An incident can be detected through various sources. A breach can be received from a monitoring system based on established threshold parameters, or it can be reported by a user, Client or any other stakeholder.

Whenever a user detects an incident, he should attempt the available self-help techniques, within the available knowledge articles, to find solution to the incident,. For example, a user may be able to easily resolve incidents falling in the category of “MS Office “how to” issues” using self-help. If the user believes that the resolution using self-help is satisfactory, the process would end here. Incidents falling within such categories do not follow the normal Incident Management life cycle. The Incident Manager must monitor usage of the knowledge base, to monitor and demonstrate effectiveness of the self help facilities.

However where a user does not find appropriate self-help facilities, the incident must be reported (with relevant details) to the numbers provided to him, for the same.

In many cases, auto healing techniques for certain type of incidents may be embeded within the tools itself. So whenever an incident is detected by a tool, these techniques must be implemented to carry out first level resolution for those types of incidents. In case no such techniques are available, or the incident is not satisfactorily resolved by these techniqies, the incident must be reported to the Incident Management tools for logging and further resolution activities.