Incident management

Still need help?

The Atlassian Community is here for you.

Ask the community

What is incident management?

According to ITIL, the aim of incident management is to restore disrupted or failed of service to normal operation as quickly as possible. This includes monitoring for conditions that could reduce the quality of service. The service desk team is typically first line of response for incidents since they provide a single point of contact for customer communications with IT. ITIL provides best practice guidance for defining a proactive approach to incident management.

The service desk team typically provides first line of support (level 1) when responding to an incident. Activities performed by the service desk team include the following:

  • Record the incident - date & time, description, name of person reporting, and unique identification number
  • Incident identification, classification and prioritization
  • Initial diagnosis
  • Communication with the customers and service owner throughout the life of the incident
  • Escalation to level 2 support (as needed)
  • Resolution and verification
  • Incident closure
  • Participate in a Post Incident Review (PIR) for all major incidents.

Since the goal of incident management is to restore a service as quickly as possible, the service desk is not expected to perform root cause analysis to identify why an incident occurred. Root cause analysis is the focus of a problem investigation, and is covered in Problem management. However, it's important that the service desk team capture all relevant information while working on the issue, because this may be important when responding to future incidents.

Incident management process

When the service desk team responds to incidents, it's important that they follow a predefined process to streamline the response and reduce the risk of prolonged service outages. The following process represents an example incident response based on ITIL recommendations. Your team can adapt the example to your existing ITIL processes, or use it to define new ones.


Common incident response process considerations include:

  • What Service Level Agreements (SLAs) define incident priorities, escalation paths, and resolution time frames?
  • What incident procedures can provide standardized responses and ensure incidents are resolved efficiently?
  • What types of incident categorizations are required for better data gathering and problem management?
  • What is needed for incident statuses, categories, and priorities to properly classify, track and report on incidents?
  • What is the process and procedure for major incident response?
  • What are the proper incident management role responsibilities and assignments needed to ensure an effective process?

Set up incident management in Jira Service Desk

Configure the workflow and fields with the Incident Management workflow add-on

We used the ITIL framework to build the following workflow add-on for incident management: https://marketplace.atlassian.com/plugins/com.atlassian.servicedesk.incident/server/overview

You can use this workflow as a template for your own incident management process.

To use the workflow from the Marketplace:

  1. Log in as a user that has the Jira administrator global permission, and follow the instructions listed here to import a workflow.
  2. To add the workflow fields to your incidents, activate the screen by following the instructions here: https://confluence.atlassian.com/adminjiracloud/defining-a-screen-776636475.html#Definingascreen-Activatingascreen.  

Incident management workflow

When you import the workflow, it creates the following screens and custom fields:

Incident management fields

We recommend the use of the following fields for your incident management process:

FieldDescriptionSample values
DescriptionCaptures basic information about the incident 
StatusThe state of the incident 
Pending reasonWhy the incident is pendingWaiting on vendor, More info required, Awaiting approval
PriorityDetermined by the urgency and impact of the incident. Your team can define the value according to your own processes. Critical, High, Medium, Low
UrgencyHow quickly the incident needs to be resolvedCritical, High, Medium, Low
ImpactThe extent of the incident and the potential damage it causes while it's unresolvedExtensive / Widespread, Significant / Large, Moderate / Limited, Minor / Localized
Operational categorizationClassifies an incident for the purpose of assignment and reporting from the operational perspectiveConfiguration > Printer
Product categorizationClassifies an incident for the purpose of assignment and reporting from the product perspectiveHardware > Printer
SourceWhere the incident was discoveredPhone, Email, Monitoring event 
ComponentThe service impacted by the incident 
ResolutionHow the incident was resolved 
Last modified on Aug 27, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.