{"id":1224,"date":"2016-08-06T07:00:58","date_gmt":"2016-08-06T14:00:58","guid":{"rendered":"http:\/\/itiltopia.com\/?p=1224"},"modified":"2020-10-16T11:07:46","modified_gmt":"2020-10-16T18:07:46","slug":"defining-an-incident","status":"publish","type":"post","link":"http:\/\/itiltopia.com\/?p=1224","title":{"rendered":"Defining an Incident"},"content":{"rendered":"<p><a href=\"http:\/\/itiltopia.com\/wp-content\/uploads\/2016\/08\/incident.jpg\"><img loading=\"lazy\" class=\"size-medium wp-image-1225 alignright\" src=\"http:\/\/itiltopia.com\/wp-content\/uploads\/2016\/08\/incident-300x114.jpg\" alt=\"incident\" width=\"300\" height=\"114\" srcset=\"http:\/\/itiltopia.com\/wp-content\/uploads\/2016\/08\/incident-300x114.jpg 300w, http:\/\/itiltopia.com\/wp-content\/uploads\/2016\/08\/incident.jpg 454w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a>During most of my posts I take a shorthand method of talking about Incidents and equate them to a \u201cService Outage\u201d, but truthfully, an Incident is defined more broadly than just when disruptions in Services that are noticed by end users.<\/p>\n<p>So what conditions should be logged as Incidents?<\/p>\n<p>There are four conditions that should be the basis for entering in Incident records in your IT Service Management system:<\/p>\n<ul>\n<li>A Service outage<\/li>\n<li>A Service degradation<\/li>\n<li>An Event that increases the risk of a Service outage<\/li>\n<li>An Event that increases the risk of a Service degradation<\/li>\n<\/ul>\n<p><strong>Definitions<\/strong><\/p>\n<p>Service outage &#8211; Obviously this is the common understanding of what defines an Incident. When end-users\u2019 Services are disrupted, people who use ITIL terminology call this an Incident.<\/p>\n<p>Service degradation &#8211; When a user\u2019s Services are in a degraded state (slow performance, critical functions not working, etc.) an Incident should be logged. What level of degradation triggers an Incident is something I\u2019ve <a href=\"http:\/\/itiltopia.com\/?p=1217\">written about in a previous post<\/a>.<\/p>\n<p>An Event occurs that increases the risk of a Service outage &#8211; Let\u2019s say you have a server with\u00a03 drives configured for RAID 5 and one of those drives fails. The risk of a Service outage has significantly increased. If another drive in that array fails, you will have significant data loss. Hopefully you have sufficient monitoring to alert you to the event rather than relying on someone noticing the red light on the array as they walk by, but regardless of how it is detected, an Incident should be logged.<\/p>\n<p>An Event occurs that increase the risk of Service degradation &#8211; Let\u2019s take a scenario where you have a FDDI ring with an ISDN fallback between two sites. Again, hopefully you have monitoring to tell you when your primary FDDI ring has failed but the secondary ring should be able to handle the users\u2019 volume. What if that secondary ring goes down and you have to fail over to the ISDN connection? The users\u2019 Services will be seriously degraded. Even though the risk of a complete Service outage is very low with this triple redundancy, the risk of Service degradation has risen dramatically when the primary ring failure occurred.<\/p>\n<p><strong>Downstream<\/strong><\/p>\n<p>Many IT technicians don\u2019t understand that all of these conditions warrant the capture and recording as an Incident. This significantly affects downstream processes like Problem, Config, Change, Availability, etc., etc.<\/p>\n<p>How can you plan for high Availability if you don\u2019t capture non-service outage events? How can you identify Problems if you don\u2019t record Incidents that don\u2019t directly affect the users\u2019 service perceptions?<\/p>\n<p><strong>Automation<\/strong><\/p>\n<p>Many tools try to automate the recording of Incidents when non-user affecting events occur, but most of them generate so many spurious events that the volume of invalid Incidents created make the feature not worth using. Only with strong correlation rules would I trust automated Incident creation.<\/p>\n<p><strong>Training<\/strong><\/p>\n<p>The best thing to do is to train all the IT technicians to understand that Incidents are not just for Service outages and to have good Service Level documentation to inform IT when Service degradation should trigger Incident creation.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>During most of my posts I take a shorthand method of talking about Incidents and equate them to a \u201cService Outage\u201d, but truthfully, an Incident is defined more broadly than just when disruptions in Services that are noticed by end users. So what conditions should be logged as Incidents? There are four conditions that should &hellip;<br \/><a href=\"http:\/\/itiltopia.com\/?p=1224\">Read more <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":1225,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[8,15],"tags":[],"jetpack_featured_media_url":"http:\/\/itiltopia.com\/wp-content\/uploads\/2016\/08\/incident.jpg","jetpack_publicize_connections":[],"_links":{"self":[{"href":"http:\/\/itiltopia.com\/index.php?rest_route=\/wp\/v2\/posts\/1224"}],"collection":[{"href":"http:\/\/itiltopia.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/itiltopia.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/itiltopia.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/itiltopia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1224"}],"version-history":[{"count":8,"href":"http:\/\/itiltopia.com\/index.php?rest_route=\/wp\/v2\/posts\/1224\/revisions"}],"predecessor-version":[{"id":1562,"href":"http:\/\/itiltopia.com\/index.php?rest_route=\/wp\/v2\/posts\/1224\/revisions\/1562"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/itiltopia.com\/index.php?rest_route=\/wp\/v2\/media\/1225"}],"wp:attachment":[{"href":"http:\/\/itiltopia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1224"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/itiltopia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1224"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/itiltopia.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1224"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}