Incident Functional Component

id EAID 4223BA8C 64F5 42bd A13E 313CCD1CA3D1
Figure 1. Incident Functional Component Model


The Incident functional component facilitates normal service operations restoration as quickly as possible and minimizes the impact on business operations, thus optimizing service quality and availability. Service restoration can be facilitated through the following means:

  • In partnership with the Monitoring functional component, filter end-user Interactions and determine which ones should be associated with Incidents

  • Detect Incidents, investigate the impacts across all domains (server, network, security, etc.), and determine the correct action to take

  • Initiate Change and/or remediation activity for some categories of Incidents

An Incident is defined as an unplanned interruption to a service or a reduction in the quality of a service as defined within the Service Contract related to the Actual Product Instance and underlying systems. Failure of a CI that has not yet affected a service is also an Incident; for example, failure of one disk from a mirror set.

The Incident functional component supports the value streams:

Functional Criteria

The Incident functional component:

  • Shall be the system of record for all Incidents

  • Shall manage the state escalation paths and general lifecycle of the Incident

  • Shall allow an Incident to be initiated from an Event

  • Shall create an Incident when an Interaction cannot be associated with an existing Incident because it requires additional clarification, diagnostics, or support actions

  • Shall create a Problem record when the Incident is severe, requires further deep investigation, or is repeating

  • May trigger the execution of a Runbook (either automated or manual) to provide diagnostics information or remediation steps

  • May trigger the creation of an emergency Change in order to implement a fix to the Incident

  • May provide business measurements of Incident data to the Service Level functional component

  • May receive knowledge from the Knowledge functional component to help diagnose or resolve an Incident