The purpose of the process is to help establish best practice for IT Operation teams to respond to and to address unplanned events that can affect service quality. This process aims to identify and correct problems while maintaining normal service and minimizing impact to the client’s business.

It is the practice of restoring services as quickly as possible after an incident.

An incident is defined as an unexpected event that disrupts the normal operation of an IT service.

---

The scope includes several departments across the organization, but primarily focuses on Ops team that are supporting clients.

---

Input teams will include: Service Desk Cybersecurity vITM vCIO Centralized Services Professional Services

Roles will include:

1. Incident Manager or Process Owner - is responsible for the effecive implementation of the Incident Management processes and carries out corresponding reporting. Represents the first stage of escalation for Incidents should they not be resolved within the agreed Service Levels.
2. Intake or 1st Level Support - registers and classifies received Incidents and assigns to support team.
3. 2nd Level Support - takes over immediately if incident cannot be resolved by the 1st Level Support and is responsible for involving 3rd party support from a hardware or software vendor, as needed.
4. 3rd Level Support - typically an outside form of support from a vendor or system expert.
5. Major Incident Team or Swarm - dynamically established team of IT managers and technical experts, usually under the leadership of the Incident Manager, formed to concentrate on the resolution of a Major Incident.

---

There are 6 supporting subprocesses or procedures that are required to support the Incident Management process.

1. Incident Management Support - aimed to provide and maintain tools, processes, skills and rules for an effective and efficient handling of Incidents.
2. Incident Response Procedure which includes:
   • Incident Identification
   • Incident Logging
   • Incident Categorization
   • Incident Prioritization
   • Incident Response:
     • Initital Diagnosis
     • Incident Escalation
     • Investigation and Diagnosis
     • Incident Resolution and Recovery
     • Incident Closure
3. Pro-Active User Information - to inform users of service failures as soon as they are reported to the Service Desk. so that users are in a position to adjust themselves to the interruption. This helps to reduce the number of inquiries by users.
4. Incident Management Reporting - aims to supply any incident-related information to other Service or Ops processes to support improvement potentials derived from past incidents.
5. Major incident Management -

---

There are other processes that will provide inputs or outputs from this process. They include, but are not limited to:

1. Event Management - may raise an Incident when monitoring systems identify a condition that requires a response.
2. Problem Management - collects data during the Incident, is the process used for root cause analysis as well as CAPA procedures, but also gathers data that can be recorded as a workaround or known errors that will help to reduce resolution time.
3. Change Management - may be invoked in the event the Incident requires a change to a production environment to resolve the Incident.
4. Configuration Management - provides data used to identify incidents and link them to particular configuration items.

These process interfaces are not defined in this process but should be built out as relationships.

---

Swarm - a group of experts coming together for the purpose of solving a single incident or problem. Major Incident - an incident that could have significant, extensive, or expensive damage to a business such as a widespread outage, breach, or a ransomware attack. It could also be an event that requires multiple roles to contain and resolve.

1. Image of process map (TBD). Note: Please add KB relationships to core process, process, SOPs or other WIs on the right.