1. Identification and recording of events
The service desk records some basic information to identify customers, such as name, work place, telephone number, etc. , and event management records detailed event information, such as the time when the event occurred and the services affected by the event. The purpose of this is to confirm the impact of the incident, and the problem management can find the cause of the incident according to this information and closely track the progress of the incident.
First of all, when users, service desk staff or other IT department personnel find or detect an event in the system, they will report it to the service desk, and the service desk will input the basic information into the event database and report it to the event manager. Usually, all incidents are reported to the service desk first, and then entered into the incident database by the service desk staff. The service support team is not allowed to record events directly.
Secondly, the event manager gives the event a unique number and records some basic event analysis information (time, symptoms, location, users, affected services, hardware, etc.). ), and supplement other event information (interaction information with users and configuration management database, etc.). ).
Thirdly, according to the information provided by the service desk and the information in the event database, the event manager judges whether this kind of event is the same as or similar to the existing event. If it is, it updates the event information or establishes a subordinate record of the original event, and modifies the influence and priority of the original event if necessary. If it is not, it creates a new event record. Finally, event management needs to judge whether the event is serious or not. If the situation is serious, you should first report to the management and inform the users about the situation before taking further action. If it is not serious, it should go directly to the next preliminary classification and support of the incident.
2. Preliminary classification and initial support
After the first step of event identification and recording, the event information that can be obtained from users has been basically obtained, and the event management database has been updated according to this information. The next step is the preliminary classification and support of events. The emphasis here is to restore the normal work of users as soon as possible, and try to avoid or reduce the impact of events on the quality of IT services.
The purpose of classification is to find the cause of the incident so as to take corresponding actions. Generally speaking, many events are repeated, so when an event reappears, we only need to take action according to the existing experience and measures. When a new event appears, there is a process of matching its problems with known errors (knowledge base). If the matching is successful, we can solve it directly with the existing scheme without further investigation, otherwise we will continue with the other steps mentioned below.
If the service desk fails to solve the incident successfully, it will transfer the incident to second-line and third-line support, and then be responsible for recording the incident and contacting the support team to take necessary measures to ensure user satisfaction. If you encounter an emergency or the event resolution process is very complicated, you must investigate and analyze the incident.
3. Accident investigation and analysis
When the incident has not been satisfactorily resolved in the first and second stages, the expert support team should intervene in the handling process to investigate and analyze it.
Once the incident is assigned to the support group, they should complete the following tasks: confirm the receipt of the incident handling task, and specify the relevant date and time to ensure the normal update of the incident status and historical information, inform customers of the latest progress of the incident in time through the service desk, and explain the current status of the incident; Provide the found expedient measures to the service desk and customers as soon as possible; Review the incident with reference to known errors, problems, solutions, planned changes and knowledge base; If necessary, ask the service desk to re-evaluate the impact and priority of the incident according to the agreed service level, and make adjustments if necessary; Record all relevant information, including solutions, new or modified classifications; Feedback the updates, time spent and processing results of all related incidents to the service desk to prevent such incidents.
4. Resolve the incident and restore the service
After analyzing and investigating the incident, the support team will solve the incident and restore the service according to the updated incident information, proposed rights measures and solutions and related change requests, and update the relevant incident information.
5. Event termination
After the event is resolved and the service is restored, the event reaches the termination stage. In this stage, the updated event records and resolved events in the previous stage are input, and the actions taken are mainly to confirm whether the event resolution is successful with the customer, and the output results are updated event information and event records. After the incident is resolved, the service desk should ensure the following: the information about the operation used to resolve the incident is accurate and easy to understand; Classify events according to their root causes; The customer agrees with the accident solution and its implementation and final result; Record all relevant information in the event control stage in detail, such as whether the customer is satisfied, the time spent in handling the event, and the date and time when the event ended.