Service Operation in Event Management Incident Management Request ITIL – ITIL Course

Service Operation

Event Management Incident Management Request

Event Management
Event Management is an important processin Service Operation lifecycle because it detects, records and updates past and currentevents for future reference.
Event is defined as any detectable  or discernable  occurrence  thathas significance for  the  management  of  the  IT  infrastructure  or  the  delivery  of  IT  service  and evaluation of the impact a deviation might cause to the services may be considered an event.
Purpose and Objectives
The purpose of Event Management  is to enable stability in IT services delivery and supportby monitoring all events that occur throughout the IT infrastructure,  to allow for “normal” Service Operation and to detect and escalate exceptions.
The objectives  of Event  Management  areto detect  Events,  understand  them  and determine appropriate control actions.
If  events  are  programmed   to  communicate   operational   information   as  well  as warnings and exceptions, they may be used as a basis for automating many routine Operations Management activities.
Event  Management  also  plays  a  role  in  understanding  actual  performance  and behavior against design standards and Service Level Agreements (SLAs).

Event Management can be applied to any aspect of service management that needs to be controlled and which can be automated.
This include:
•   Configuration items (CIs)
Some CIs will be included because they need to stay in a constant state
•   Environmental conditions
•   Software licence monitoring
Software   licence  monitoring   for  usage  to  ensure  optimum/legal   licence utilization and allocation
•    Security
•   Normal activity
It is not common  for an organization  to appoint  an Event Manager.  However,  the Event Managementmust ensure procedures are coordinated within the Service Operation functions.
Roles of Service Operation functions
The following Service Operation functions can play a role in the Event Management process
•              Service Desk: Investigate  events and ensureappropriate  action is taken for those who require attention.
•   Technical and Applications Management:
ƒ    Classify Events during Service Design
ƒ    Test the Service during Service Transition
ƒ    Analyze Events during Service Operation
•   IT  Operations  Management:  Event  Monitoring  (often  in  the  IT  Operations
Bridge) and firstline response for Events.

Incident Management
The Incident Management process restores disrupted services as quicklyas possible. Incident Management deals with all Incidentsincluding failures, questions or queries by the users, technical staff or by Event monitoring tools.
Purposes and Objectives
Incident management aims to manage all reported Incidents. The purposes of Incident Management are to:
•   Restore normal Service Operation as quicklyas possible
•   Minimize the adverse impact on business operations
•   Ensure servicequality and availability are maintained
The objectives of Incident Management are to:
•              Ensure that standardized methodsand procedures are used for efficient and prompt   response,   analysis,   documentation,   ongoing   management   and reporting of incidents
•              Increase visibilityand communication of incidents to business and IT support staff
•              Enhance business perception of IT through use of a professional approach in quickly resolving and communicating incidents when they occur
•   Align incident management activities and priorities with those of the business
•   Maintain user satisfaction with the quality of IT services.

The scope of IncidentManagement includes the following:
•              Incident  Management   includes  all  incidents  and  any  Event  which  could disrupt a service.
•              Incident  Management  also  involves  Incidents  that  are  reports  by  users, technical staff and monitoring tools.
There  are  some  basic  concepts  in  Incident  Managemen that  is  important  in understanding this ITIL® process:
•              Timeframes  must be agreedfor all Incident handling stages and capturedas targets within OLAs and UCs. All support group must know these timeframe and Service Management tools should be automatedaccordingly.
•              Incident  Models  is a way of predefining  the steps  thatshould  be taken  to handle  a process  in an agreed  upon  way.  This  will ensure  that  standard’ Incidents are handled in pre-defined way and within pre-defined timeframes. An Incident Model includes the following:
ƒ    Steps taken to handle the Incident
ƒ    Chronological order
ƒ    Responsibilities timeframes
ƒ    Escalation procedures
•              Major  Incidents  are  incidents  with  high  potential  business  impact,  high urgency  and  causes  that  are  known  but  with  no  existing  work-around available. For Major Incidents, a separate procedure with shorter timeframes and greater urgency must be used.

Process Activities
Process activities conducted in Incident Management are:
•              Identification: Work cannot begin on dealing with an incidentuntil it is known that an incident has occurred or is going to occur, Identification  is therefore the first step.
•   Logging: Incidents are to be logged, dated and stamped
•              Categorization:  Assigning  a category  forlater reporting  and for determining appropriate solution groups.
•   Prioritization: Determined by impact and urgency
•              Initial  Diagnoses:  The  Service  Desk  carries  out  initial  diagnosis  to  try  to discover the full symptomsof the incident and to determine exactly what has gone  wrong  and  how  to  correct  it.  Diagnostic  scripts  and  known  error information can be most valuable in allowing earlier and accurate diagnosis. If possible  the  incident  will  be  resolved  in  this  phase,  and  closed  if  the resolution is successful.
•              Investigation  and  Diagnoses:  Investigate  and  diagnose  Incidents.  This  is either performed  by the Service Desk, or (through  functional  escalation)  by
2nd or 3rd line.
•              Resolution and Recovery: Resolution has been identified and tested, recovery is complete, service restored and Incidentrecorded and updated.
•              Closure:  Performed  by the  Service  Desk,  to check  that  Incidents  are  fully resolved and to ensure users are satisfied and agree to close the Incident.
There  are  certain  questions  that  need  to  be  answered  when  performing  certain activities. These questions will determine the subsequent activity required.

It is important to know the correct terms in prioritization  so that an Incident can be dealt with accordingly:
•              Priority: The priority is based on a combination of impact and urgency. This is often captured in a priority table.
•              Impact: Determined  by the effect upon the activities of the business. This is often measured in terms of the amountof users affected. Impact is not about the  technical  complexity  of  resolution.  When  determining  impact,  Service Desk staff should take into consideration:
ƒ    Risk to life or limb
ƒ    The number of services affected
ƒ    The level of financial losses
ƒ    Effect upon business reputation
ƒ    Regulatory or legislative breaches
•   Urgency:  Determined  by  how  quickly  the  Incident  needs  to  be  resolved.
Related to how critical the service is for the business processes.
Escalation takes place when the person handling the incident lacks the knowledge, expertise or authority to solve the Incident.
There are two types of escalation:
•              Functional Escalation: Also called horizontal escalation and takes place due to lack of knowledge and expertise.
•              Hierarchical Escalation: Also called vertical escalation and occurs when major Incidents  are  reported  or  when  the  Incident  cannot  be  resolved  within  an agreed timescale and possibly breach Service Level Agreements (SLAs).
The Service  Deskmust ensure  that SLA resolution  times are not exceeded  when dealing with Incidents. They are responsible for tracking and tracing the incidents.
Escalation never turns an Incidentinto a Problem, although it may result in ownership of an Incident passing to the Problem Manager for administrative reasons and/or the identification of an associated Problem.

Examples of interfaces with incident management  are listed belowfor each service lifecycle stage.
Service Design
•   Service Level Management
The ability to resolve incidents in a specified time is a key part of delivering an agreed level of service.
Incident  management   enables  SLM  to  define  measurabl responses   to service disruptions. It also provides reportsthat enable SLM to review SLAs objectively and regularly. In particular, incident management is able to assist in  defining  where  services  are  at  their  weakest,  so  that  SLM  can  define actions as part of the service improvement plan (SIP).
SLM   defines   the   acceptable   levels   of   service   within   which   incident management works, including:
ƒ    Incident response times
ƒ    Impact definitions
ƒ    Target fix times
ƒ    Service definitions, which are mapped to users
ƒ    Rules for requesting services
ƒ    Expectations for providing feedback to users.
•   Capacity Management
Incident  management  provides  a trigger  for performance  monitoring  where there  appears  to  be  a  performance  problem.  Capacity  management  may develop workarounds for incidents.
•   Availability Management
Availability management will use incident management data to determine the availability of IT services and look at where the incident lifecycle can be improved.
Service Transition
 Service Asset and Configuration Management
This process provides the data used to identify and progress incidents. One of the  uses  of the  CMS  is to identify  faulty  equipment  and  to assess  the impact  of  an  incident.  The  CMS  also  contains  information  about  which categories  of incident  should  be assigned  to which  support  group.  In turn, incident management can maintain the status of faulty CIs. It can also assist service asset and configuration management to audit the infrastructure when working to resolve an incident.
•   Change management
Where a change is required to implement a workaround or resolution, this will need to be logged as an RFC and progressed through changemanagement. In turn, incident managementis able to detect and resolve incidents that arise from failed changes.
Service Operation
 Problem Management
For some incidents, it willbe appropriate to involve problem management to investigate and resolve the underlying cause to prevent or reduce the impact of  recurrence.   Incident  management   provi< span style="letter-spacing: -.05pt;">des  a  point  where  these  are reported. Problem management, in return, can provide known errors for faster incident resolution through workarounds that can be used to restore service.
•   Access Management
Incidents should be raised when unauthorized  access attempts and security breaches   hav been   detected.   A  history   of  incidents   shoul also   be maintained to support forensic investigation activities and resolution of access breaches.
The Incident Managershould prepare reports that can assist to judge the efficiency and effectiveness of the Incident ManagementProcess.
Key Performance Indicators (KPIs):
•   Percentage of Incidents handled within a timescale
•   Percentage of Incidents assigned correctly
•   Percentage of Incidents resolvedby the Service Desk
•   Number of Incidents processed per agent
Challenges in IncidentManagement are:
•   Detect Incidents as early as possible
•   Convince all staff to log all Incidents
•   Have a good understanding of SLAs

Roles in Incident Management are:
•              Incident   Manager:   Responsible   for   producing,   managing,   maintaining, monitoring and developing IncidentManagement processand systems
•              Service Desk: Tasks undertaken by the Service Desk includes the handling of firstline Incidents and act as the SPOC (Single Point of Contact) for IT users on a daily basis. The Service Desk must also manage communications  with end-users.
•   2nd, 3rd, nth  lines: Consists  of specialists  who handleescalated  Incidents  or
Incidents that involve third parties.

< br />ITIL, ITIL Foundation Course, ITIL V3, ITIL Course, ITIL – Course, online itil, itil certification, online material for itil course