How to Identify and Record Critical Incidents – Phase II
In the continuing series, I am talking here about the Investigation and Diagnosis of a Critical incident. In the earlier edition, I have talked about Identification and Recording. You can read that blog here.
We will also examine the various roles and how they play out in reference to RACI.
With that let us look at the various roles that come into play here. 
Service Desk Analyst 
Major Incident Group 
Major Incident Manager 
Technical Restoration Manager 
IT Operations Manager 
Incident Manager / IT Operations
1. The activity is classified as High/Critical incident. The Service Desk Analyst reviews the Impact and Urgency of the incident in accordance with the your Manage Technology Incident Prioritization process.
|
|
|
|
|
|
| RA | I | C | C | C |
2. The incident is reviewed. The incident manager reviews the critical incident. This is a process in this stage.
|
|
|
|
|
|
| RA | I | C | C | I |
3. Is the resolution or a work around found? The Incident Manager looks for an appropriate resolution or work around. This will generally include referencing; a) Job Docs b) Incident Response Plans. All recovery activities completed during this phase must comply with Change Management Process Policy.
|
|
|
|
|
|
| C | C | C | RA |
4. A work around or resolution was found and now can proceed to resolve the incident. The Incident manager proceeds to implement to resolution or workaround.
|
|
|
|
|
|
| C | CI | CI | RA |
5. If the decision was that a resolution or workaround was not found, the support groups have to be engaged. The Incident Manager contacts the appropriate support groups to assist in the incident resolution. This includes all the internal technology groups and support partners/vendors.
|
|
|
|
|
|
| CI | CI | RA |
6. The criticality is now decided. The decisions are if the incident is a Critical Priority or a High Priority. We are dealing with Critical Priority items only here.
|
|
|
|
|
|
| C | C | RA |
7. The Major Incident Manager is engaged. After confirming the Critical Incident the Incident Manager engages the Major Incident Management team to manage recovery activities.
|
|
|
|
|
|
| I | I | RA |
8. The Major Incident Manager now decides if the priority is Critical or Non-Critical.
|
|
|
|
|
|
| C | RA | C | C |
9. The Incident Manager engages the Major Incident Manager to drive the resolution of the Critical Incident. The decision was that the restoration target was breached. The Major Incident Group bridge is held with relevant information and decisions interfacing into the Major Incident Communications Procedure. This is an ongoing activity that is executed throughout the lifecycle of the incident. This bridge is established only when the resolution or workaround was not found.
|
|
|
|
|
|
| RC | RA | RC | I |
10. Attend Technical Group Bridge, Engage & Disengage Support Teams as Required (continuous to restoration confirmation). The Technical Group Bridge is held with relevant information and decisions delivered to both the Major Incident Group and the Major Incident Communications procedure. This is an ongoing activity that is executed throughout the lifecycle of the incident. Now at this stage the incident is diagnosed.
|
|
|
|
|
|
| A | RC | C |
11. Now that the incident is diagnosed, the technical Restoration Manager establishes a recovery plan to restore service and the restoration plan is established.
|
|
|
|
|
|
| A | RC | C |
12. The support groups are now engaged to assist with a) Establishing a restoration plan b) Identifying Tasks c) Executing Tasks.
|
|
|
|
|
|
| C | I | C | RA |
13. The tasks are now assigned. Tasks are established (wherever applicable) and assigned to Support Groups and Technology Partners. Tasks are completed as documented.
|
|
|
|
|
|
| CR | CI | RA | I |
14. Now that it has been identified as a Major Critical Incident, we need to move on to the next phase. Which is Resolution and recovery. The Major Critical Incident Communications procedure is executed throughout the lifecycle of the incident.
|
|
|
|
|
|
| C | I | RA | C | I |
This ends the phase II of Investigation and Diagnosis. After this phase, the Major Critical Incident Communications procedure and Resolution and Recovery process is started. That is published in my next blog.
If you like this blog, check my other blogs on my site here.
Authored by Vijay Chander – All rights Reserved – 2023
