Often a two-pronged approach is effective, with one team focusing on work-arounds and service restoration and another team focusing on problem management, identifying the root cause and finding an effective solution quickly.
The team may comprise senior managers, technical staff, suppliers and business stakeholders, and members may not be physically located in the same place. Generally, it is recommended a major incident team is established as soon as it is detected and the composition of this team will be determined by the skills and capabilities required to handle it effectively.
Roles are quite different with major incident management: usually the incident manager or a delegate is charged with the overall management and coordination of the resources and teams required to investigate and resolve the incident. Do roles change in a major incident scenario? This does not mean that further investigation should not occur via Problem Management, with steps put in place to ensure the incident does not reoccur. Today, continuity is often automatic, which may mean with good preparation a major incident can be resolved in little to no time. Ensure everyone is aware of continuity plans and that these are tested. Plan for, and establish a clear process for staff to follow in the event of a major incident, from the point of escalation through to resolution.ĭiscuss priorities with the business and decide on business critical systems as well as tolerance levels which if exceeded will trigger a major incident. How can you prepare for a major incident? Personal safety should also be kept in mind major incidents do not always originate from IT and broad teams from across the business may be needed to ensure business continuity and/or recovery. In these scenarios, business will be looking to IT for guidance about how they should react, so ensure you are focusing on the outcome that supports and underpins the business goals and objectives.
For example, if people are told to work from home, or access systems via an alternative mechanism. For example, if the business decides that its continuity plan should be invoked, then IT must ensure that its approach to incident resolution not only addresses restoring the ‘normal’ service, but also the implications of working within the business continuity scenarios. It’s easy to get lost in fighting the fire, but ultimately objectives and resolution strategies should be aligned with the priorities of the business. What are the key things to consider in a major incident?įrom an IT perspective, probably the most important thing to remember is the business impact, goals and objectives. For instance, in a hospital this might be the patient management system or, more generally, a significant power outage. Conversely, a major incident is considered something that prevents the organization from operating. Priority 1 incidents are defined as having a broad impact on users, but don’t necessarily impact the revenue generating functions of the business unless left unresolved. When working with organizations, I’ve often differentiated between ‘priority 1 incidents’ and ‘major incidents’, reserving ‘major incidents’ for those situations where, if not resolved quickly, business and/or IT continuity plans may need to be invoked. The latter is usually based on risk factors. When defining the scope of an incident, it’s also important to consider what level of impact will be tolerated by the business.
0 kommentar(er)
