my tier two, tier three, technical management team. And what they're doing there is doing their investigation and diagnosis.
And hopefully at that point you know you may have to re-escalate as many times as you need to to finally find the right teams of support groups to be able to do this. Now it's not always just one support group. There may be multiple support groups that have to be engaged on an instance. So some coordination has to take place here. But the resolution recovery. So you have to have it's potential resolution. You identify it. You apply and possibly test it. Test it with the customer. However you want it. However you determine to be able to do that and complete it with the user call, user call with the service desk.
Hey, how is it doing? We got a fix for ya. Is it working for ya? User: Yep, it's working great. Can I close this ticket out? You got it. So we need positive confirmation that we have resolved your incident and then we go to the closure phase. Now in closure phase, you may wanna have additional things that are involved here in closure. So you may wanna do the closure categorization. Again, it could be different from the categorization that we assumed earlier in the process. User satisfaction survey. How did we do? You gotta be careful about how often you do these.
But it certainly makes a lot of sense. The documentation checks. Those checklists that you might have in addition to the things we're talking about here. And then the formal closure. Mark the incident in close status. So those are the general activities of the incident management process. So if we see here, basically what we've done so far is we've talked about incident management. And that incident essentially we're dealing with out of the service desk. Now if the service desk says ah we can't handle that one or we have to escalate that, that service desk might escalate that incidence, that incident to level two, level three or whatever you call on that escalation path okay? So those are the activities on the incident management side.
So next we're gonna go and talk about some of the relationships between incident management and some of the other processes.
ITIL® is a registered trade mark of AXELOS Limited. This ITIL Foundations course is offered by Interface Technical Training, ATO of EXIN.