Keep up-to-date with ITIL news. Low volume to-the-point bulletins...
Service Desk Incident Management
This is probably the most common ITIL discipline utilised throughout Organisations regardless of the level of ITIL maturity.  The goal of ITIL Incident Management is to restore normal Service Operation as quickly as possible with minimum disruption to the business, thus ensuring that the best achievable levels of availability and service are maintained.
Having stated the goal of Incident Management, what is the purpose of implementing it in a formal and consistent manner when many Organisations 'do it' anyway?
  • It ensures that the resources utilised to support the business are fully optimised, not only IT and business staff resources but also technological resources, for example the supporting infrastructure (servers, networks etc.)
  • Developing and maintaining meaningful records relating to Incidents.  This forms the basis of Management Information or MI.  Without having this information it is impossible for IT and the business to make informed decisions relating to the existing or even future service provision.
What is an Incident?  An Incident is any event which is not part of the standard operation of a service and which causes, or may cause, an interruption to, or a reduction in the quality of that service.
The key responsibilities of ITIL Incident Management are broken down as follows: 
  • Incident detection and recording
  • Classification of all Incidents and initial support
  • Investigation and diagnosis
  • Resolution and recovery
  • Incident closure 
Throughout the lifecycle of an Incident, Incident Management is responsible for the ownership, monitoring, tracking and communication of Incidents.  This will happen continuously at any of the above stages. 
As with all of the ITIL disciplines none of them are stand alone, they inter-link with each other and Incident Management is no exception.  The ITIL Service Desk will usually play the key role within the Incident Management process.  They are typically the single point of contact, recording and monitoring the progress of Incidents as well retaining ownership of them throughout their lifecycle.
There is also a close link with ITIL Problem Management.  Where the root cause of an Incident is unknown a Problem record will be raised if further investigation is required.  Where the root cause is known, the Problem becomes a Known Error and will often require a request for change (RFC) to be raised to rectify the issue, via ITIL Change Management.  The Incident, Problem and Change lifecycle is a logical flow from error to resolution.
Within the Incident Management process, Major Incidents can occur.  Major Incidents are when the impact on the User community is extreme, for example a complete loss of service on the network or business critical system(s)/service(s) are unavailable.  Once a Major Incident has been diagnosed ITIL Problem Management typically step in and take over the running of the Major Incident leaving the Service Desk 'free' to record actions and keep the User community informed of progress.
The business benefits of itil Incident Management are as follows:
  • Timely resolution of Incidents, reducing business impact and increasing effectiveness
  • Proactive identification of beneficial system enhancements / amendments
  • Business focussed Management Information related to Service Level Agreements (SLAs)
The IT related benefits of Incident Management are: 
  • Improved monitoring and measurement of performance against SLAs
  • Enhanced Management Information regarding service quality
  • Improved staff utilisation / increased efficiency
  • Lost / incorrect Incidents / service requests eradicated
  • Improvements in accuracy of the ITIL Configuration Management Database (CMDB).  This can be audited by the Service Desk as Incidents are recorded
  • Increased User / Customer satisfaction
Potential Problems
The potential problems of implementing ITIL Incident Management are:
  • Lack of visible management / staff commitment and no implementation resources
  • Unclear business needs / requirements
  • Working practices not reviewed and changed
  • Poorly defined service objectives goals and responsibilities
  • No provision of agreed customer service levels
  • Lack of knowledge for resolving Incidents
  • Inadequate staff training
  • Lack of integration with other processes
  • Lack of tools and budget to automate the process
  • Overall resistance to change
The main costs of Incident Management are: 
  • Setting up the function
  • Staff, training and accommodation
  • Tools including an integrated ITIL Service Management toolset and additional reporting packages.
  • Regular audits and reviews and associated improvement projects
Failing to implement Incident Management may result in the following: 
  • No management / escalation of Incidents, with potential impact on IT service quality increased
  • Specialist support staff working with direct interruption from Customers, consequently making the support staff less effective both in cost and productivity
  • Business staff being disrupted as colleagues seek their advice
  • Incidents frequently re-assessed from first principle rather than reference to existing solutions or knowledge base
  • Lack of co-ordinated Management Information
  • Lost / incorrectly / badly managed Incidents




2007-07-31 by "Ebrahim.Marzoughi"

Would be appreciated if there are links to some related case studies

2014-06-10 by "jhster65"

We are just planning a big reorganisation and moving to an ECC style 24x7 working pattern, my question is the "Incident management" team are going to be moved and now managed by the same manager as the shift including monitoring staff and 1st line support staff. I just wondered if there was a question for audit regarding a possible cover up of an incident or a hush hush of an incident as all the persons involved are reporting to the same line manager one who is doing their appraisals etc?
Reply on 2014-06-13
Many thanks for your question.

It is not necessarily an ITIL question.

If you work in the Financial Services industry I suspect there maybe an outside chance of some guidance.

Incident logging does come down to an element of trust but over time failure to log incidents often come to light.

2016-09-26 by "ptvarun"

Thanks for writing such a good article on Incident Management

It was really a great helpl for me.
There is 1 comment awaiting publication.

Please submit any comments you have about this article.

Your feedback will help add value to the content for other visitors and help us develop the content for the benefit of all.

You will need to provide and verify your e-mail address but your personal information will not be published or passed on to others. To identify each post we take the part of your email address before the @ sign and use that as the identifier, so if you are your post will be marked "by john.smith".

NB: We respond personally to every post, if it calls for it.

If you prefer to respond without posting your comment please use our contact form.

Click the REVIEW button below to preview your comments.

Tags; Incident Management, ITIL maturity, ITIL Incident Management, Management Information, Incident detection, ITIL disciplines, ITIL Service Desk, Incident Management process, ITIL Problem Management, ITIL Configuration Management Database
This article has been viewed 42574 times.
NB: This page is © Copyright and / or the relevant publishing author. You may copy this article only in it's entirety, including any author bio and / or credits, and you must link back to

Keeping up-to-date with ITIL...

Keep up-to-date with ITIL news. Low volume to-the-point bulletins...