ITIL Incident Management: 7 Terms You Need to Know (2022)

6 min. read

No IT service provider worth its salt will operate without an incident management process. The incident management process is part of the ITIL Service Operation stage of the ITIL lifecycle. Online ITIL Trainingdefines seven key terms that are used in the incident management process. All IT service ownersand service managers should know these terms. ITIL certification exam usually assesses the knowledge about how these seven terms are used in the incident management process. Here are the seven incident management terms that you need to know.

Incident Management Term 1: Incident

In incident management, an incident is an unplanned interruption to an IT Service or reduction in the quality of an IT Service. Failure of a service, service degradation, failure of a server etc. are all incidents. These incidents all affect the service delivery to the customer or business. Note that, in incident management, not only failures but also decreases in the service levels are reported as incidents. For instance, if it is expected of a service to respond in one hundred milliseconds, but the service is returning the results after one hundred and fifty milliseconds, this is not a failure. But the service is not meeting the agreed service levels, therefore, this is an incident.

In incident management, failure of a configuration item that has not yet affected service is also an incident. Active-active working databases in IT service providers help to serve the customers even if one of the databases is down; because the other replicate of the database will be serving. However, although this won’t affect the service delivery to the customer, this is an incident as well because one of the databases of this configuration is down.

Incident Management Term 2: Service Request

In incident management, a service request is a request from a user for information or advice or for a standard change or for access to an IT Service. For instance, to reset a password or to provide standard IT Services for a new user are examples of service requests. These are standard changes from ITIL service management point of view. According to the incident management process, service requests are usually handled by a Service Desk and do not require a request for a change to be submitted. Resetting a password of a user, providing installed PC applications for a new employee etc. are all service requests which are standard. These kinds of requests are handled by the Service Desk without further escalation to the other teams. Incidents or problems that cannot be solved by the service desk are escalated further as stipulated by the incident management process.

(Video) Incident Management | ITIL V3 Foundation | ITIL Basics | Simplilearn

Incident Management Term 3: Time Period

In incident management, a time period is a period of time that must be agreed on for all phases of incident management and the time period depends on the priority of the incident. For instance, an IT Service Provider and the customer can agree that the priority one incidents must be fixed in less than four hours, priority two incidents must be fixed in less than twelve hours and priority three incidents must be fixed in less than seventy-two hours. These kinds of time periods for the incidents and priority levels are negotiated and agreed between the IT service provider and the business. And these time periods directly affect the customer experience whenever an incident happens in a live environment.

ITIL Incident Management: 7 Terms You Need to Know (1)

A time period is based on the general response time and resolution rate (targets) of SLAs and incorporates the OLAs and contracts. Possible incidents that can occur in service operation and possible times to fix these incidents are evaluated by the IT Service provider and negotiated with the business. Then, these are written down in SLAs and OLAs in addition to respective penalties in case of not meeting these time periods.

The respective period of time is integrated into service management tools and is used for escalation in incident management. For instance, if an incident might travel between the different departments of the IT service provider, this must be integrated into service management tools. Whenever the incident will be escalated to another department, this must be progressed in the tool.

Incident Management Term 4: Impact

In incident management, the impact is a measure of the effect of an incident, problem or change on business processes. For instance, if one of the application servers will be down, one hundred thousand users will not be using the finance news service. Or, if database one hundred thirty-two fails, customers in the San Francisco region will not be able to withdraw money until it is fixed. These are examples of the impacts of incidents in incident management.

(Video) IT Incident Management vs. Problem Management - ITIL4

The impact is often based on how Service Levels will be affected. For instance, if it is expected that a customer will be able to withdraw the money in ten seconds, and due to an incident, the impact might be that the customer will only be able to withdraw money in twelve seconds. This incident’s impact is exceeding the money withdrawal service level of the IT Service Provider in this case.

Incident Management Term 5: Urgency

In incident management, the urgency is a measure of how long it will be, until an incident, problem or change has a significant impact on the business. For example, a high impact incident may have low urgency, if the impact will not affect the business until the end of the financial year. Let’s consider that a service updates the annual data of the customer and sends a report in the first week of the new year. If this service runs and generates output in last week of the year, and if there is an incident found in this service in June, this will not have an impact on the service till the end of the year. Therefore, it will have low urgency.

Impact and urgency are used to assign priority. A high impact incident might not be that urgent if it is not affecting the service delivery, while a low impact incident that causes service quality decreases may be more urgent. Priority can be found by multiplying the impact score with the urgency score. The impact and urgency score of an incident can be assigned on a one-to-ten scale for example. And based on the results, priorities of the incidents can be determined.

Incident Management Term 6: Priority

In incident management, priority is a category used to identify the relative importance of an incident, problem or change. And as we’ve defined already, the impact and urgency of an incident are used to determine the priority of an incident. And priority is used to identify the required times for actions to be taken. For instance, a Service Level Agreementbetween the IT service provider and the customer may declare that:

  • Priority 1 incidents must be resolved within 6 hours
  • Priority 2 incidents must be resolved within 48 hours
  • Priority 3 incidents must be resolved within 72 hours.

These priorities are assigned as part of the incident management process and are handled according to their priority status and agreed action time periods.

(Video) IT Incident management 101

ITIL Incident Management: 7 Terms You Need to Know (2)

Incident Management Term 7: Major Incident

In incident management, a major incident is the highest category of impact for an incident and generally, a major incident results in significant disruption of the business. For instance, an incident in a bank which causes money transfers to stop and an incident in a telecom operator causing subscribers to be unable to make voice calls are examples of major incidents. These are fundamental functionalities of a bank and telecom operator that the customers want to use. In incident management definitions, incidents affecting fundamental functionalities are major incidents.

ITIL Incident Management

Review by: Connor Carter

5 / 5 stars

(Video) Incident Management Interview Questions


What is ITIL Major incident management? ›

What Is Major Incident Management? The goal of the overall Incident Management process is to effectively manage the lifecycle of all incidents and to restore IT services for users or customers as quickly as possible when an interruption takes place.

What are the 5 stages of the incident management process? ›

6 Steps to Incident Management
  • Incident Detection. You need to be able to detect an incident even before the customer spots it. ...
  • Prioritization and Support. ...
  • Investigation and Diagnosis. ...
  • Resolution. ...
  • Incident Closure.

What are 3 types of incidents? ›

3 Types of Incidents You Must Be Prepared to Deal With
  • Major Incidents. Large-scale incidents may not come up too often, but when they do hit, organizations need to be prepared to deal with them quickly and efficiently. ...
  • Repetitive Incidents. ...
  • Complex Incidents.
16 Dec 2015

What is P1 and P2 incidents? ›

Depending on the impact and urgency, a major incident will be categorized as a P1 or P2. Incident Coordinators utilize a priority matrix to determine the appropriate impact and urgency. All P1 tickets are considered major incidents. P2 tickets are considered major if the impact is "multiple groups" or "campus."

What are the 6 stages in the incident management life cycle? ›

Incident Response Phases. Incident response is typically broken down into six phases; preparation, identification, containment, eradication, recovery and lessons learned.

What are KPIs in incident management? ›

KPIs (Key Performance Indicators) are metrics that help businesses determine whether they're meeting specific goals. For incident management, these metrics could be number of incidents, average time to resolve, or average time between incidents.

How do you classify incidents in ITIL? ›

According to ITIL, the goal of Incident classification and Initial support is to:
  1. Specify the service with which the Incident is related.
  2. Associate the incident with a Service Level Agreement (SLA )
  3. Identify the priority based upon the business impact.
  4. Define what questions should be asked or information checked.

What is an incident ITIL 4? ›

In ITIL, we define an incident as unplanned interruption to a service or reduction in the quality of a service. Each incident should be logged and managed to ensure that it is resolved in a time that meets the expectations of the customer and user.

What is ITIL v4 framework? ›

ITIL 4 provides a digital operating model that enables organizations to co-create effective value from their IT-supported products and services. ITIL 4 builds on ITIL's decades of progress, evolving established ITSM practices for the wider context of customer experience, value streams, and digital transformation.

What is a major incident? ›

Definition of major incident

A major incident is defined as a significant event, which demands a response beyond the routine, resulting from uncontrolled developments in the course of the operation of any establishment or transient work activity.

How do you classify incidents in ITIL? ›

According to ITIL, the goal of Incident classification and Initial support is to:
  1. Specify the service with which the Incident is related.
  2. Associate the incident with a Service Level Agreement (SLA )
  3. Identify the priority based upon the business impact.
  4. Define what questions should be asked or information checked.


1. ServiceNow ITSM Overview | Incident Management | Problem Management | Change Management #servicenow
(Traicon Services)
2. ITIL Incident management - Made it easy. Contact no : 9591611088, Location : India, Bangalore
(Get in to IT with Syed ahmed via ITIL.)
3. Incident Management Training
(SmartLearning UK)
4. What is Incident Management and Process with Demo in ServiceNow
(Hardit Singh)
5. ITSM Fundamentals - Incident Management in SummitAI
6. #1 #ServiceNow #Incident Management | A Complete Tutorial for Admins and IT Users

Top Articles

You might also like

Latest Posts

Article information

Author: Aracelis Kilback

Last Updated: 12/23/2022

Views: 5473

Rating: 4.3 / 5 (44 voted)

Reviews: 91% of readers found this page helpful

Author information

Name: Aracelis Kilback

Birthday: 1994-11-22

Address: Apt. 895 30151 Green Plain, Lake Mariela, RI 98141

Phone: +5992291857476

Job: Legal Officer

Hobby: LARPing, role-playing games, Slacklining, Reading, Inline skating, Brazilian jiu-jitsu, Dance

Introduction: My name is Aracelis Kilback, I am a nice, gentle, agreeable, joyous, attractive, combative, gifted person who loves writing and wants to share my knowledge and understanding with you.