Each time a major IT incidents such as a payroll crash or ransomware attack happen, an IT team gets into a fire-fighting mode and takes the resolution process to a whole new level. This doesn’t have to be the norm, if you follow best-practice steps like those outlined below.
In no time, you can resolve the major incident with no panic. It's also worth being
aware of the best practices and up-to-date predictions when it comes to cybersecurity, as knowledge is power.
1. Clearly define major IT incidents
When an issue causes a huge business impact on several users, you can categorise it as a major incident. It is one that forces an organisation to deviate from existing incident management processes.
Usually, high-priority IT incidents are wrongly perceived as major incidents, and many organizations have no incident plan for security breaches. This is probably due to the absence of clear ITIL guidelines. Therefore, to avoid any confusion, you must define a major incident clearly based on factors such as urgency, impact and severity.
2. Have exclusive workflows
Implementing a robust workflow helps you restore a disrupted service quickly. Separate workflows for major incidents help in seamless resolution. Focus on automating and simplifying the following when you formulate a workflow for major incidents:
- Identifying the major incident
- Communicating to the impacted stakeholders
- Assigning the right people
- Tracking the major incident throughout its lifecycle
- Escalation upon breach of SLAs
- Resolution and closure
- Generation and analyses of reports
Ensure that you also have a no-approval process for resolving major IT incidents.
3. Reel in the right resources
Ensure that your best resources are working on major IT incidents. Also, clearly define their roles and responsibilities because of the high impact these incidents have on business. You could have a dedicated or a temporary team depending on how often major incidents occur.
Some organisations have a dedicated major incident team headed by a major incident manager, whereas others have a dynamic, ad-hoc team that has experts from various departments. Your primary objective must be to keep your resources engaged and avoid conflict of time and priorities.
4. Train your personnel and equip them with the right tools
You don’t know when a major incident will strike your IT, but the first step to handling it is by being prepared. Divide your major incident management team into sub teams, and train them in major incident management. Assign responsibilities by mapping skills with requirements.
Run simulation tests on a regular basis to identify strengths, evaluate performance and address gaps as needed. This will also help your team to cope with stress and be prepared when facing real-time scenarios. Equip your team with the right tools such as smart phones, phablets and tablets with seamless connectivity for them to work from anywhere during an emergency.
5. Configure stringent SLAs and hierarchical escalations
Define stringent SLAs for major IT incidents. Set up separate response and resolution SLAs with clear escalation points for any breach of the process. In addition, follow a manual escalation process if the assigned technician lacks the expertise to resolve the incident. Moreover, ensure that a backup technician is always available.
6. Keep your stakeholders informed
Throughout the lifecycle of major IT incidents, send announcements, notifications, and status updates to the stakeholders. Announcements in the self-service portal will prevent end users from raising duplicate tickets and overloading the help desk.
Also, send hourly or bi-hourly updates during a service downtime caused by major incidents. Have a dedicated line to respond to major incidents immediately and offer support to stakeholders. Use the fastest means of communication, such as telephone calls, direct walk-ins, live chat, and remote desktop control, instead of relying on email.
7. Tie major IT incidents with other ITIL processes
After a major incident is resolved, perform a root cause analysis by using problem management methods. Then, implement organisation-wide changes to prevent the occurrence of similar incidents in the future by following the change management process.
Speed up the entire incident, problem and change management process by providing detailed information about the assets involved using asset management. Cover all of your assets by ensuring your incident response aligns with your cyber insurance policy, too.
8. Improvise your knowledge base
Formulate simple knowledge base article templates that capture critical details, such as the type of major incident the article relates to, the latest issue resolved using the article, the owner of the article, and the resources that would be needed to implement the solution.
Create and track solutions separately for major IT incidents, so that you can access them quickly with very little effort.
9. Review and report on major IT incidents
Document and analyse all major IT incidents, so that you can identify areas of improvement. This will help your team efficiently handle similar issues in the future.
Also, generate major incident-specific reports for analysis, evaluation and decision-making. You could generate the following reports to help in efficient decision-making:
- Number of major incidents raised and closed each month
- Average resolution time for major incidents
- Percentage of downtime cause of major incidents
- Problems and changes linked to major incidents
10. Document major incident processes for continual service improvement
It is best practice to document major incident processes and workflows for ready reference. This could capture details like number of personnel involved, their roles and responsibilities, communication channels, tools used for the fix, approval and escalation workflows, and the overall strategy along with baseline metrics for response and resolution.
Top management must evaluate processes on a regular basis to check if targeted performance levels in major incident management are met. This can help rectify flaws and serve for continual service improvement.
IT incidents: Summary
Major IT incidents are unavoidable, and each one is a learning experience for your team. Adhering to these practices could be your first step towards mastering the art of handling major incidents.
Further reading on cybersecurity
Be proactive when it comes to cybersecurity, by installing the best antivirus software, and take one large part of incident response out of your IT team's hands. The importance of maintaining cybersecurity in your business has never been so key, and the fallout from a cyber attack can cause a business to suffer a series of knock-on effects too.
When it comes to disaster recovery, it's wise to understand where that ends and backups to the cloud begin: we compared disaster recovery vs cloud backup to see what the differences and similarities are.