The 5 stages of effective IT incident Detection and Assigning 

Ideally, monitoring and alerting tools will detect and alert your IT teams about an incident before your customers even notice. Though sometimes you'll first learn about an incident from customer support cases. For successful early incident detection, you must not only have a holistic view into the health of your IT infrastructure by implementing different monitoring tools to appropriately monitor disparate and new systems, you can gain full-stack observability. 

No matter how the incident is detected, your first step as a Major IT Incident Manager is to record a new incident with appropriate details about the Incidents. Not all incidents are created equal. The impacts and severity of a system outage affecting 10% of your users are different from an outage impacting 90%. 

While the process of incident detection can grow to be quite complex, you can break down the stages into these seven main categories:

Stages of Incident Detection and Creation

Identification:

The first and most obvious step is identifying the problem. Identifying the problem isn’t just about finding the breach, though. Following are the set of questions Incident Manager had to ask 

• What is the impact on customers (internal or external)?
• What are customers seeing?
• How many customers are affected (some, all)?
• When did it start?
• How many support cases have customers opened?
• Are there other factors, e.g. Twitter, security, or data loss?

Logging :

The next step is logging and tracking the problem to make sure each issue and contingency is being documented as it happens. Tracking is vital to ensure that the same breaches don’t happen more than once, and that teams can learn from past weaknesses and/or errors. 

Categorization :

Classifying the breach or incident into categories helps to show trends over time, which exposes recurring issues and vulnerabilities. Categorization stage should map the problem to a specific business service or if it's an IT Service that's even better. 

Prioritization :

Prioritizing defines how fast a responder should react to the incident. Prioritizing the more important issues to address can be done in a number of different ways. Oftentimes, it’s done by determining how many users are affected by a particular incident. However, sometimes the loss or interruption of just a small number of users can be highly impactful. So it’s important to create an internal procedure for the Incident priority matrix  that best suits your organization. 

An ITIL incident management priority matrix provides critical baseline information and hierarchical guide that defines the potential impact to your IT environment, along with the ranked measurement of urgency for considering prioritization.  By following ITIL urgency impact priority recommendations, your organization will be better prepared to effectively respond and resolve incidents.

Severity : 

Incident severity levels are a measurement of the impact an incident has on the business. Typically, the lower the severity number, the more impactful the incident. Severity levels can also help build guidelines for response expectations. Using a numbering system for severity levels helps quickly define and communicate the incident. Following are some of the example on how to assign severity 

Severity 1

Description: A critical incident with very high impact 

• A customer-facing service is for all users
• Confidentiality or privacy is breached
• Customer data loss

Severity 2

A major incident with significant impact 

• A customer-facing service is unavailable for some, but not all, customers
• Core functionality is significantly impacted

Severity 3

A minor incident with low impact 

• A minor inconvenience to customers, workaround available
• Usable performance degradation

Assignment :

Finally you need to assign the Incident to the right team. If you have an effective incident response plan in place, various teams and responsibilities should be clearly laid out. That means when something does happen, you’re able to swiftly assign Incidents to people in key roles, and they’ll be prepared to handle them. Automating the Incident response is used to address potential and active breaches quickly, efficiently and effectively. 

Learn more about Zapoj IT Event Management  and the incident response, which encompasses everything from Detect, to resolve – to learning and prevention to support developers as they move towards owning their code in production.