Understanding ITIL Terminology and Incident Management

In the realm of ITIL, an ‘incident’ is not a mere accident or an unforeseen event. Instead, it holds specific weight and meaning. An ‘incident’ refers to an unplanned disruption or reduction in the quality of an IT service. It can also pertain to a failure of a Configuration Item (CI) that hasn’t affected the IT service yet, for instance, one disk failing in a mirrored set.

Incident Recognition

Incidents can arise from various sources:

  • They might be identified by technical staff.
  • Event monitoring tools might detect and report them.
  • Users might communicate them, often via a call to the service desk.
  • External third-party suppliers and partners can also report them.

Purpose and Objectives of Incident Management

1. Purpose:

The primary aim of incident management is to swiftly return to ‘normal service operation’ and reduce any negative business impact. This ‘normal service operation’ is when services and CIs function within their agreed parameters.

2. Objectives:

Incident management aims to:

  • Standardize methods for a quick and efficient response, analysis, documentation, and incident reporting.
  • Enhance the communication and visibility of incidents.
  • Improve the business’s perception of IT by promptly and professionally resolving incidents.
  • Sync incident management activities with business priorities.
  • Uphold user satisfaction with IT services.


The scope of incident management is vast. It covers any event with the potential to interrupt a service. While both incidents and service requests get reported to the service desk, they aren’t the same. Service requests are more about meeting customer needs in line with agreed-upon Service Level Agreements (SLAs).

Value to Business

Incident management is invaluable because it:

  • Minimizes unplanned costs.
  • Reduces business downtime by swiftly resolving incidents.
  • Aligns IT activities with real-time business priorities.
  • Identifies areas for potential service improvements.
  • Helps identify additional service or training requirements.

Its visibility within business operations makes it easy to prove its worth, often making it a starting point in many service management projects.

Policies, Principles, and Basic Concepts

Policies around incident management may include efficient communication, timely resolution based on business needs, and maintaining customer satisfaction. Every incident should be recorded in a single system, use a standard classification, be audited regularly, and follow a common format and set of information fields.

Principles and concepts to consider include:

  • Timescales: It’s essential to agree upon timelines for handling different stages of incidents based on SLAs.
  • Incident Models: Predefined incident models can help address recurring incidents.
  • Major Incidents: High impact incidents require separate procedures and possibly a dedicated team for resolution.
  • Incident Status Tracking: Track incidents throughout their lifecycle, from recognition to resolution.


In the digital age, understanding incident management is critical. ITIL’s framework provides a structured approach to detect, address, and resolve incidents, ensuring minimal disruption and maintaining business continuity. Properly managed, this process not only handles issues but also strengthens the bond between IT departments and the broader business community.

References: ITIL Service Operation, 2011 edition, ISBN 9780113313075