Major Incident Classification tool

It is clear that the Major Incident Process is separate to that of normal incidents and that a specialized process is required to deal with it. This process is handled in greater detail in related articles. If a major incident is declared and after resolution and analysis it is reclassified then is also acceptable because it better to err on the side of action than not act timeously. But to assist in major Incident classification the following tool can be used. It is similar to a traffic light with the colours Red, Amber Yellow and Green.

The tool works but individually determining the classification for Scope, Credibility, Operations and Urgency. Each of these is assigned a related colour. Simplistically, the more Red the higher the likelihood that the incident will be declared a Major Incident. Important stakeholders might insist on the declaration of a Major Incident, which as business process owners they are entitled to do, even though a full classification has not be completed. Even in this case it remains crucial to complete a formal classification and communicated the findings to maintain transparency.

ClassificationScope (Mark with a X) Dashboard designation = S

(4) More than 50% of customers affected

(3) More than 25% of customers affected

(2) Less than 25% of customers affected*

(1) Less than 1% of users affected

(0) Single IT customer affected

Credibility (Mark with a X) Dashboard designation = CR

(4) Areas outside the company will be affected negatively

(3) Company affected negatively

(2) Multiple business units affected negatively

(1) Single business units affected negatively

(0) No credibility issue*

Operations (Mark with a X) Dashboard designation = OP

(4) Interferes with vital business functions

(3) Interferes with business activities*

(2) Significant interference with completion of work

(1) Some interference with normal completion of work

(0) No work interference

Urgency (Mark with a X) Dashboard designation = U

(4) Underway and could not be stopped

(3) Caused by unscheduled change or maintenance

(2) Incident caused by a change

(1) Incident caused by scheduled maintenance

(0) Completion time not important*

Prioritization (Mark with a X) Dashboard designation = P

Reviewing the scope , credibility, operations and urgency please classify the priority of the incident

(4) Critical - An immediate and sustained effort using all available resources until resolved. On-call procedures activated, vendor support invoked.

(3) High - Technicians respond immediately, assess the situation, and may interrupt other staff working low or medium priority jobs for assistance.

(2) Medium - Respond using standard procedures and operating within normal supervisory management structures.

(1) Low - Respond using standard operating procedures as time allows. *

(0) No prioritization

When a major incident is identified some basic information is required upfront. The table below provides some details on what this would typically entail. It serves as input used for communications to the stakeholders.

Initial assessment of Major Incident and description

Service desk / Risk logging <References of the Major Incident>

Trigger (who is activating the Major Incident process) <Job title of person>

Service affected <Name in service catalogue>

Data networks Authentication, AD

Messaging Information Security

Payments Operations

Voice Service desk

Hosting Monitoring

Intranet Printing

Documents Third party

Ecommerce Extranet

Backups

Storage

Identification (please clearly describe the incident and its symptoms – immediate and visual causes)

<Description of the major incident or outage and including the symptoms displayed or experienced>

Business impact (please describe clearly the undesired outcome)

<Describe how the business was impacted by stating the undesired outcome>

Conditions (please describe the environment – business or IT – conditions that caused or were present during the incident)

<The business and IT conditions present when the incident or outage occurred>