DS10 Incident/Problem Management

DS10: Incident & Problem Management

1. Description

A management system which records and progresses all incidents to ensure that problems and incidents are resolved, and the cause(s) investigated to prevent any recurrence.

2. Control Objectives

Problem Management System - ensure that all operational events which are not part of the standard operation (incidents, problems and errors) are recorded, analyzed and resolved in a timely manner. Incident and problem reports should be established in the case of significant issues,
Problem Escalation - ensure that identified problems are solved in the most efficient way on a timely basis. These procedures should ensure that these priorities are appropriately set,
Problem Tracking and Audit Trail - provide for adequate audit trail facilities which allow tracing from incident to underlying cause (e.g. package release or urgent change implementation) and back. It should closely interwork with change management, availability management and configuration management.
Emergency And Temporary Access Authorisations - Documented approach, security management
Emergency Processing Priorities - Management approval

3. Key Goal Indicators

A measured reduction of the impact of problems and incidents on IT resources
A measured reduction in the elapsed time from initial symptom report to problem resolution
A measured reduction in unresolved problems and incidents
A measured increase in the number of problems avoided through pre-emptive fixes
Reduced time lag between identification and escalation of high-risk problems and incidents

4. Key Performance Indicators

Elapsed time from initial symptom recognition to entry in the problem management system
Elapsed time between problem recording and resolution or escalation
Elapsed time between evaluation and application of vendor patches
Percent of reported problems with already known resolution approaches
Frequency of coordination meetings with change management and availability management personnel
Frequency of component problem analysis reporting
Reduced number of problems not controlled through formal problem management

5. Critical Success Factors

There is clear integration of problem management with availability and change management
Accessibility to configuration data, as well as the ability to keep track of problems for each configuration component, is provided
An accurate means of communicating problem incidents, symptoms, diagnosis and solutions to the proper support personnel is in place
Accurate means exist to communicate to users and IT the exceptional events and symptoms that need to be reported to problem management
Training is provided to support personnel in problem resolution techniques
Up-to-date roles and responsibilities charts are available to support incident management
There is vendor involvement during problem investigation and resolution
Post-facto analysis of problem handling procedures is applied

6. Service Maturity Variations

0 Non-existent	There is no awareness of the need for managing problems and incidents. The problem-solving process is informal and users and IT staff deal individually with problems on a case-by-case basis.
1 (Initial/Ad Hoc)	The organisation has recognised that there is a need to solve problems and evaluate incidents. Key knowledgeable individuals provide some assistance with problems relating to their area of expertise and responsibility. The information is not shared with others and solutions vary from one support person to another, resulting in additional problem creation and loss of productive time, while searching for answers. Management frequently changes the focus and direction of the operations and technical support staff.
2 (Repeatable but Intuitive)	There is a wide awareness of the need to manage IT related problems and incidents within both the business units and information services function. The resolution process has evolved to a point where a few key individuals are responsible for managing the problems and incidents occurring. Information is shared among staff; however, the process remains unstructured, informal and mostly reactive. The service level to the user community varies and is hampered by insufficient structured knowledge available to the problem solvers. Management reporting of incidents and analysis of problem creation is limited and informal.
3 (Defined Process)	The need for an effective problem management system is accepted and evidenced by budgets for the staffing, training and support of response teams. Problem solving, escalation and resolution processes have been standardised, but are not sophisticated. Nonetheless, users have received clear communications on where and how to report on problems and incidents. The recording and tracking of problems and their resolutions is fragmented within the response team, using the available tools without centralisation or analysis. Deviations from established norms or standards are likely to go undetected.
4 (Managed and Measurable)	The incident/problem management process is understood at all levels within the organisation. Responsibilities and ownership are clear and established. Methods and procedures are documented, communicated and measured for effectiveness. The majority of problems and incidents are identified, recorded, reported and analysed for continuous improvement and are reported to stakeholders. Knowledge and expertise are cultivated, maintained and developed to higher levels as the function is viewed as an asset and major contributor to the achievement of IT objectives. The incident response capability is tested periodically. Problem and incident management is well integrated with interrelated processes, such as change, availability and configuration management, and assists customers in managing data, facilities and operations.
5 Optimized	The incident/problem management process has evolved into a forward-looking and proactive one, contributing to the IT objectives. Problems are anticipated and may even be prevented. Knowledge is maintained, through regular contacts with vendors and experts, regarding patterns of past and future problems and incidents. The recording, reporting and analysis of problems and resolutions is automated and fully integrated with configuration data management. Most systems have been equipped with automatic detection and warning mechanism, which are continuously tracked and evaluated.