What is Incident Management in ITIL?

What is Incident Management in ITIL

An incident is basically an unplanned occurrence which disrupts an IT service or results in a reduction of its quality. When an incident occurs, the main goal of the management is to get the service restored to a normal level of operation as soon as possible. Even if the failure of a particular service or configuration has not yet affected the normal operation of the company, it is still classified as an incident. If a similar incident or related incidents occur multiple times, then a record of the problem should be created.

Since many types of incidents can occur and it is not possible to solve all of them simultaneously, they should be ranked on a priority basis. This is in the order of high, medium or low priority, which is assigned on the basis of the impact caused by the interruption or its urgency. A problem which ranks high on both impact and urgency basis is given a higher priority as it can affect the functioning of the company.

Purpose of Incident Management in ITIL

The main purpose of incident management in ITIL is to restore normal service operation as fast as possible and to minimize the adverse impact of the interruption on the operations of the business. Normal service operation refers to an optimal level where the services are performing within the agreed operational levels.

Objective of Incident Management in ITIL

The objectives of incident management in ITIL are

  • The incidents which occur should be promptly responded, analyzed and documented using standardized methods.

  • The visibility of incidents should be increased to the IT support staff.

  • User satisfaction should be maintained by providing quality IT services.

  • A professional approach should be used to communicate and resolve incidents quickly, thereby improving its business perception.

  • The management of the incidents should be aligned with the priorities of the particular business.

Scope of Incident Management in ITIL

Incident management can include any event which causes an interruption or disruption of services in the company. This can be anything from power failures, server crashes, software bugs and hardware damage. All these come under the purview of incident management and can be resolved in a systematic matter by assigning priorities.

Procedure of Incident Management in ITIL

The following procedure is followed in incident management

Procedure of Incident Management

  • The problem is initially detected, and its characteristics are recorded.

  • The problem is classified according to its type, and initial support is provided.

  • An investigation is launched into the cause of the problem and the data obtained is analyzed.

  • The problem is then resolved using the data obtained during the investigation, and the solution is recorded for future reference.

  • The incident is officially closed once the problem is solved and the system is restored to its initial or normal working condition.

  • A line of communication is maintained to ensure that the problem does not crop up again. The system is periodically tracked to check for possibilities of future interruption. A line of communication is also maintained to keep track of the system.

  • A framework is established for reference to be used while resolving similar incidents in the future.

  • The incident framework is evaluated to ensure that it is the most efficient way to resolve the interruption.

Major Incident of Incident Management

The incidents which have an extremely high degree of impact on the functioning of the organization are classified as major incidents. Incidents which cause disruptions for an excessive timescale, even for a small number of users come under this category. It is advised to have a separate set of procedures laid down to handle major incidents, as they have greater urgency and the response time must be a minimum.

Adequate personnel play a major role in responding adequately to a major incident. A company must appoint an in-house expert in the particular domain to act as the Major Incident Manager to tackle such crises.

A major incident team should be formed, comprising of people experienced in solving incidents, so that adequate manpower is available to tackle all the issues and solve the problem.

Incident Report of Incident Management

Once the IT support teams have resolved the incident, a detailed report must be prepared to serve as a reference for to tackle future incidents and to ensure similar incidents do not happen again. This is done with a root cause analysis (RCA), where the problem is examined from its roots, to ensure that irregularities don’t sprout from the same point again. It is recommended that an incident report consists of the following items.

  • A brief description regarding what exactly happened during the incident.

  • The exact duration for which the systems or business was down should be noted.

  • The Service Level Agreement should be reviewed to bring the service back to agreed-upon optimal levels.

  • A short description of the history of the incident

  • A detailed description of how the incident was resolved

  • The root cause of the incident

  • Conclusive statements detailing the steps to be implemented to prevent such incidents from occurring again.

Examples of Incidents of Incident Management

Some of the common types of incidents which can occur are classified as follows.


  • If a particular service is unavailable, then it constitutes an application error and needs to be rectified by the relevant team.

  • Unavailability of data and data corruption can affect the smooth function of an organization.

  • A bug in the software used by the computer or on the website in an online company can cause major loss of revenue and divert potential customer streams.


  • A company’s server is responsible for hosting all their digital content. In the event of a server crash, if the problem is not rectified immediately, it can bring the working of the entire company to a standstill.

  • Issues with the internet can disrupt video conferencing, email and other online activities which could be core to the company’s functionality.

  • Failure of computer systems can cause loss of productivity within the particular department of the company. In the event of such an occurrence, a backup system must be available to ensure that the work is not interrupted.

Incident management thus succeeds in promptly responding, analyzing and documenting incidents, while ensuring user satisfaction is maintained by the provision of quality IT services. By using a professional approach, it communicates and resolves incidents quickly, thereby improving business perception.

Subscribe to receive awesome resources, offers, and updates straight to your inbox

Success! Thank You for Your Subscription.

Stay Connected

Subscribe to Our Newsletter

Success! Thank You for Your Subscription.

Related webinars

7 Steps to ITIL Continual Service Improvement

IT Service Management