IRP

Incident management approach

Incident criteria

Define criteria for determining what an incident is.

Define categories for incidents and criteria for determining which categories an incident belongs to.

Describe how responsibility for processing incidents is assigned and transferred.

Identify one or more mechanisms that customers and end users can use to report incidents.

Define methods and acquire tools to use for incident management.

Describe how to notify all relevant customers and end users who may be affected by a reported incident.

Define criteria for determining severity and priority levels and categories of actions and responses to be taken based on severity and priority levels.

Identify requirements on the amount of time defined for the resolution of incidents in the service agreement.

Document criteria that define when an incident should be closed.

An incident management system with controlled work products

Access control procedures for the incident management system

Ensure that the incident management system allows the escalation and transfer of incidents among groups.

Ensure that the incident management system allows the storage, update, retrieval, and reporting of incident information that is useful to the resolution and prevention of incidents.

Maintain the integrity of the incident management system and its contents.

Maintain the incident management system as necessary.

Incident management record

Identify incidents that are in scope.

Record information about the incident.

Categorize the incident.

Major incident report

Incident assignment report

Analyze incident data.

Determine which group is best suited to take action to address the incident.

Determine actions that should be taken to address the incident.

Plan the actions to be taken.

Updated incident management record

Address the incident using the best course of action.

Manage the actions until the impact of the incident is at an acceptable level.

Record the actions and result.

Review actions taken that resulted in service system changes to determine if further actions are needed to ensure traceability to requirements.

Closed incident management records

Document actions and monitor and track the incidents until they meet the terms of the service agreement and satisfy the incident submitter as appropriate.

Escalate incidents as necessary.

Review the resolution and confirm the results with relevant stakeholders.

Close incidents that meet the criteria for closure.

Records of communication with customers and end users

Status reports

None

Report of underlying causes of incidents

Documented causal analysis activities

Identify underlying causes of incidents.

Record information about the underlying causes of an incident or group of incidents.

Conduct causal analysis with the people who are responsible for performing related tasks.

Determine the best overall approach for dealing with selected incidents in the future.

Reusable solution description and instructions

Contribution to collection of workarounds for incidents

Workaround verification results

Determine which group is best suited to establish and maintain a reusable solution.

Plan and document the reusable solution.

Verify and validate the reusable solution to ensure that it effectively addresses the incident.

Communicate the reusable solution to relevant stakeholders.

Action proposal

Contribution to collection of known approaches to addressing underlying causes of incidents

Updated incident management record

Determine which group is best suited to address the underlying cause.

Determine the actions to be taken to address the underlying cause.

Document the actions to be taken in an action proposal.

Verify and validate the action proposal to ensure that it effectively addresses the underlying cause.

Communicate the action proposal to relevant stakeholders.

Address the underlying cause by implementing the action proposal that resulted from the analysis of the incidents’ underlying causes.

Manage the actions until the underlying cause is addressed.

Record the actions and result.