Planning → Detection → Reporting & Communication → Triage → Analysis → Containment & Neutralization → Close / Problem Management
PlanningPlanning to manage future incidents. For example, creating a knowledge artifact that explains how to resolve common and recurring incidents.
DetectionDetecting an incident typically including automated testing and communication channels that allow stakeholders such as customers to report problems.
Reporting & CommunicationReporting and communicating incident information to stakeholders. For example, keeping a customer updated regarding an incident they reported or that impacts them.
TriageTriage is the process of assigning a priority to incidents to determine how to direct resources. This often involves estimates of severity and impact.
AnalysisIncident analysis resembles troubleshooting whereby you seek out the source of problems and list possible solutions.
Containment & NeutralizationWorking to contain and neutralize the incident. For example, a food processing facility that shuts down a production line to contain a quality problem that then neutralizes the problem by replacing a malfunctioning machine with a workaround manual process.
Close / Problem ManagementClosing the incident and potentially opening a problem management ticket to investigate root cause. For example, a problem management ticket that reports a malfunctioning machine that has caused an incident.
OtherThe incident management process potentially includes several subprocesses as follows.
|Audit Trail||The process of capturing information about the incident and the incident management process.|
|Escalation||Escalating incidents to management, other departments or stakeholders.|
|Review||Reviewing the incident and liaison with other processes such as quality assurance.|