Incident Handler should perform the intial investigation to understand the symptoms of the incident to resolve it at the earliest.Typically it is done while the user who raised the incident is still on call, if the incident is raised over telephone. Incident Handler tries to understand facts about the incident based on the information recorded in the previous task.

Information analyzed during this step include the following

• What is the issue ?
• When did it happen?
• What does the process says?
• Impact on current operations?
• Number of users impacted etc

If needed, additional information would be obtained from the User.

One of the techniques used by Incident Handler to resolve incident is "incident matching." By checking the previous incidents with the same classification, the Incident Handler may be able to identify a similar incident and the appropriate resolution steps. This would help to speeden resolution and increases the first-time fix rate. Incident Handler may also refer to the known error database to find a workaround, through which an incident can be resolved quickly. Diagnostic scripts may also be run in some cases for incident resolution.

Another tool used by Incident Management is the incident model. New incidents are often similar to incidents that have occurred in the past. Having a model in place reduces resolution time for such incidents. An incident model defines the following:

• Steps to be taken to handle the incident, the sequence of the steps, and responsibilities
• Precautions to be taken prior to resolving the incident
• Timescales for resolution
• Escalation procedures.

Incident models streamline the process and reduce risk.
If the Incident Handler is not able to resolve the issue after intial analysis and other different techniques quoted above, the incident must be passed on to the most approriate support group for resolution.