IT incident report
Posted by: Margaret
Rouse
Contributor(s):
Matthew Haughn
An IT incident report is documentation of an event that has disrupted the normal operation of some IT
system (or that had the potential to do so) and how that situation was handled.
In this context, events include any occurance that has significance for system
hardware or software, and an incident is an event that must be dealt with to ensure
that a system can continue to function. Most often, an incident is an
interruption of an IT service, such as a login failure, due to a problem
like a corrupted database table. The incidents that receive the most
attention tend to be security-related events, such as data breaches.
Download: Are you migrating to DevOps?
As DevOps is slowly taking over the IT landscape, its
vital that IT pros understand it before jumping right into the movement. In
this complimentary guide, discover an expert breakdown of how DevOps impacts
day-to-day operations management in modern IT environments.
IT incident reporting is an essential component of incident management, the area of IT Service
Management (ITSM) involved with ensuring that service
is returned to normal as quickly as possible in the wake of an incident to
minimize any negative impact on the business.
Incident reports vary from one organization to another
and among the types of systems involved. Here’s a basic example of what should
be included in the report:
Summary
This section describes the incident briefly and
identifies when it happened and when it was resolved, along with the impact,
such as the number of requests that resulted in errors and the problem that was
the root cause of the incident.
Timeline
This section identifies the precise times of all related
events and list the time zone, if relevant. These events include the first
report of the incident, all actions taken to resolve the issue and consequent
events and the time that the incident was resolved.
Root Cause
This section describes the problem that caused the
incident in as much detail as possible.
Resolution and recovery
This section describes all the actions taken, along with
the times when they were implemented, in detail. Any results of actions taken
should also be described, even if the measures were not effective.
Corrective and Preventative Measures
This section discusses what measures should be taken to
prevent a similar incident in the future, including any changes to systems or
procedures that are recommended. The section also includes any recommended
improvements to the incident response system.
No comments:
Post a Comment