ITIL® 2011 Edition OSA: Introduction To Incident Management: Goals and Scope

Course Transcript
ITIL® 2011 Edition OSA: Introduction to Incident

Management
Goals and Scope
1. The Purpose of Incident Management
2. The Scope of Incident Management
3. Approaching Incident Management
4. Examining the Basics of Incident Management
Incident Management Value and Policies

1. The Value of Incident Management
2. The Policies of Incident Management
3. Using Basic Incident Management
4. Analyzing Value and Incident Management Policies

The Purpose of Incident Management
Learning Objectives
After completing this topic, you should be able to
identify the objectives of Incident Management
identify what the Critical Success Factors involve in Incident Management
sequence the activities in the Incident Management process
distinguish between Incident Management and Problem Management
1. Incident Management objectives

Many organizations depend on different IT services for their everyday operations - exchanging
information, maintaining important data, and interacting with customers. These organizations might
encounter events or malfunctions that disrupt the IT services, thereby causing a negative impact on
business. Such events or malfunctions are called incidents. And Incident Management is the process
used for resolving these incidents.
According to ITIL®, there are many types of incidents such as
disruption of IT services
One type of incident is disruption of IT services. For example, a car manufacturing
company uses an online system for ordering car parts from its suppliers and tracking the
orders. But the system suddenly stops working bringing all ordering operations to a halt.
degradation of the quality of IT services, or
The degradation of the quality of IT services is also an incident. For example, a
telecommunications company that provides Internet service begins receiving customer
complaints that the service has become quite slow. As a result, sending and receiving
information takes longer.
malfunction of configuration items
Malfunction of configuration items can be called an incident even if the item has not yet
affected IT services. For example, a user complains that the installation disk of a hardware
component is not working. So the user is unable to install the component.
The different types of incidents can be identified by event monitoring tools or reported by customers or
employees. Incident Management handles all such incidents.
Consider an example where an IT company uses an event monitoring tool to track uploads to the FTP
site. The tool detects that uploads are taking longer than usual and raises an alert. So the network team
uses Incident Management to analyze the alert, determine the cause of the slow uploads, and resolve
the incident.
If a customer calls the Service Desk and reports that a web page is not loading properly, the Service
Desk uses Incident Management to resolve this incident.
Question
Identify examples of incidents.
Options:
1. The network of an organization has gradually become slow

2. The online banking application used by customers has stopped working
3. The e-mail server of a company is sending and receiving messages of
customers
4. A user purchases a software program and finds that the installation CD is
corrupt
5. A printer is printing documents on A4 size sheets of paper
Answer
Option 1: This option is correct. Slowing down of the network implies degradation of the
quality of an IT service, so this is an incident.
Option 2: This option is correct. Application failure results in disruption of banking services, so
this is an example of an incident.
Option 3: This option is incorrect. The e-mail server of a company is working as expected.
There is no disruption of the e-mail service, so this is not an incident.
Option 4: This option is correct. A corrupt installation CD implies malfunction of a

configuration item, so this is an incident.
Option 5: This option is incorrect. The printer is working as expected, so this is not an
incident.
Correct answer(s):
1. The network of an organization has gradually become slow

2. The online banking application used by customers has stopped working
4. A user purchases a software program and finds that the installation CD is corrupt
Incident Management has the following objectives:
re-establishing normal service operation rapidly, where normal service operation means
service operation within Service Level Agreement or SLA limits
reducing the effect of an incident on business activities, and
maintaining the quality and availability of services
Consider a company that has all its computers and other devices, such as printers, scanners, and e-mail
server, on a network. When the network suddenly shuts down, the team that manages the network can
use Incident Management to restore the network quickly.
If the networking team does not restore the network quickly, employees cannot send files or print
important documents. This indicates a major impact on the normal activities of the company.
Because of the impact on normal activities, some important transactions or deliverables might be
delayed. As a result, the company will earn a bad reputation and incur loss for not maintaining the
availability of its services. Using Incident Management to resolve the issue quickly can help avoid this
negative impact on business.
Question
Which events can be handled using Incident Management?
Options:
1. An event-monitoring tool raises an alert that a network server is used at

maximum capacity
2. A customer informs that a software application upgrade is working as
expected
3. A user informs about a non-functioning printer on the network
4. An employee reports a problem in installing an application
5. An event-monitoring tool notifies that an e-mail message has reached its
recipient
Answer
Option 1: This option is correct. Incident Management handles incidents detected by event-
monitoring tools that disrupt normal activities.
Option 2: This option is incorrect. Incident Management handles incidents encountered by

customers. In this example, the customer is simply informing about an application working fine.
Option 3: This option is correct. Incident Management handles malfunctions or failures that
affect services.
Option 4: This option is correct. Incident Management handles problems faced by employees
that could affect their normal activities.
Option 5: This option is incorrect. Incident Management handles incidents detected by event-
monitoring tools that affect services. In this example, the tool is only notifying about the
successful completion of an operation and so is not an incident.
Correct answer(s):
1. An event-monitoring tool raises an alert that a network server is used at maximum capacity
3. A user informs about a non-functioning printer on the network
4. An employee reports a problem in installing an application
Question
A customer of a router manufacturing company calls its Service Desk and complains that a
router purchased a year ago has stopped working.
With regard to Incident Management, what should be the objectives of the Service Desk while
resolving this incident?
Options:
1. Restore the router as quickly as possible

2. Update the customer on the progress of the resolution to their logged incident
3. Provide the customer additional service, beyond the SLA, to compensate for
the faulty router
4. Ensure that the customer's work is not affected because of the faulty router
5. Convince the customer to purchase an updated, improved router
Answer
Option 1: This option is correct. Incident Management aims to quickly restore normal service
operation. The objective of the Service Desk is to ensure that the router starts working quickly.
Option 2: This option is correct. Incident Management aims to ensure the best possible levels
of service and quality are maintained. The objective of the Service Desk is to ensure that the
customer is kept informed of the status of their logged incident.
Option 3: This option is incorrect. Incident Management aims to restore service operations
within SLA limits. The Service Desk should not provide the customer any additional service,
which is not specified in the SLA.
Option 4: This option is correct. Incident Management aims to reduce the effect of an incident
on business activities. The Service Desk should ensure that the customer's work is not
affected because of the nonfunctioning router.
Option 5: This option is incorrect. Incident Management aims to re-establish normal services
quickly. The Service Desk should try to repair the existing router instead of asking the
customer to purchase a new one.
Correct answer(s):
1. Restore the router as quickly as possible

2. Update the customer on the progress of the resolution to their logged incident
4. Ensure that the customer's work is not affected because of the faulty router
2. Incident Management CSFs and activities

The level of achievement of Incident Management objectives is determined by its Critical Success
Factors or CSFs, which are
maintenance of customer satisfaction

The maintenance of customer satisfaction can be assessed by a number of KPIs, including
the percentage of incidents resolved within agreed SLA targets, user survey feedback
scores, and turnaround times for responses to users on reported incidents.
maintenance of IT service quality, and
The maintenance of IT service quality CSF can be monitored with KPIs that include the
total number of incidents, and the number of incidents categorized incorrectly and
escalated incorrectly by the Service Desk. Other useful KPIs are the number of incidents
bypassing the Service Desk, resolved before customers notice, not closed with
workarounds, and reopened.
resolution of incidents within established service times
The resolution of incidents within established service times CSF assesses performance
using KPIs that include the number of incidents logged, the number resolved by Service
Desk, and the number escalated by the Service Desk. Other pertinent KPIs include the
average time taken to restore service from point of first call and the time to restore
incidents.
Consider for example a company that supports cellular phone networks and uses Incident Management
to resolve incidents. The company analyzes CSFs every month to determine the success of Incident
Management.
To analyze the maintenance of customer satisfaction, the company sends survey questionnaires to all of
the 904 customers who contacted them in the previous month to report incidents, with 700 responses
back. By analyzing the responses, it's determined that customers rate the organization's Incident
Management processes as 7.2 out of 10. The average turnaround time to resolve a customer's incident
was 18 hours, and 12% of customers had to call more than once before their incident was resolved.
Acceptable KPIs include customer satisfaction average of 7 or above, turnaround times of 24 hours or
less, and a call-back rate of 15% or lower. The organization concludes that it has maintained customer
satisfaction, but there is room for improvement in its Incident management processes.
To further analyze the maintenance of IT service quality, the Service Desk calculates the total number of
incidents as 1000. It also calculates 250 incidents as categorized incorrectly and 130 incidents as
escalated incorrectly.
These high numbers of incidents in each KPI reveal that the Service Desk has not been able to maintain
IT service quality.
Finally the Service Desk analyzes the resolution of incidents within established service times. It
calculates the total number of incidents reported as 1000, of which 800 were resolved by the Service
Desk and 200 were escalated.
The Service Desk also calculates the average time taken to restore services as approximately 24 hours,
while the established service time is 36 hours. The time statistics indicate that the Service Desk was
able to resolve incidents within established service times.
Question
Don works as a Service Desk manager in an IT company. He has been asked to determine his
team's success in maintaining IT service quality when using Incident Management to resolve
incidents.
What statistics should Don use to analyze the maintenance of IT service quality?
Options:
1. Number of incidents that Don's team resolved before customers noticed them
2. Number of surveys that Don's team sent to customers to obtain their feedback
3. Number of incidents that Don's team categorized incorrectly
4. Number of incidents logged by customers
5. Number of total incidents reported to Don's team
Answer
Option 1: This option is correct. The maintenance of IT service quality CSF involves the
number of incidents bypassing Service Desk, resolved before customers notice, not closed
with workarounds, and reopened.
Option 2: This option is incorrect. The maintenance of customer satisfaction CSF involves the
number of surveys sent to customers.
Option 3: This option is correct. The maintenance of IT service quality CSF involves the
number of incidents categorized or escalated incorrectly.
Option 4: This option is incorrect. The resolution of incidents within established service times
CSF involves the number of incidents logged.
Option 5: This option is correct. The number of total incidents reported can be a useful
performance indicator to maintain IT service quality.
Correct answer(s):
1. Number of incidents that Don's team resolved before customers noticed them
3. Number of incidents that Don's team categorized incorrectly
5. Number of total incidents reported to Don's team
To use the Incident Management process effectively for resolving incidents, you need to perform nine
activities. Say a customer complains to a Help Desk representative about a computer screen appearing
blank. The first five activities for resolving this incident are
identify the incident

The first activity is to identify the incident. The representative detects the incident when the
customer reports it. However, as a best practice, incidents should be identified and
resolved before they affect customers through monitoring and automatic detection.
log the incident
The second activity is to log the incident. The representative must record all relevant facts
about the blank screen incident, such as the customer name, impact, and symptoms. This
activity is important because the support group resolving the incident needs to have all the
information about it for finding a proper solution.
categorize the incident
The third activity is to categorize the incident. This will help the representative determine
the support group that can resolve the incident. In future, this activity will help in identifying
trends based on the number of incidents in a particular category.
assign a priority level to the incident, and
The fourth activity is to assign a priority level to the incident. The representative can decide
the priority based on its impact and urgency. This helps determine the way in which the
incident will be handled by the support group.
perform initial diagnosis of the incident
The fifth activity is to do an initial diagnosis of the incident. The representative must query
the customer to try and resolve the incident.
The remaining four activities for resolving the blank screen incident are
escalate the incident

The sixth activity is to escalate the incident. When the Help Desk representative cannot
resolve the incident, it must be escalated to the support group that can resolve it - the
second-level support. The representative should also update the incident record with this
action of escalation.
investigate and diagnose the incident
The seventh activity is to investigate and diagnose the incident. This activity is carried out
by the support group resolving the incident, which is the second-level support team in the
example. This activity helps provide information that can pinpoint a solution.
implement the solution and restore services, and
The eighth activity is to implement the identified resolution and recover the services. This
involves identifying specific actions to be taken and the people who will perform those
actions. The second-level support team should resolve the incident and ensure that the
screen operates correctly.
close the incident
The ninth activity is to close the incident. The Help Desk representative should confirm with
the customer that the incident has been resolved satisfactorily. After receiving confirmation,
the representative should close the incident record in agreement with the customer.
Question
An employee reports to the Service Desk about being unable to send and receive e-mail
messages. The Help Desk representative records all the relevant information about the
incident and categorizes the incident.
Sequence the other activities in the Incident Management process that need to be performed
for resolving the incident.
Options:
A. Perform initial diagnosis of the incident

B. Implement the solution and recover the e-mail service
C. Escalate the incident to the relevant support group if necessary
D. Assign a priority level to the incident
E. Close the incident of the nonfunctioning e-mail service
F. Investigate and diagnose the e-mail service incident
Answer
Correct answer(s):
Assign a priority level to the incident is ranked

After identifying, logging, and classifying the incident, the Help Desk representative should
determine the priority level of the incident so that the relevant support group can handle it
accordingly.
Perform initial diagnosis of the incident is ranked
Before diagnosing the incident to find a possible solution, the Help Desk representative
should assign a precedence level to the incident based on its impact and urgency.
Escalate the incident to the relevant support group if necessary is ranked
The Help Desk representatives do not always escalate incidents. They escalate incidents
to the relevant support group only when the representative or the first-level support group
is unable to resolve the issue for the user.
Investigate and diagnose the e-mail service incident is ranked
After the incident comes to the support group for resolution, the group should investigate
the malfunction of the e-mail service and determine the solution.
Implement the solution and recover the e-mail service is ranked
The relevant support group can implement the solution and recover the e-mail service only
after identifying the solution of the incident.
Close the incident of the nonfunctioning e-mail service is ranked
The Help Desk representative can close the incident only after the support group has
restored the e-mail service and the representative has confirmed with the concerned
employee that the service is working fine.
3. Incident Management & Problem Management

Incident Management focuses on resolving incidents and restoring services as fast as possible. It works
at the user level.
However, behind each incident, there is a root cause or a problem. To prevent an incident from recurring,
the main problem needs to be resolved. Problem Management is the process that focuses on resolving
problems permanently rather than quickly. It resolves problems at the enterprise level. Problem
Management works with Incident Management to improve IT service quality and availability.
Say the hard disk of a user’s computer crashes. Incident Management can be used to restore the hard
disk quickly so that the user’s work does not suffer. Determining the exact cause of the incident is not
relevant at this point. However, if the hard disks of some more users crash, Problem Management
should be used to find the exact problem that is causing these crashes.
Consider another example. An IT company implements a new software application for its Sales
personnel. After using it for some time, Sales employees report a bug in the application. Because the
problem is at the enterprise level, the company uses Problem Management to find the bug and remove
it. This resolves the issue permanently.
Question
Which statement is true about Incident Management and Problem Management?
Options:
1. Incident Management deals at the enterprise level, and Problem Management

deals at the user level
2. Incident Management focuses on immediate solutions of incidents, and
Problem Management focuses on finding the exact cause of incidents
3. Problem Management forms a part of Incident Management and serves as a
point of restoring operations
4. Problem Management focuses on improving IT service quality and availability,
and Incident Management aims to find permanent solution
Answer
Option 1: This option is incorrect. Problem Management resolves problems that lead to many
incidents in an enterprise and deals at the enterprise level. Incident Management deals with
everyday incidents that users encounter and deals at the user level.
Option 2: This option is correct. Incident Management focuses on resolving incidents and
restoring services as fast as possible. Problem Management focuses on finding the exact
cause or problem behind incidents to prevent their recurrence.
Option 3: This option is incorrect. Incident Management and Problem Management are
separate processes, and Incident Management serves as a point of restoring operations.
Option 4: This option is incorrect. Both Problem Management and Incident Management work
together to improve IT service quality and availability, and Problem Management focuses on
resolving problems permanently.
Correct answer(s):
2. Incident Management focuses on immediate solutions of incidents, and Problem

Management focuses on finding the exact cause of incidents
Question
Match each example of an incident and its solution to the correct process. You can select each
process more than once.
Options:
A. When users report network connections to the printers aren't working, the
support group reinstalls the drivers
B. On receiving many user calls about inability to connect to the Internet, the
support group resolves the issue permanently
C. Employees complain about software that crashes, and the support desk asks
employees to reboot their computers
D. When the staff reports the often missing network connectivity, the support
team tries to finds the cause
Targets:
1. Incident Management
2. Problem Management
Answer
Incident Management aims to resolve incidents and restore services quickly by providing a
workaround to an unknown problem that is affecting the network connection. Incident
Management works at the user level and provides a temporary solution, as displayed in the
software crashing example. The support group in this example solves the software issue when
users encounter it.
Problem Management works toward solving a problem permanently, as the support group
does in the Internet connection example. Also, the team in the missing network connectivity
example uses Problem Management to find the root cause of the problem and resolve it
completely.
Correct answer(s):
Target 1 = Option A, Option C
Target 2 = Option B, Option D
4. Summary
Events that disrupt an IT service or degrade its quality, as well as a malfunction of a configuration item,
are called incidents. Incidents are handled using the Incident Management process. This process aims
to restore normal service operations quickly, reduce the effect of an incident on business activities, and
maintain the quality and availability of services consistently.
To determine the effectiveness of the Incident Management process, you analyze its CSFs, which
include maintenance of customer satisfaction, maintenance of IT service quality, and resolution of
incidents within established service times.
And to implement the Incident Management process effectively to resolve incidents, you perform nine
sequential activities.
Incident Management focuses on resolving incidents and restoring services as fast as possible and
works at the user level. Problem Management focuses on resolving problems permanently rather than
hastily and resolves problems at the enterprise level.
The Scope of Incident Management
Learning Objective
recognize examples of events that are within scope of Incident Management
1. Incident Management scope

There are many types of events – some interrupt services, and some don't. Say for example that the
system used by a hospital to record the payment details of patients stops working, thereby disrupting
payment operations. Such events that interrupt or might interrupt services are called incidents and are
handled by Incident Management.
Consider another example of an event that is an incident. A company has all its computers on a network
so that employees can easily share files. When one network server fails, some computers are
disconnected from the network. As a result, employees using these computers cannot share documents
with other employees. This is an incident because it disrupts the usual operation of file sharing.
Events, whether incidents or not, can be reported directly by users through the Service Desk.
For example, a user calls the Service Desk of an Internet Service Provider or ISP and complains about
losing Internet connectivity every few minutes. As a result, the user cannot download important files from
a remote computer.
Users can also log events using the interface of an Incident Management tool. Say a user reports
through one such tool that the charger of a newly purchased laptop is not working. The laptop is not
charged and the user is unable to work.
In addition to users, technical staff can also report or log events. This can happen when one or more
staff members observe something inappropriate or some problem with an IT service and bring it to the
attention of the Service Desk.
For example, an employee of a company reports that pages are frequently getting stuck in a printer,
which results in a waste of time and paper.
Or say employees of a travel company notice that the system used for maintaining the itineraries of its
customers is not responding to queries. This impacts the service that the company provides to its
customers, so the employees inform the support team.
There might also be situations where incidents are reported through automatic monitoring or Event
Management tools. For example, if an automatic security patch update is unable to complete the
installation on a computer, an incident is automatically logged.
Regardless of how or by whom events are reported or logged, all are not incidents. Many events only
inform about normal activity and are not related to any service interruptions.
Consider an example of this distinction. An event-monitoring tool shows the normal functioning of a
network server; this is an event. However, when the tool detects a problem in the server, such as
slowing down of the server, it raises an alert; this is an incident.
When a network administrator receives a notification that a user has logged onto the network, this is an
event. However, when the administrator receives notification that the user is trying to perform an
unauthorized operation, such as deleting a file, this is an incident.
Events that are incidents are handled by the Incident Management process.
Two common categories of incidents are
hardware and
applications
Examples of incidents caused by hardware components include
a printer not working

Say an employee of a company informs the system support team that a printer is not
working. This is an incident because it disrupts the usual operation of printing documents.
The team uses Incident Management to resolve the incident quickly so that there is
minimum impact on business operations.
a computer shutting down abruptly
A customer reports an abrupt shutdown of a computer, bringing work to a halt. This is an
incident causing major business loss to the customer. Incident Management is the best
option for resolving the incident as fast as possible.
an FTP server carrying excessive load, and
The network system of a company generates an alert about excessive load on the FTP
server, which might lead to server breakdown. The networking team knows that FTP server
failure can lead to delays in client deliveries, so the team uses Incident Management to
resolve the incident quickly.
a configuration becoming inaccessible
A member of a networking team needs to change the configuration of a router. However,
the person cannot access the router because the ISP link is not working. To resolve the
incident rapidly, the networking team uses Incident Management.
Incidents caused by applications also come under the scope of Incident Management.
For example, a user has installed an application, starts it, and the application displays an error. The
application is no longer usable. This is an incident that is disrupting the user from performing normal
operations using the application. This can be resolved quickly using Incident Management.
A service becoming unavailable is also an example of an incident caused by an application.
Say a company uses an application for tracking the time spent by its employees on different activities.
Employees log into this application every day and enter their time details. For the past two days, the
application has not been working. As a result, employees have not entered their respective time details.
This incident needs to be resolved quickly so that employees can log details in the tracking application.
Consider another example of an application-related incident where disk-usage threshold is exceeded.
An application used in an organization has 200 as the disk-threshold value, which means that 200
people can use this application. If more than 200, say 220, people use the application, its disk-usage
threshold is exceeded and the application may stop working. The event-monitoring tool raises an alert.
This incident needs to be resolved immediately using Incident Management to stop the application from
crashing.
In addition to reporting incidents, customers might also ask the Service Desk to fulfill some
requirements. These requirements are called service requests and are different from incidents.
For example, a customer calls the Service Desk of a company providing security services to report that
the firewall is being disabled automatically. As a result, an unauthorized person might access the
customer's computer. This is an incident.
Consider another example of an incident. An IT company creates web applications for its customers.
One of its customers is an organization running an online shopping portal. The customer informs the
company that sometimes the users of the portal are unable to enter data in the input fields, which
discourages users from making a purchase. This is causing significant losses to the organization.
Service requests, on the other hand, are methods of fulfilling customer demands and possibly achieving
Service Level Agreement or SLA targets. Such requests do not indicate any service disruptions.
For example, say that a customer takes a new Internet connection. The technician, who installs the
connection, gives the customer a username and password for connecting to the Internet. However, the
customer forgets the password and requests the Service Desk to reset the password. This is a
requirement and does not indicate any service disruption, so it is a service request.
While working, a user calls the Service Desk and asks them to install a new application on the user's
workstation. This does not interrupt any service, so it is a service request.
Incident Management deals only with incidents and not service requests. Service requests are handled
by the Request Fulfillment process.
Question
What are some ways to categorize incidents within Incident Management?
Options:
1. Service requests
2. Applications
3. Hardware
4. SLA targets
Answer
Option 1: This option is incorrect. Incident Management only handles incidents that are
service disruptions. Service requests do not indicate any disruption.
Option 2: This option is correct. Disruptions caused by problems in applications, such as an e-

mail program not working, are handled by Incident Management.
Option 3: This option is correct. Disruptions caused by hardware, such as the slowing down of
a server, are handled by Incident Management.
Option 4: This option is incorrect. Incident Management only deals with incidents that are
service disruptions. SLA targets are related to customer requirements and do not indicate any
service disruption.
Correct answer(s):
2. Applications
3. Hardware
Question
Which statement is true about service requests?
Options:
1. Service requests are same as incidents

2. Service requests indicate service disruptions
3. Incident Management handles service requests
4. Service requests are related to meeting customer requirements
Answer
Option 1: This option is incorrect. Customers report both service requests and incidents to the
Service Desk but they are different.
Option 2: This option is incorrect. Incidents indicate service disruptions.
Option 3: This option is incorrect. The Request Fulfillment process handles service requests,
and Incident Management handles incidents.
Option 4: This option is correct. Service requests are methods of fulfilling customer
requirements and achieving SLA targets.
Correct answer(s):
4. Service requests are related to meeting customer requirements
Question
You are an IT administrator working at your company's Service Desk and receive many
requests from users.
Which requests come under the scope of Incident Management?
Options:
1. Request to partition a hard disk

2. Request to change a faulty network cable
3. Request to update a program with its latest version
4. Request to fix an error in a program
Answer
Option 1: This option is incorrect. Partitioning the hard disk is a service request and does not
indicate disruption of service. Service requests are not handled by Incident Management.
Option 2: This option is correct. A faulty network cable disrupts service, so is under the scope
of Incident Management.
Option 3: This option is incorrect. Updating a program is a service request and does not
indicate disruption of service. Service requests are not handled by Incident Management.
Option 4: This option is correct. A program error disrupts service, so is under the scope of
Incident Management.
Correct answer(s):
2. Request to change a faulty network cable

4. Request to fix an error in a program
2. Summary
Incident Management only handles events that interrupt, or could interrupt, services. These events can
be reported by users or technical staff through the Service Desk or through Incident Management tools.
However, not all reported events are incidents.
Incident Management includes two common categories of incidents – hardware and applications.
In addition to incidents, customers report requirements, called service requests, to the Service Desk.
Incident Management only handles incidents. The Request Fulfillment process handles service requests.
Approaching Incident Management
Learning Objective
perform basic Incident Management
1. Exercise overview
In this exercise, you – the Incident Management administrator – need to use the key concepts of
Incident Management to identify incidents and resolve them.
This involves the task of performing basic Incident Management.
2. Performing basic Incident Management

You are an Incident Management administrator working at the Service Desk of your company. Every day,
you receive calls from users and technical staff reporting various events. Your job is to detect incidents
from these calls and resolve them using Incident Management.
Question
You receive a call from a customer who wants you to upgrade an application with its latest
version. This will enable the customer to use new features of the application.
Which term will you use to categorize this call?
Options:
1. Incident
2. Service request
3. Malfunction
4. Event
Answer
Option 1: This option is incorrect. The call is not an incident because it is not reporting the
disruption of any service.
Option 2: This option is correct. The call is a service request because it represents a customer
demand and does not indicate any service disruption.
Option 3: This option is incorrect. The call is not a malfunction because it does not indicate
the failure of any configuration item or service.
Option 4: This option is incorrect. The call is not an event because it does not indicate either a
normal or disruptive occurrence.
Correct answer(s):
2. Service request
Question
Of the calls received, identify the ones that can be categorized as incidents.
Options:
1. Customer call asking for the documentation of newly purchased software

2. Staff member call informing that the FTP server is not responding
3. Staff member call requesting a hard disk of higher capacity
4. Customer call asking for repair of a nonfunctional scanner
Answer
Option 1: This option is incorrect. This call is a service request and not an incident because it
does not indicate any service disruption.
Option 2: This option is correct. This call is an incident because it indicates disruption of the
FTP service.
Option 3: This option is incorrect. This call is a service request and not an incident because it
does not indicate any service disruption.
Option 4: This option is correct. This call is an incident because it reports the failure of the
scanner.
Correct answer(s):
2. Staff member call informing that the FTP server is not responding
4. Customer call asking for repair of a nonfunctional scanner
Question
One day you receive an unusually high number of calls, so you want to first determine which
calls come under the scope of Incident Management and prioritize them.
Which calls come under the scope of Incident Management?
Options:
1. User call reporting that the installation disk of a modem is not functioning
2. A monitoring tool automatically logging an incident about the normal
functioning of an IT service
3. Staff member call reporting that e-mail messages are taking longer than usual
to reach recipients
4. Staff member call asking for retrieval of a forgotten network login password
Answer
Option 1: This option is correct. This call indicates a malfunction of a configuration item. It is
an incident and comes under the scope of Incident Management.
Option 2: This option is incorrect. This is an event indicating a normal operation and does not
come under the scope of Incident Management.
Option 3: This option is correct. This call is an event that could lead to disruption of the e-mail
service. It is an incident and comes under the scope of Incident Management.
Option 4: This option is incorrect. This call is a service request, which is not under the scope
of Incident Management.
Correct answer(s):
1. User call reporting that the installation disk of a modem is not functioning
3. Staff member call reporting that e-mail messages are taking longer than usual to reach
recipients
Question
When determining calls that can be resolved using Incident Management, you realize that
some of the calls are to be resolved using Problem Management. So you take appropriate
actions for resolving each call.
Match each call and its associated action with the appropriate process. You can select each
process more than once.
Options:
A. Many customers report the frequent failure of a banking application, so you

ask the support group to find a permanent solution
B. Employee informs about being unable to connect to the wireless network, so
you contact the network team for restoring connectivity
C. Customer informs about a program not working that you report to the relevant
group for fast resolution
D. Many employees inform about the usually slow Internet connectivity, which
you report to the network team for finding its cause
Targets:
1. Incident Management
2. Problem Management
Answer
Incident Management works at the user level. A person not being able to connect to the
wireless network and a program not working on a customer's computer are single user-level
incidents that do not indicate any recurrence. They can be resolved using Incident
Management.
Problem Management aims to solve problems permanently by finding their root causes so that
they do not recur. The failure of the online banking application and slow Internet connectivity
are problems that occur repeatedly and are reported by many people. Problem Management is
the most appropriate process to resolve these problems permanently.
Correct answer(s):
Target 1 = Option B, Option C
Target 2 = Option A, Option D
Question
Identify the incidents that exhibit the use of Incident Management for their resolution.
Options:
1. More than one staff member reports that the e-mail service is unavailable
frequently, so you report the issue to the network team that detects its root
cause
2. A customer informs about the malfunction of an antivirus program, so you ask
an representative from the support group to restore the program quickly
3. A staff member reports about not being able to copy essential files from
another computer on the network, so you contact the network team that
resolves the issue
4. Many customers report an application error that occurs after a certain time
period, so you escalate the issue to the software team that removes the error
permanently
Answer
Option 1: This option is incorrect. This incident is an enterprise-level recurring incident. The
network team exhibits Problem Management by finding the main cause of the incident.
Option 2: This option is correct. This incident is a single user-level incident requiring quick
resolution. You exhibit Incident Management by asking the representative to restore the
program quickly.
Option 3: This option is correct. This incident is a single user-level incident that requires an
immediate solution. You exhibit Incident Management by reporting the incident to the network
team that resolves it.
Option 4: This option is incorrect. This incident is a recurring incident reported by many
people. The software team exhibits Problem Management by removing the error permanently.
Correct answer(s):
2. A customer informs about the malfunction of an antivirus program, so you ask an

representative from the support group to restore the program quickly
3. A staff member reports about not being able to copy essential files from another computer
on the network, so you contact the network team that resolves the issue
Question
You’ve decided to use Incident Management for resolving the incident of a program not
working at a customer’s end. So you document all the relevant information about the incident,
categorize the incident, and determine its priority.
Sequence the other activities in the Incident Management process in the order that you'll follow
to resolve this incident.
Options:
A. Escalate the incident to the relevant support group

B. Resolve the incident and recover the program
C. Perform initial diagnosis of the incident
D. Investigate and diagnose the incident
E. Close the incident
Answer
Correct answer(s):
Perform initial diagnosis of the incident is ranked

After assigning a priority level to the incident, you should query the customer to find out
what has gone wrong and try to resolve the incident yourself.
Escalate the incident to the relevant support group is ranked
You should escalate the incident to the relevant support group only after trying to resolve
the incident yourself.
Investigate and diagnose the incident is ranked
After the incident comes to the support group for resolution, the group should identify the
reason for the malfunctioning program and determine the solution.
Resolve the incident and recover the program is ranked
Resolving the incident and recovering the program are possible only after the relevant
support group has provided a solution for the incident.
Close the incident is ranked
You can close the incident only after ensuring that the support group has restored the
program and confirming with the customer that the program is working correctly.
Question
The manager of your Service Desk team calls a meeting and informs that the team needs to
determine its success in maintaining customer satisfaction.
Identify the statistics that you and your team can use for this task.
Options:
1. Average score of the survey responses that you receive from your customers
2. Number of total incidents reported to your team
3. Average time customers had to wait before your team responded to an
incident
4. Number of incidents that were escalated by your team
Answer
Option 1: This option is correct. The maintenance of customer satisfaction can be assessed
by reviewing the average survey score of customers by question category and by total.
Option 2: This option is incorrect. Determining the number of incidents reported to the Service
Desk is a better indicator on the maintenance of IT service quality.
Option 3: This option is correct. The average time spent in waiting for a response to an
incident is an indicator to your company regarding how well it is maintaining customer
satisfaction.
Option 4: This option is incorrect. The number of incidents logged, resolved by the Service
Desk, and escalated by the Service Desk will provide information to how well the company is
resolving incidents within established service times.
Correct answer(s):
1. Average score of the survey responses that you receive from your customers
3. Average time customers had to wait before your team responded to an incident
Examining the Basics of Incident Management
Learning Objective
examine how basic Incident Management helps ensure service quality and
availability is maintained
2. Examining goals
3. Analyzing activities
4. Examining scope
5. Analyzing Critical Success Factors
The Value of Incident Management
Learning Objective
outline why Incident Management is valuable to an organization
1. The importance of Incident Management

In the current business environment, organizations rely on IT services to carry out day-to-day activities.
Today, IT is looked upon as an integral part of an organization. It provides the necessary support and
essential services that help an organization meet customer and business outcomes.
Given this reliance, any downtime in IT services – such as an application not installing correctly, or a
loss of network connectivity where such connectivity is key to business – can affect the company in
terms of time and money. Any occurrence that causes interruptions in work and also reduces the quality
of service delivered is considered as an incident.
Note
Incidents occur in the Service Operation stage of the Service Life Cycle.
Consider the example of a retail store whose automated billing process is interrupted because of a
server crash. With the billing application down, it is impossible for clerks to process transactions and
bills.
As a result, not only does the store accrue huge losses during the time the billing process is down but
this incident also impacts customers, who are unable to buy goods. Such incidents need to be managed
quickly and efficiently so that the business does not lose revenue.
For IT departments within organizations that rely on IT services, it is critical that they manage all such
incidents so that the impact on business is minimal. They can do so through a well-defined Incident
Management system.
An effective Incident Management system avoids the massive losses likely to be incurred by the
business due to IT incidents. It does so by enabling easy detection of incidents as and when they occur
and by ensuring that incidents with the most critical impact are resolved before others. Essentially,
Incident Management helps record, categorize, manage, and resolve all incidents at the earliest
opportunity.
Suppose malware causes a hard disk failure across a group of computers in a specific department. This
issue is detected and recorded as an incident in the Incident Management system because users have
saved their data to the hard disk, and so are now unable to work.
The Incident Management system helps IT classify the incident based on the extent of its impact on
work. IT can then provide initial support to ensure that users do not have to wait long to resume work.
Once the incident is diagnosed, steps are taken to resolve it. For instance, the disk may be replaced and
the data can be transferred from the backup server.
The primary aim of Incident Management is to ensure that the affected components – computer
applications on the affected computers – start functioning without the delay that could otherwise cause a
loss of productivity and revenue.
With Incident Management, organizations can benefit through
just-in-time or timely solutions

The main advantage of Incident Management is that it enables IT to provide just-in-time or
timely solutions to logged incidents. This is made possible through an integrated
knowledge base and the manner in which incidents are logged and routed – where high
priority incidents are automatically escalated. Because Incident Management helps detect
incidents faster, it ensures that the service isn't interrupted for long, thereby, ensuring that
the adverse effect on an organization is minimized.
Say a Business Process Outsourcing organization, or BPO, has an incident of an increase

in call traffic clogging its server, leading to a backlog of client calls. This results in losses for
the BPO because its success depends on the incoming rate of calls and their successful
resolution. Incident Management escalates and resolves this incident quickly.
planned and effective use of resources, and
Another advantage of Incident Management is through the planned and effective use of
support resources. Incident Management provides clarity to IT on the nature of incidents
and helps them to identify and plan appropriate support resources to prevent or resolve
those incidents.
For example, IT may find that a commonly logged incident is that of a printer that stops
functioning because of a paper jam. Instead of allocating a trained IT resource to
troubleshoot this incident, it can put together a visual job aid next to the printer to explain
how a paper jam issue is resolved. Employees can then resolve this issue themselves the
next time it occurs, allowing IT to better utilize their trained resources on critical incidents.
information accuracy
With Incident Management, IT can be assured of information accuracy. This is because
Incident Management systems also provide a database to log all incidents that occur in a
business process.
The database will contain incident history, such as the incident type, its impact, and its
solutions, and is generally used for future reference. The logging of incidents is usually
automated, assuring information accuracy.
Incident Management processes enable an organization to gain in-depth knowledge of incidents. For
instance, they can identify which incidents frequently recur and which steps were taken to resolve them.
The Incident Management process also helps organizations to identify the causes of these incidents.
Based on these details, the organization can pinpoint any areas that need attention. As a result, IT and
the organization can create a plan that considers these issues. They can also identify and prioritize
incidents based on their level of impact and divert resources accordingly.
If an organization lacks this type of information, they could lose track of critical incidents and may even
divert the organization's focus to less important issues.
Incident Management, provides other advantages to the business such as

improved user and customer satisfaction
For any organization, improved user and customer satisfaction is important. Incident
Management contributes toward achieving this through the manner in which it addresses
incidents. Quick and effective incident resolution helps ensure customer satisfaction.
better alignment with business, and
For IT to be an integral part of an organization, it needs to structure its services to ensure
better alignment with business objectives. This is made possible through Incident
Management. By interacting with appropriate business personnel within the organization,
IT can identify which services are essential and which services are required to help
business. This clarity helps them design an appropriate Incident Management system with
specific guidelines on the definition of an incident from a business perspective, its impact,
and how best to resolve it. It also helps IT demonstrate how well it is aligned with the
business. For instance, in an organization that creates web applications for clients, a
server crash is prioritized over a slow network connectivity incident.
enhanced services and training
Incident Management helps IT enhance and improve its services and also the service
quality. This is made possible by tracking the type of incidents that occur, which in turn
helps throw light on service-related areas that need attention. IT can then take the
necessary steps to prevent such incidents from recurring. The analysis and diagnosis of
incidents also helps IT to identify if there is a need for any other services in addition to the
existing ones. It provides clarity on whether training support is required for those involved
in executing Incident Management activities, or for users who are inadvertently causing
incidents by using the service incorrectly.
Question
How does the fact that Incident Management operates in real time benefit an organization?
Options:
1. By providing quick solutions

2. By ensuring effective training
3. By resolving incidents on a first-come, first-served basis
4. By strictly adhering to tried and tested methods of incident resolution
Answer
Option 1: This option is correct. The main reason for using Incident Management is to help
detect and solve incidents as soon as possible in order to reduce the service downtime that
can negatively impact business.
Option 2: This option is incorrect. While Incident Management does highlight areas where
training can be enhanced, this is not of real time benefit to an organization.
Option 3: This option is incorrect. The approach of Incident Management toward incidents
logged is based on the manner in which it is categorized. All critical incidents are prioritized
and resolved before others regardless of when they were logged.
Option 4: This option is incorrect. While Incident Management does allow IT to record
solutions that have been tried previously, it in no way promotes rigid adherence to them.
Because circumstances and incidents vary, rigid enforcement of methods may not work.
Correct answer(s):
1. By providing quick solutions
For every organization that spends money and invests on IT infrastructure and resources, knowing
whether investments made have adequate returns is important.
This assessment can be done only if they have clear information on how services are delivered and how
incidents related to those services are managed. Information on these aspects help management
assess the effectiveness and efficiency of their IT to respond to business needs.
In the Service Life Cycle, it is the Service Operation phase where services are finally delivered to the
customers. And it is during this phase that incidents will emerge. So Incident Management makes
incidents visible, especially in the context of IT services, which are intangible in nature and difficult to
measure.
The ability of Incident Management to provide accurate information on the nature of the incidents
occurring and therein provide visibility to the entire Service Operation phase is what often makes it one
of the first projects to be established in Service Management.
With Incident Management, organizations can see what incidents are logged and how IT is addressing
the incidents. This helps management validate the decisions it took regarding IT investments.
Incident Management helps organizations identify measures to eliminate incidents. It also points out
other areas that need attention in order to reduce the frequency of certain incidents. It is this capability
that enables the organization to make further investment plans and strategies.
Question
An IT organization has decided to implement Incident Management. What advantages will it

receive through Incident Management?
Options:
1. Better allocation and use of support resources

2. Permanent resolutions for high-priority incidents
3. Incident prioritization and escalation
4. Implementation of service culture
Answer
Option 1: This option is correct. Incident Management first identifies the business needs and
requirements of the organization. Next it provides transparency on the nature of incidents. As a
result, organizations can plan and allocate resources to prevent or resolve incidents.
Option 2: This option is incorrect. High-priority incidents are escalated for immediate
resolution. While Incident Management helps diagnose issues and ensures that IT try to
eliminate such incidents in the future, it in no way guarantees the prevention of incidents
through permanent resolutions.
Option 3: This option is correct. This is a feature of Incident Management where incidents are
categorized based on priority levels, which depend on an incident’s impact and urgency on
business processes. Incidents identified as business-affecting events are escalated and
prioritized above any other incidents.
Option 4: This option is incorrect. Service culture is a mindset that IT needs to adopt while
rendering services. While Incident Management helps provide focus to incidents and its
resolution, it does not bring about a change in mindset.
Correct answer(s):
1. Better allocation and use of support resources

3. Incident prioritization and escalation
Question
Identify the statements that represent the value of Incident Management in relation to Service
Management in an organization.
Options:
1. Highlights areas that need attention and probable investment

2. Enables IT to resolve incidents simultaneously
3. Enables management to measure IT investments in terms of service support
4. Highlights how business can align itself with IT
Answer
Option 1: This option is correct. Incident Management helps highlight areas or business
processes that are either affected by an incident or because the way they have been
implemented has caused a number of incidents being reported. As a result, IT and
management can take steps to allocate additional financial or other resources on such areas.
Option 2: This option is incorrect. Incident Management resolves incidents based on the
incident priority levels.
Option 3: This option is correct. IT services are often hard to define. This makes it difficult for
management to measure them. However, with Incident Management they can track and justify
the investment made for IT based on which incidents are commonly reported and the action
taken to prevent or resolve such incidents.
Option 4: This option is incorrect. Incident Management helps IT align to the business by
identifying and prioritizing incidents.
Correct answer(s):
1. Highlights areas that need attention and probable investment

3. Enables management to measure IT investments in terms of service support
2. Summary
The primary objective of Incident Management is to minimize disruption to the organization’s business
by restoring service operations to agreed service levels as quickly as possible.
An effective Incident Management system provides an organization with timely solutions, planned and
effective use of resources, and information accuracy. Incident Management also improves user and
customer satisfaction, aligns services to business needs, and helps define training areas.
Because Incident Management ensures that all activities related to incidents – logging, prioritizing, and
resolving – are recorded, it provides visibility to management about the relevance and effectiveness of
IT. In addition, it also helps them validate the investments made and those still to be made. As a result, it
is usually the first project to be initiated in Service Management.
The Policies of Incident Management
Learning Objectives
explain the approach to timescale policies in Incident Management
explain the approach to Incident Model policies in Incident Management
explain the approach to major incident policies in Incident Management
1. Timescale policies
IT underlies virtually all activities in most organizations today. As IT services are so critical to business
success, incidents that occur and lead to service interruption require quick, if not immediate, resolutions.
To ensure that Incident Management is effective, organizations should outline policies on how to
approach different incidents. This clarity prevents ambiguity in resolving incidents. Such policies provide
directions on various aspects, such as roles and responsibilities or steps for incident resolution.
Incident Management policies provide details on different types of incidents and how to manage them.
These policies are typically driven by factors such as the time period within which to manage specific
incidents, previous occurrences of incidents, and the criticality of the incident.
Basic policies in Incident Management include
Incident Models
An Incident Model defines steps that should be followed in order to resolve common
incidents that may have previously occurred.
major incidents, and
The major incidents policy identifies incidents with high criticality and provides clarity on
how the Incident Management team should handle them.
timescales
To ensure that all incidents are managed within an acceptable time period, the timescales
policy highlights acceptable time periods for different incidents.
When setting up the Incident Management process, one of the basic things to consider is the timescales
policy. Timescale indicates a time period that marks when a process begins and ends. It aims to
minimize the delays in resolving incidents by defining the time for every stage in the incident resolution
process. Timescales are usually based on average incident responses and resolution targets within the
Service Level Agreement, or SLA.
Note
An SLA is a service agreement or contract between two parties, such as a service provider and their
client.
For the timescales policy to work, everyone involved in incident handling, such as support groups,
should be informed of the finalized timescales. Informing support groups is important so that they can
monitor the incidents and then do a compliance check with the SLA about the targets and response time
for handling and closing incidents.
Note
A support group is a collection of people from different departments such as admin and IT, whose
services may be required for resolving incidents.
Timescales generally differ for every incident and are based on the priority level of each incident.
So, shorter timescales are defined for critical incidents to prevent or minimize its impact on the business,
while longer timescales are set for low priority incidents.
Take, for example, the case of a finance organization. It has discovered that one of its customer's
accounts has been hacked into. This security incident is of high priority to the organization because if it
is not resolved within a short timescale, customers will lose money and confidence in the organization –
both of which will impact the business.
When handling incidents, all those involved should keep track of the timescales for that incident to
ensure that services are resumed within the time specified.
Service Management tools can help track and assign timescales. They ensure that incidents aren't
neglected and are escalated to the right person for resolution within the timescale agreed upon for each
stage of incident handling.
Consider an Internet Service Provider, or ISP, whose service focus is to ensure high-speed Internet
connectivity. Any downtime will impact its business. A timescales policy will define the acceptable time
for the different stages in handling such incidents.
Examples of some possible timescales to deal with this incident may be as follows:
1. IT to raise a ticket as soon as the incident occurs

2. the Incident Management team to pick up the incident within half an hour of receiving it
3. the Incident Management team to report back within half a day with incident analysis and
diagnosis
4. a ticket to replace the faulty router to be raised to the Change Management team within an
hour of diagnosis, and
5. the technical department to replace the router and ensure it is operational within a day
Question
Identify the policies that you need to consider in Incident Management.
Options:
1. Incident Models
2. Major incidents
3. Service Level Agreements
4. Timescales
5. Systems
Answer
Option 1: This option is correct. The Incident Model policy covers incidents that have
previously occurred and lists the procedures taken in the past to resolve them.
Option 2: This option is correct. The Major incidents policy deals with high-priority incidents
that are critical in nature.
Option 3: This option is incorrect. Service Level Agreements, or SLAs, are not policies but a
contract between a service provider and a customer.
Option 4: This option is correct. The timescales policy is based on the priority levels of
incidents and identifies the timescales for handling incidents.
Option 5: This option is incorrect. A system is a principle of Service Management and not a
type of policy within Incident Management.
Correct answer(s):
1. Incident Models
2. Major incidents
4. Timescales
Question
Which options are key to the approach to timescale policies in Incident Management?
Options:
1. Prioritization of incidents
2. Notification of incident resolution
3. Escalation of incidents
4. Analysis and investigation of the root cause
Answer
Option 1: This option is correct. The Timescales policy defines timescales depending on
incident prioritization.
Option 2: This option is incorrect. Notification of incident resolution is done only at a later
stage and has no bearing on the timescale policy.
Option 3: This option is correct. Based on how incidents are prioritized and how timescales
are defined, the timescale approach ensures they are escalated to the right person within a
defined time.
Option 4: This option is incorrect. Investigating the root cause of an incident is a good practice
that does not impact timescale.
Correct answer(s):
1. Prioritization of incidents
3. Escalation of incidents
2. Incident Model policies

Incidents that occur in organizations vary in nature and cause. But if incidents are tracked over time,
there is a high probability that many incidents do recur or have occurred in the past, implying that they
have been previously handled.
To reduce the resolution time of common incidents, it helps if procedures that were used to successfully
resolve such issues in the past are identified and recorded. An Incident Model policy helps organizations
to do this.
The Incident Model policy approach requires organizations to track and identify incidents that recur. It
then requires that standard processes be defined on how the team should resolve such incidents.
With the steps predefined for different incidents, organizations can ensure that these incidents are
handled efficiently within predefined timescales and threshold points when they recur.
An example of predefined steps for handling operating system corruption could include checking the
extent of corruption, then reinstalling in case of complete corruption, or retrieving damaged files if it's
partially corrupted.
The Incident Model policy works because it removes ambiguity on how commonly occurring incidents
should be resolved. So an effective Incident Model policy should
identify steps
An Incident Model policy should identify the steps and the sequence for individuals to
resolve the incident.
define responsibilities
The Incident Model policy should provide details of the roles and associated
responsibilities for handling an incident. This helps remove ambiguity, which can otherwise
delay incident resolution.
establish timescales
Establishing timescales helps all individuals and groups associated with incident handling
recognize the acceptable time and thresholds to resolve the incident.
specify escalation procedures, and
Incident Models should also detail the procedure to follow in case of escalations. For
instance, it should specify who should be contacted in a particular scenario and when.
Such clarity saves time identifying what needs to be done in case of escalations and
determines who has the required authority to make decisions in such instances.
define activities to retain evidence
For security and performance or capacity-related incidents, the Incident Model policy
should also include activities that should be undertaken to preserve evidence. For
instance, consider virus-related incidents. After troubleshooting, you need to preserve the
evidence, such as logs and screenshots of issues, for future reference and analysis.
Suppose there is a security incident due to installation of unlicensed software. This incident may cause
data leakage and also network congestion.
An Incident Model for such an incident will list steps on how to resolve it. These could include taking the
computer on which the software was installed offline so it is no longer on the network, then uninstalling
the software or, if required, reconfiguring the system.
It will also state who should handle the incident and what this person is expected to do. In this case, the
system administrator is responsible and expected to check all installed software and verify the risks.
If the impact of this security issue is high, timescales must be shorter and the person responsible for
incident resolution should immediately begin taking action. Escalation procedures will state that the
Incident Manager should be contacted if the issue is not resolved within the timescale, and identified
experts be sought to help resolve the incident.
Evidence preservation activity for this incident will include the screenshot of the unauthorized software,
which will be available in the control panel.
In another example, there has been an incident involving a server. This incident is first escalated to 1st
Level Support, who logs the issue and classifies its priority. Then they check whether the server is on or
not – switching it on if it’s off.
If the server still doesn't function and the 1st Level Support cannot rectify it, the incident is routed to 2nd
Level Support, which consists of technical experts. At this level, they are expected to analyze the issue.
They find that the Switch Mode Power Supply, or SMPS, isn't working. They replace it with a new SMPS.
If this doesn't resolve the incident either, the incident is routed to 3rd Level Support, which is comprised
of external support groups, such as software and hardware manufacturers and vendors. This group is
then tasked with resolving the incident at the earliest opportunity.
Question
Which statement best describes an Incident Model?
Options:
1. A model that explains the cause and effect of various types of commonly
occurring incidents
2. A structured model that separates critical incidents from those that are low
priority
3. A model that includes predefined steps for resolving common and standard
incidents
4. A framework that explains how common incidents should be tracked and
reported
Answer
Option 1: This option is incorrect. An Incident Model covers steps to handle commonly
occurring incidents.
Option 2: This option is incorrect. An Incident Model puts together steps for resolving common
incidents that have occurred previously and does not specify how incidents should be
categorized.
Option 3: This option is correct. An Incident Model defines procedures that should be followed
to resolve common incidents that may have previously occurred.
Option 4: This option is incorrect. An Incident Model does not explain tracking and reporting
but outlines steps that need to be taken when handling known incidents.
Correct answer(s):
3. A model that includes predefined steps for resolving common and standard incidents
Question
An organization's IT security team has created a secure baseline configuration. However,

without testing the configuration rigorously, a change is made. This has resulted in the
operating system malfunctioning. It’s not the first time this has happened; this incident has
occurred before.
How will the Incident Model help resolve this incident?
Options:
1. By identifying who to contact in case of incident escalation

2. Through defined roles and responsibilities of persons who should resolve the
incident
3. By identifying the sequential order in which steps should be taken to resolve
the incident
4. Through the provision of flexible timescales that can be extended
5. By providing a basis through which incidents can be categorized as major,
minor, or critical
Answer
Option 1: This option is correct. The contact list of those people involved in the incident
handling process is provided along with escalation procedures of who should be contacted and
when.
Option 2: This option is correct. Details of the roles and responsibilities should be part of an
Incident Model policy for the incident to be effectively resolved.
Option 3: This option is correct. An Incident Model provides the chronological order of the
steps to perform when resolving previously known incidents. This helps provide clarity to staff
on how to handle and resolve incidents.
Option 4: This option is incorrect. Incident Model defines timescales for every action and
these timescales should be agreed and then conformed to as far as possible by all groups
involved in resolving the incident.
Option 5: This option is incorrect. An Incident Model only covers incidents that are known to
have occurred previously and are expected to occur again. It does not differentiate based on
priority.
Correct answer(s):
1. By identifying who to contact in case of incident escalation

2. Through defined roles and responsibilities of persons who should resolve the incident
3. By identifying the sequential order in which steps should be taken to resolve the incident
3. Major incident policies

Incidents with a high degree of impact and urgency on the business are considered as major incidents.
Handling such incidents requires specialized teams who use unique procedures with shorter turn around
times. Because of the effect such incidents have, major incidents should be dealt with immediately
compared to low priority incidents.
For example, an organization whose activities rely on continuous and reliable network uptime will
consider any loss of network availability as a major incident because it will affect connectivity and
communication, and lead to heavy losses.
Major incidents are not the same as problems. A problem causes an incident and lies at the root of its
occurrence.
An incident, on the other hand, grows in terms of impact or priority to become major or critical. Problems
can vary and different problems could cause a single incident.
For example, an organization could have an incident where its server crashes. This incident could be
caused by an overload of data or a virus attack. So the incident – server crash – can be caused due to
problems such as data overload or viruses.
Defining the major incidents policy should begin with a standard definition of major incidents that is
agreed upon by all the support groups. This should be reflected in the incident prioritization system. This
prevents assumptions and confusion about what constitutes a major incident, and allows such incidents
to be dealt with using an approved method.
Because of the nature of such incidents, a Major Incident Team should be formed. This team focuses
only on major incidents and helps find quicker resolutions. Comprising of qualified technical personnel,
this team works under the direct control of the Incident Manager.
The Incident Manager ensures that all the required resources are provided to the team, and makes sure
that the team is only concentrating on major incidents.
Major incidents can be effectively handled by
creating and framing timescales

When creating and framing timescales, you should ensure that the timescales are shorter
for major incidents. Such timescales should be clearly defined in the policy.
notifying the team regarding the actions to be taken
When an incident occurs, an instant notification containing the various actions to be taken
is sent to the corresponding teams. For instance, when the network is down, a notification
containing the respective actions is sent to the networks team and the information is
passed to the other teams.
investigating and diagnosing the incident
Major incidents require investigation and diagnosis, where the team investigates what has
gone wrong. This is required to prevent or minimize future occurrences.
notifying of progress
Regular notification of progress on the incident handling process has to be sent to
stakeholders so that they are aware of how the impact is being minimized and what steps
need to be taken to prevent future recurrence.
restoring the service, and
Restoration of services should be done at the earliest opportunity, once the incident is
diagnosed, and should be within the appropriate timescale to reduce the business impact.
notifying the organization and customers about the fix
Once the incident is resolved, a notification of fix is sent to both the organization and
customers so that they are aware that the incident is resolved and the service is restored.
Due to the nature of major incidents, some organizations may be keen to investigate and explore the
problem that caused the incident, simultaneously. So they will assign a Problem Manager, who will focus
on the problem, in addition to the Incident Manager, who will focus on incident resolution.
There are also circumstances when an organization may treat a major incident as minor and a minor
incident as major. The way of handling the incidents depends on the potential impact caused by them.
A minor incident is treated as major when its potential impact is huge. Its priority too potentially grows,
thus demanding immediate attention.
For example, high disk space utilization is a minor incident but not when it occurs in a database server
or file server. This is because any further increase in the database size can result in suspending
operating systems, or cause applications to hang.
Similarly, a major incident is treated as minor if its impact is low and when its root cause and resolutions
are highly apparent.
Consider an organization with a network-failure or network-down incident. Although a major incident, it

can be treated as a minor incident if there is a backup line or fail-over line which will restore the network
to its normal working state.
Question
Identify the scenario when the Problem Manager and Incident Manager work on the same
incident, at the same time.
Options:
1. Many major incidents are handled together

2. Service restoration process and the cause examining process are done
together
3. Major incident team is not working effectively
4. Minor incident is treated as a major incident
Answer
Option 1: This option is incorrect. The number of major incidents is immaterial and does not
require a Problem Manager to be assigned.
Option 2: This option is correct. Organizations, in addition to finding resolutions, may also
want to examine the root cause of the incident. In this scenario, the Problem Manager and the
Incident Manager work together on the same incident, at the same time.
Option 3: This option is incorrect. If the major incident team does not work effectively, it is the
Incident Manager's responsibility to bring in the respective expertise.
Option 4: This option is incorrect. A minor incident is treated as a major incident when its
impact is found to be high on the organization.
Correct answer(s):
2. Service restoration process and the cause examining process are done together
Question
When is a minor incident handled as a major incident?
Options:
1. When the resolution for the minor incident is obvious

2. When the impact of the minor incident is very low
3. When the number of occurrences of major incidents is very low
4. When the potential impact of the minor incident is very high
Answer
Option 1: This option is incorrect. If the resolution for a particular incident is obvious then
there is no need to treat it has a major incident. If, and only if, the impact of the minor incident
is huge, it should be treated as a major incident.
Option 2: This option is incorrect. If the impact of the minor incident is low, there is no need for
it to be treated as major and it can be handled with longer timescales.
Option 3: This option is incorrect. A minor incident will be handled as a major incident when its
impact on the business is significant. The number of occurrences is never a matter of concern.
Option 4: This option is correct. If the potential impact of the minor incident is very high and
threats to affect the business, it should be treated as a major incident and be resolved quickly
with shorter timescales.
Correct answer(s):
4. When the potential impact of the minor incident is very high
Question
The billing department of an electronic goods firm is automated. Due to a design anomaly in
the way servers were integrated, the billing system breaks down.
How will the major incident policy approach handle this?
Options:
1. Incident Manager is notified of details of the restoration progress

2. Timescales should be framed
3. Incident Manager to create a predefined list of steps to handle the incident
4. The incident to be prioritized over others and a Problem Manager assigned
Answer
Option 1: This option is correct. Progress of the restoration procedure must be regularly
notified to the Incident Manager so that the manager can check that the team is on track.
Option 2: This option is correct. It is mandatory to frame timescales for all major incidents so
the service can be restored at the earliest opportunity.
Option 3: This option is incorrect. When a major incident occurs, a separate team under the
guidance of the Incident Manager handles the incident. The Incident Manager isn't expected to
predefine steps for the team to follow.
Option 4: This option is incorrect. The Incident Manager is the main person involved in
handling major incidents and not the Problem Manager, who is responsible for root cause
investigation.
Correct answer(s):
1. Incident Manager is notified of details of the restoration progress

2. Timescales should be framed
4. Summary
Policies provide an overview on how to manage incidents. Incident Management provides three policies
– timescales, Incident Model, and major incidents. The Timescales policy includes a defined time period
called timescales within which incidents need to be managed. They usually differ for each type of
incident as they are based on the priority level of an incident.
The Incident Model policy requires that a standard set of steps be created for commonly occurring
incidents so that specific processes are used when similar incidents occur. When that type of incident
occurs, the steps are applied and the issue is resolved.
Major incident policies establish how organizations should approach incidents that can cause huge
potential impact to an organization's bottom-line. This policy requires a separate team which uses
unique procedures and resolves incidents within shorter timescales.
Using Basic Incident Management
Learning Objectives
specify the value of Incident Management to business
determine the approach to handling incidents using Incident Management
In this exercise, you're required to recognize the value of Incident Management to business. You are
also required to identify an approach to handle incidents using Incident Management.
This involves the following tasks:
specifying the business value of Incident Management and

handling incidents using an appropriate Incident Management approach
2. Specifying business value

A small-scale manufacturing company has recently automated its existing operations for the advantages
offered in terms of ease of maintenance, better visibility of logistics and operations, and other benefits.
However, it continues to face issues that interrupt regular functioning of operations that can impact
customers. For instance, one incident involved their company web site being unable to launch correctly.
At another time, the IT application which tracks logistics, such as the number of components ready for
delivery and available at warehouses, was not refreshing to show actual data and continued to show
outdated stock.
In order to deal with such incidents, the company has hired your services as an IT manager.
Question
Recognizing that the company is increasing its reliance on IT, you feel implementing Incident
Management will be beneficial to the business.
Why do you think Incident Management will help the business?
Options:
1. Aligns IT activities to business priorities

2. Utilizes support resources efficiently
3. Provides quick and instant solutions
4. Allows end customers to give feedback on service quality
5. Identifies the root cause of the incident
Answer
Option 1: This option is correct. Incident Management helps IT align itself to business
priorities by providing perspective on processes and areas that the business considers critical.
Accordingly, IT can provide operational support in those areas.
Option 2: This option is correct. The effective deployment of support resources helps to
resolve the problem quickly; thereby, avoiding unnecessary downtime.
Option 3: This option is correct. Incident Management's main advantage is that it helps IT
tackle incidents based on severity levels. Through its integrated knowledge base, it provides
them with details on how to solve issues. This enables IT to provide appropriate and quick
solutions.
Option 4: This option is incorrect. Customers will be provided with regular updates on the
progress of the incident handling process. And when the incident is resolved, a final
notification of incident fix will be sent to them. Instant feedback is never provided by
customers.
Option 5: This option is incorrect. Incident Management does not pinpoint the root cause,
though it does help the organization to diagnose and investigate an incident.
Correct answer(s):
1. Aligns IT activities to business priorities

2. Utilizes support resources efficiently
3. Provides quick and instant solutions
Question
As the IT manager, what are some other benefits that you can get from implementing Incident
Management?
Options:
1. Escalation of incidents based on priority

2. Ability to identify potential improvements to services
3. Ability to automatically resolve incidents
4. Ability to alert IT staff on procedures to resolve an incident
Answer
Option 1: This option is correct. Prioritizing incidents is a component of Incident Management

that enables critical incidents to be escalated and prioritized over others.
Option 2: This option is correct. Incident Management helps improve services and associated
service quality because it helps IT staff understand what business staff considers to be an
incident. Consequently, IT can take steps to ensure such incidents are minimized in the long
run through service or process improvements.
Option 3: This option is incorrect. Incident Management does not resolve the incident
automatically. It only categorizes the incidents automatically and escalates them based on
predefined incident priorities.
Option 4: This option is incorrect. The Incident Management database includes an integrated
knowledge base where procedures used to resolve incidents are recorded for future reference.
However, the system does not automatically alert IT staff of which procedures to use.
Correct answer(s):
1. Escalation of incidents based on priority

2. Ability to identify potential improvements to services
Question
Match the business value of Incident Management to the scenarios where it will work.
Options:
A. Quick solutions
B. Availability of an integrated knowledge base
C. Improved services and enhanced training
Targets:
1. An IT company witnesses a new virus attack on an employee's system. To

detect the virus, the IT team used previously tested antivirus software, but
failed. A delay in detecting this new virus might lead to the corruption of the
entire operating system.
2. The FTP server used by the company to share critical files and product
information on a daily basis with its clients is down. This can impact customer
satisfaction.
3. A gaming company's software is not loading properly on a customer's system.
This is an incident that has recurred in the past and is something that the
company is aware of. It has recorded details of how to solve such issues.
Answer
Incident Management helps IT enhance and improve its services, and also the service quality,
based on the type of incidents that occur, which help to highlight the service-related areas that
need attention.
This enables IT to take the necessary steps that help prevent such incidents from recurring. In
addition, analysis and diagnosis of incidents helps them identify if there is a need for any other
service in addition to the existing ones.
The main advantage of Incident Management is its ability to provide appropriate and quick
solutions based on the manner in which incidents are prioritized and, accordingly, escalated.
Because Incident Management helps detect incidents faster, it also ensures service isn't
interrupted for long, thereby minimizing any negative impact on an organization's productivity.
Incident Management aids organizations with the facility of the integrated knowledge base.
This database contains details of all the previously occurred incidents and the manner in which
they were resolved.
Based on these details, the organization can recognize areas that need attention and create
an appropriate business plan, highlighting their specifications and pre-requisites.
Correct answer(s):
Target 1 = Option C
Target 2 = Option A
Target 3 = Option B
Question
What specific value does Incident Management provide that assists management to decide
additional investments in IT?
Options:
1. Improved prioritization
2. Removal of incorrect and redundant incidents
3. Automatic escalation of high impact incidents
4. Detailed incident information and visibility
Answer
Option 1: This option is incorrect. Incident Management does improve incident prioritization
based on business priorities, which in turn helps ensure that customers stay satisfied.
However, this is not something that directly helps the management staff.
Option 2: This option is incorrect. While regular elimination of lost or incorrect incidents from
the database helps keep the database current and updated, this is not a direct value to the
management staff of the company.
Option 3: This option is incorrect. When an incident occurs, Incident Management

automatically escalates incidents to the assigned person, based on the incident’s priority.
However, this is not an added value to the company and its management staff.
Option 4: This option is correct. Detailed and precise information on incidents is available
through Incident Management. This information helps management identify if there is a need
to invest in resources that can help tackle or minimize incidents and where, if required,
reallocate resources.
Correct answer(s):
4. Detailed incident information and visibility
Question
An IT organization wants to ensure that its employees have understood the values of Incident
Management to the business process. What do you think are the main values of Incident
Management?
Options:
1. Provides permanent solutions for high-priority incidents

2. Escalates incidents based on priority levels
3. Aligns IT activity to real-time business priorities
4. Resolves incidents on a first-come, first-served basis
Answer
Option 1: This option is incorrect. High-priority incidents are always attended to first and
Incident Management ensures that IT eliminates such incidents in future; it in no way ensures
prevention of incidents through permanent solutions.
Option 2: This option is correct. One of the main values of Incident Management is its ability
to escalate incidents based on priority levels. Incidents are categorized depending upon their
impact on business process and if the incident is found to have a huge impact, it is escalated
and prioritized over other incidents.
Option 3: This option is correct. Incident Management is highly capable in aligning IT activity
to real-time business priorities. This is due to the ability of Incident Management to recognize
business priorities and to offer the appropriate support resources.
Option 4: This option is incorrect. Incident Management resolves incidents based on their
priority levels. All critical incidents are given higher preference over others and are resolved
first, regardless of when they were logged.
Correct answer(s):
2. Escalates incidents based on priority levels

3. Aligns IT activity to real-time business priorities
Question
The IT organization has successfully implemented Incident Management in their business
process.
What are the things that are guaranteed for an organization that has correctly implemented an
Incident Management process?
Options:
1. An IT staff that demonstrates a service-culture mindset

2. Immediate feedback from customers on the service quality
3. Support resources are allocated to events that demand immediate attention
4. All the incidents are tracked and logged
Answer
Option 1: This option is incorrect. Service culture is a mindset that IT needs to adopt while
rendering services. While Incident Management helps provide focus to incidents and its
resolution, it does not bring about a change in mindset.
Option 2: This option is incorrect. Customers will be provided with regular updates on the
progress of the incident handling process. And when the incident is resolved a final notification
of incident fix will be sent to them. Instant feedback is not provided by customers.
Option 3: This option is correct. Using Incident Management processes, organizations can be
sure that their support resources are concentrating on incidents that demand immediate
attention and those that will have heavy impact on business.
Option 4: This option is correct. Implementation of Incident Management takes care of

tracking all the incidents, so that no incident is overlooked.
Correct answer(s):
3. Support resources are allocated to events that demand immediate attention

4. All the incidents are tracked and logged
3. Approach to handling incidents

Recently, IT was alerted about a security incident where a virus was inadvertently downloaded onto an
employee's system. This virus is known to pass undetected and, once in the network, has the ability to
crash the network and the server.
Question
What policies are available to IT within Incident Management?
Options:
1. Incident Model
2. Major Incidents
3. Root cause analysis
4. Timescales
5. Incident Prioritization
Answer
Option 1: This option is correct. An Incident Model is an approach where the steps for dealing
with standard incidents are predefined.
Option 2: This option is correct. Major incidents require specific procedures with shorter
timescales, and a separate team to handle them.
Option 3: This option is incorrect. Determining the cause of incidents is related to Problem
Management, not Incident Management.
Option 4: This option is correct. Timescales indicate an approach with defined partitions of
time that define when the process should start and end. Timescales are highly important and
must be agreed for all the stages of incident handling.
Option 5: This option is incorrect. Incident prioritization is not a policy within Incident
Management; it is a way to take into account the urgency and impact of incidents.
Correct answer(s):
1. Incident Model
2. Major Incidents
4. Timescales
Question
Suppose the team decided to adopt the timescale approach to handling this incident.
What factors should it keep in mind while framing timescales?
Options:
1. Timescales are framed based on the number of major incidents alone

2. Timescales defined should be adequate for handling the incident
3. Timescales are framed based on the time at which the incident was logged
4. Timescales are framed based on the priority levels of incidents
Answer
Option 1: This option is incorrect. Generally when incidents occur they are first prioritized.
Depending on their prioritization, timescales are framed.
Option 2: This option is correct. Resolving an incident can often be broken down into stages
that may be handled by different support groups. So timescales should be set for all stages
and be adequate for handling the incident.
Option 3: This option is incorrect. Timescales are framed based on the priority levels of
incidents and not established when an incident is logged.
Option 4: This option is correct. Timescales are framed based on the priority levels of
incidents, so that the major incidents are handled first and the associated impact is drastically
reduced.
Correct answer(s):
2. Timescales defined should be adequate for handling the incident

4. Timescales are framed based on the priority levels of incidents
Question
To manage an incident like a virus attack, the IT team decides to make use of the policies of
Incident Management.
Match the policies to their descriptions, components, or type of incident it is likely to include.
Options:
A. Incident Model policy

B. Timescale policy
C. Major incident policy
Targets:
1. An issue with high criticality that demands immediate attention

2. A set of predefined steps that are required to resolve standard incidents
3. A period that marks the beginning and end of a process
Answer
The major incident policy provides an approach for handling major incidents. Major incidents
are high priority incidents that are critical in nature. They should be dealt first with shorter
timescales.
Incident Model is a collection of previously defined steps, mainly for the purpose of resolving
incidents. When an incident occurs, the Incident Management staff use these predefined steps
as a guide to resolve standard incidents.
The timescale policy provides an approach to frame appropriate timescales. Timescales refer
to the time period that marks the beginning and ending time of a process. They are used to
minimize the delay that occurs to resolve incidents.
Correct answer(s):
Target 1 = Option C
Target 2 = Option A
Target 3 = Option B
Question
Given that the virus can impact the network and cause a high negative impact on the business,
what approach should be used by the IT team to resolve this incident?
Options:
1. Use a standard Incident Model to resolve this incident

2. Identify support tools to resolve this incident
3. Begin a major incident procedure to resolve this incident
4. Adopt a timescales approach to resolve this incident
Answer
Option 1: This option is incorrect. An Incident Model is a way of predefining the steps that are
required to solve a standard incident. Since this incident has a high potential impact to the
business, it should be considered a major incident.
Option 2: This option is incorrect. Support tools are generally used to manage processes and
to escalate them. It is not an approach that helps to resolve incidents.
Option 3: This option is correct. The major incident policy provides an approach for effectively
handling major incidents like virus attacks. Using this approach, the team can quickly resolve
the incident and reduce the impact on business.
Option 4: This option is incorrect. The timescale policy provides an approach to frame
timescales for every incident. It differs for every incident, as they are based on the priority
levels of incidents.
Correct answer(s):
3. Begin a major incident procedure to resolve this incident
Question
A delay in resolving the virus attack could increase the impact on business, leading to huge
losses. How should the team approach this major incident?
Options:
1. Establish an escalation procedure to handle such incidents

2. Consolidate a list of predefined steps to deal with the incident
3. Frame shorter timescales to restore the service
4. Set up a separate team under the direction of an Incident Manager
Answer
Option 1: This option is incorrect. When a major incident occurs, a separate team under the
guidance of the Incident Manager is established. They work only on major incidents and try to
resolve it. No escalation procedures are created.
Option 2: This option is incorrect. Predefined steps are applicable only for repetitive incidents
or common types of incidents. Using predefined steps to solve a major issue will only result in
time delay, which will also increase the impact on business.
Option 3: This option is correct. Timescales are framed based on the priority levels of
incidents. This being a major incident, it needs to be resolved quickly. Therefore, shorter
timescales should be framed for such critical incidents.
Option 4: This option is correct. A team of qualified technical personnel, with expertise in
managing such incidents should be set up for dealing with major incidents. They work under
the direct control of the Incident Manager.
Correct answer(s):
3. Frame shorter timescales to restore the service

4. Set up a separate team under the direction of an Incident Manager
Question
When an incident occurs, IT needs to be able to recognize the impact of an incident and
differentiate major and minor incidents.
What types of incidents are categorized as major incidents?
Options:
1. Incidents that require longer timescales for resolution

2. Incidents that demand a separate team for resolving it
3. Incidents which require shorter timescales
4. Incidents that require investigation and analysis
Answer
Option 1: This option is incorrect. Incidents that require longer timescales are usually
incidents that are not major. Major incidents are incidents that can cause significant damage
and so need to be resolved quickly.
Option 2: This option is correct. Handling major incidents is a critical process that typically
requires the formation of a new team, which focuses only on major incidents.
Option 3: This option is correct. Incidents that require specific, unique procedures with shorter
timescales and a high degree of urgency are labeled as major incidents.
Option 4: This option is incorrect. Investigation and analysis can be carried out for any type of
incidents and is not the basis to identify major incidents.
Correct answer(s):
2. Incidents that demand a separate team for resolving it

3. Incidents which require shorter timescales
Analyzing Value and Incident Management Policies
Learning Objective
analyze the basics of how Incident Management supports an organization
1. Exercise Overview
2. Analyzing Incident Management’s value
3. Analyzing Incident Management’s policies
4. Identifying major incidents
© 2018 Skillsoft Ireland Limited

ITIL® 2011 Edition OSA: Introduction To Incident Management: Goals and Scope

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ITIL® 2011 Edition OSA: Introduction To Incident Management: Goals and Scope

Uploaded by

Copyright:

Available Formats

Course Transcript

ITIL® 2011 Edition OSA: Introduction to Incident

2. The Scope of Incident Management

3. Approaching Incident Management

4. Examining the Basics of Incident Management

Incident Management Value and Policies

2. The Policies of Incident Management

3. Using Basic Incident Management

4. Analyzing Value and Incident Management Policies

1. Incident Management objectives

According to ITIL®, there are many types of incidents such as

Identify examples of incidents.

1. The network of an organization has gradually become slow

Option 4: This option is correct. A corrupt installation CD implies malfunction of a

1. The network of an organization has gradually become slow

Incident Management has the following objectives:

Which events can be handled using Incident Management?

1. An event-monitoring tool raises an alert that a network server is used at

Option 2: This option is incorrect. Incident Management handles incidents encountered by

1. Restore the router as quickly as possible

1. Restore the router as quickly as possible

2. Incident Management CSFs and activities

maintenance of customer satisfaction

identify the incident

escalate the incident

A. Perform initial diagnosis of the incident

Assign a priority level to the incident is ranked

3. Incident Management & Problem Management

Which statement is true about Incident Management and Problem Management?

1. Incident Management deals at the enterprise level, and Problem Management

2. Incident Management focuses on immediate solutions of incidents, and Problem

Target 1 = Option A, Option C

Target 2 = Option B, Option D

1. Incident Management scope

Two common categories of incidents are

a printer not working

A service becoming unavailable is also an example of an incident caused by an application.

Consider another example of an application-related incident where disk-usage threshold is exceeded.

What are some ways to categorize incidents within Incident Management?

Option 2: This option is correct. Disruptions caused by problems in applications, such as an e-

Which statement is true about service requests?

1. Service requests are same as incidents

Option 2: This option is incorrect. Incidents indicate service disruptions.

4. Service requests are related to meeting customer requirements

Which requests come under the scope of Incident Management?

1. Request to partition a hard disk

2. Request to change a faulty network cable

This involves the task of performing basic Incident Management.

2. Performing basic Incident Management

Which term will you use to categorize this call?

1. Customer call asking for the documentation of newly purchased software

Which calls come under the scope of Incident Management?

A. Many customers report the frequent failure of a banking application, so you

Target 1 = Option B, Option C

Target 2 = Option A, Option D

2. A customer informs about the malfunction of an antivirus program, so you ask an

A. Escalate the incident to the relevant support group

Perform initial diagnosis of the incident is ranked

1. The importance of Incident Management

With Incident Management, organizations can benefit through

just-in-time or timely solutions

Say a Business Process Outsourcing organization, or BPO, has an incident of an increase

Incident Management, provides other advantages to the business such as