Task: Conduct Detailed Investigation
In this task, the Incident Resolver must carry out a detailed investigation to determine what has gone wrong and how it can be corrected. The Incident Manager may want to involve the Problem Manager at this stage to conduct a root cause analysis of the incident to come up with an appropriate solution.
Relationships
RolesPrimary Performer: Additional Performers:
Outputs
    Process Usage
    Main Description

    Once received, the Incident Resolver should acknowledge the assigned incident. The initial priority and categorization provided by the Incident Handler is based on the limited knowledge and information. Hence the categorization and priority of the incident needs be revisited at this stage based on urgency and impact. This could be determined by factors like number of services affected, level of financial losses, effect on business reputation, effect on regulatory or legislative policies, etc. In case the priority of the incident changes during the detailed investigation, user must be informed. The revised estimated resolution time (in line with the Service Levels) must be communicated to the User.

    The Incident Resolver should analyze all relevant information about the incident. The investigation may include understanding the below factors:

    • What went wrong exactly
    • Chronological order of events
    • Impact of the incident, including the number of users, impacted services, locations, etc.
    • Events that could have triggered the incident, like what actions or changes were done before the Incident took place
    • Knowledge searches checking the previous similar Incident records, Problem records, any available Knowledge Articles and the Configuration Management Database (CMDB).

    Investigation and diagnosis may be an iterative process. The process may also involve specialist support group or may involve multiple support groups or support staff from other vendors, etc. In case the Incident Resolver cannot resolve the incident, the Problem Management process may be triggered by creating a Problem Record. In case there are external dependencies for the incident investigation, it must be escalated to the respective group and the Incident Manager must be kept informed.

    If the incident is of a serious nature, or there is delay foreseen in investigation, hierarchic escalation is invoked. This ensures involvement of right stake holders who have authority to get the things done in timely manner. This helps in taking necessary actions such as allocating additional resources or involving suppliers/maintainers, etc.