Manage Incidents
  • 18 Feb 2025
  • 24 Minutes to read
  • PDF

Manage Incidents

  • PDF

Article summary

Manage Incident feature for analysts provides tools and capabilities to efficiently track, analyze, and resolve incidents. This feature empowers analysts to oversee the lifecycle of incidents—from detection to resolution—using various tools within an Incident Management System (IMS) or IT Service Management (ITSM) platform.

Analysts can log their issues, view and update logged incidents. In addition to these actions, they have access to all functionalities available to an End User.


Manage Incidents

To Manage your Incidents, perform the following steps:

1. Login to the application and select Service Management.

2. The following page is displayed as the Analyst dashboard.

Figure: Analyst Dashboard

  1. Navigate to Incident > Manage Incidents as shown below.

Figure: Manage Incident

  1. Select Manage Incidents and the following list page is displayed. For more information, refer to the table below.

Manage Incidents ListFigure: Manage Incident List page

Note

Any additional columns required for the list page can be added by clicking on the following icon from the list page.

  1. Click New to add new Incidents. Refer the following screenshot and the table.

new incident pageFigure: New Incident

For more information, refer to the table below.

Field

Description

Symptom

A brief information on the Incident is provided.

Description

Detailed information on the Incident with more explanation and clarity.

Workgroup

Lists all the Workgroups corresponding to the selected Tenant.

Analyst

Select the Analyst to whom the Incident must be assigned.

Service Window

Select the Service window based on which SLAs are calculated. Example: 24/7

Effort

Specify the Effort in Days, Hours, Minutes, & Seconds

Response SLA

The field displays the deadline within which a response acknowledgment must be received for the Incident.

Note:

  • The remaining time is calculated based on the service window selected. Any violation of SLA will be highlighted.

  • This field can be edited based on the configurations in SLA. Any changes made will be reflected in the SLA History.

Response SLA Violation remarks

Select the relevant remarks from the dropdown. For example, Working on other Incidents, Complex Issue etc.

Resolution SLA


The field displays the deadline within which a resolution must be received for the Incident.

Note:

This field can be edited based on the configurations done in SLA.

Resolution SLA Violation remarks

Select the relevant remarks from the dropdown. For example, working on other Incidents, complex issues, etc.

The configuration for Incident has been explained under each of the tabs. Please expand the following sections for more details.

General

Incident management requires a well-structured configuration to ensure smooth handling of incidents from detection to resolution.

The General tab can be configured with the following details. For more information, refer to the table below.

Field

Description

Requestor

The name of the requestor who raised the Incident is displayed. It is displayed from the login username.

Requestor Location

The location from which the requestor has raised the Incident is displayed.

Tenant

A Tenant is similar to a department within an organization that provides support related to an IT or a facility.


Service

Select the service required for the Incident. Options available are Emergency Response Service, MS Office 365, Navigation.

Medium

Select the medium of Incident logging. Options available are: Web, Mail ,Chatbot, MobileApp, Phone, Others.

Source

Select the origin of the Incident being logged. Options available are: User, Event, Incident, Change, Problem, Others.

Classification

Select the appropriate option from the classification Pop-up window which provides various categories.


classificaytion

How would you categorize the issue?

Find and select the appropriate category to which the Incident belongs to from the category list. Refer to the screenshot below.


category(1)

Tags

Add relevant tags for better reach or provision to create new tags are also available.

Major Incident

Click this and mark as Major Incident only if the Incident is of High priority, High Impact and Urgency and needs faster resolution.

Propose Major Incident

Enable the button if the Incident needs to be proposed as a Major Incident. When the incident is proposed as a Major Incident, it is transferred to the Approver for the approval process.
When enabled, the following window is displayed. For more information on the details to be input, refer the table below in Major Incident.

Prioritization

Impact

Impact defines the enormity of the situation and the extent of consequence related to the incident. The options available are critical, high, low, and medium.


Urgency

This field represents the urgency-based factor for Incident. Options available are:


Critical, High, Low, Medium.

Priority

Priority defines the precedence in which a particular Incident should be addressed. The options available are P1, P2, P3, P4, and P5.

Major Incident

A Major Incident in incident management is a critical event that significantly disrupts business operations, impacting a large number of users, services, or key business functions. It requires an urgent and coordinated response to minimize downtime and restore services as quickly as possible.

The Major Incident configuration are as follows. For more information refer to the table below.

Field

Description

General


Topic

Specify the topic for initiating the major incident.

MIM Team Members

Select the team members of the Major Incident Team.

Create Problem Record on Incident resolution

Enable this feature if a problem record needs to be created for this incident resolution.

Generate Meeting

Click the button to generate a meeting with the MIM team members.

Root Cause


What is the nature of the Incident?

Select the nature of the incident from the dropdown menu.

What specific symptoms or issues are being observed?

Provide details of the symptoms or issues that are observed as part of this incident.

What are the cause of the Incident?

Specify the observed cause of the incident.

Type of Occurrence

Specify if it is a first time or repeated occurrence.

Is there a workaround in place, and is it effective?

Choose yes or no if there is a workaround for the issue.

What is the criticality of the affected systems or services?

Specify the criticality of the incident as low, medium, high etc.

What actions have been taken so far?

Provide details of the actions taken for resolution of the issue.

Preventive Action


Action

Provide details of the action taken for prevention of the issue.

Owner

Provide the owner details for the issue.

Due Date

Enter the due date for resolution of the issue.

Status

Select the status of the major incident.

Messages

Messages play a critical role in incident management by ensuring clear, timely, and structured communication among stakeholders. Effective messaging helps teams respond quickly, reduce confusion, and keep all involved parties informed.

The Messages tab can be configured with the following details. For more information, refer to the table below.

Field

Description

User Communication

Type in the problem information that you want to share with the Requestor. Only the workgroup Analysts can update the User Communication.


Also, the Analysts can use the preconfigured templates to update the User Communication.


Private Log

Type in the problem information that you want to share with other members of your Workgroup. Apart from workgroup Analysts, the Private Log can be updated by Authorizers, Approvers, and Reviewers.


Messages

Any other messages related to the Incident can be added here.

Notes for Self

This is self note section for individual referenc

Solution

The solution in incident management refers to the capabilities of an incident management system that help in detecting, responding to, resolving, and preventing incidents efficiently. The Solution tab can be configured with the following details.  For more information, refer to the table below.

Field

Description

I found this solution in a knowledge article.

Enable this if you could find the resolution to your Incident in a knowledge article of documentation. Majority of times there are possibilities a resolution can be found from existing knowledge article.

Please link the article that helped

Select from the dropdown list which is the article that helped you resolve the Incident all by yourself.

Note

If the status of the Incident is Resolved, and the toggle switch for I found this solution in a Knowledge Article is enabled, then it is mandatory to select a Knowledge Article from the dropdown menu. If not selected, then a Validation Message will be displayed to select the Knowledge Article.

Checklist

A checklist in incident management ensures a structured and efficient response to incidents by guiding teams through key steps from detection to resolution and post-incident review. It helps maintain consistency, reduces human error, and improves response time.

The Checklist tab can be configured with the following details. For more information, refer to the table below.

Field

Description

Checked Windows updates and suggested any critical updates and impact?

Maintaining a secure, stable, and up-to-date operating system with the newest features and enhancements requires regular Windows updates.
Select Yes or No from the dropdown menu.

Backed up DFS Namespace Configuration

Distributed File System (DFS) Windows Server namespace is a feature that lets you combine shared folders from various servers into a single namespace.
Select Yes or No from the dropdown menu

Are Antivirus Logs checked & updated?


Records produced by antivirus software that detail actions taken in connection with identifying and addressing possible security risks on a system or network are known as antivirus logs.
Select Yes or No from the dropdown menu.

Troubleshooting

A troubleshooting feature in incident management refers to the systematic approach and tools used to diagnose, analyze, and resolve incidents effectively. It helps IT teams, security analysts, and support engineers quickly identify the root cause of an issue and implement corrective actions.

The Troubleshooting tab can be configured with the following details. For more information, refer to the table below.

Field

Description

Problem

Enter the Problem of the Incident for reference.

Cause

Specify the cause of the Incident. For example, My VPN is not working because of wrong password and I'm unable to change it.

Proposed Solution

Suggest a possible solution which can resolve your Incident.

List

This is a cumulative list which gets added with multiple Problem, Cause and Proposed Solutions.

Link

The Link feature in incident management allows teams to associate related incidents, problems, changes, or tasks to provide better visibility and streamline resolution. It helps in identifying patterns, preventing recurring issues, and improving root cause analysis. The Link tab can be configured with the following details. For more information, refer to the details below.

The Incident record can be linked to other records from the same module, another module, or an application by using the Links tab. From the Incident details page, users have the option to create new records or link to already-existing ones.

Link the existing Manage pages from the dropdown list provided in the Links section. This view will provide a list of all the records that have been linked to the record.

Figure: Links

Analysts can perform the following actions through the Links tab:

  • Create

  • Link

  • De-link

Create

This feature allows a new record to be created from an incident. A new record gets created with fields auto-populated.

The link tab contains the relationship record with the create button. The create button can be triggered to create a new record from an incident. For example Incident to Service Request.

Note

The form will open in a new tab and all the fields will be auto populated based on the form relationship selected. For more details refer to the figure below.

Figure: Create

Link

Link contains a feature to Link other records to the Incident. This feature is useful to create an association between related records. For more information refer to the image below.

The Link tab allows linking an incident with other modules in the application.  For example, linking an incident to a service request or linking an incident to a problem record. There is also a provision to link records across application. For example, linking service request to fixed asset.

Figure: Link

Note

The link tab can be used to display and link Instore Assets and User Assets

  • In-Store Assets: This will display the list of records in store.

  • User Assets: This will display the list of assets allocated to the specific user.

Select a module and the following page is displayed.

Note

Select the records to be linked and click Link. Records from the same module can be linked as Parent-Child and other modules can be linked as Peer.

Peer Records are related or similar records to the incident being investigated. An incident cannot be resolved without closing the linked peer records.

For example, if a work order or service request has been raised for an incident, it cannot be resolved till the work order/service request has been closed. The following validation message is displayed when the incident is closed.

The Parent-Child dependency can be selected if the incidents are related to the same main incident. Any updates on the parent incident will also reflect on the child incidents.

  • Child records are not editable once linked. The linked child record will display the following message when opened.

  • Any changes to the parent records will reflect on the child records. There is a provision to exclude certain fields from being updated in the child record by defining exceptions in the Relationship configuration. Once configured, changes to the child incident can be limited by selecting the required fields as shown below. Only selected fields will be updated in the child incident.

All the linked records of different modules will be displayed as below.

Note

The condition builder has been introduced to display only open records while linking. For more information on configuration, refer to the Relationship feature in Form Designer.

De-Link

Removing the connection or linkage between two records that are tied to an incident is known as de-linking the records. This step may be required if a record is incorrectly linked, no longer relevant, or if the process changes and the linked records need to be disconnected.

To de-link record(s) from an Incident, perform the following steps:

  1. Click Link tab.

  2. All the records which are link to the Incident are displayed.

  3. Select the checkboxes of the records which you want to de-link.

  4. Once you select the records that you want to de-link, the De-Link button is enabled.

    Figure: Delink Records

    5. Click De-Link. A message stating successful de-linking is displayed.

    Figure: Delinked Records

Vendor Info

Vendor information plays a critical role in incident management, especially when third-party services, tools, or software are involved in the IT ecosystem. Proper vendor coordination ensures timely issue resolution, minimizes downtime, and helps maintain service level agreements (SLAs).

The Vendor Info tab can be configured with the following details. For more information, refer to the table below.

Field

Description

Vendor Name

Select the Vendor from the dropdown list. Example: Cisco, Apple.

Location

Select the Location from the dropdown list. Example: India, Austria.


Configuration Items

Select the appropriate CI (Configuration Items) from the list.

Services

Select the Services relevant to the Vendor from the dropdown list.

Contact Person

Select the contact person for the vendor from the dropdown list.


Incident ID


Enter an Incident ID of the Parent Incident if exists.

Status-Vendor

Add relevant tags for better reach or provision to create new tags are aslo available.

Vendor-Urgency

Justification or Valid reason for keeping the Incident in Pending status.


For example, dependency on another team, No proper information available.

Start Date

Select a start date as per requirement.

Vendor Impact

Click this and mark as Major Incident only if the Incident is of High priority, High Impact and Urgency and needs faster resolution.

Resolution Deadline

Impact defines the enormity of the situation and mostly deals with “How Many” question.


Vendor-Priority

Time based factor for Incident. Options available are:


Critical, High, Low, Medium.

End Date

Select the end date as per requirement.

Underpinning Contact

The Underpinning Contract (UC) is a contract between an IT service provider and a third party. The third-party provides support services that enable the service provider to deliver a service to a customer.


Solution

Propose a possible solution for the Incident.

Timeline

A timeline in incident management refers to a chronological sequence of events from the detection of an incident to its resolution and post-incident review. It helps teams track key milestones, understand response efficiency, and improve future incident handling.TimelineFigure: Incident Timeline

Orchestration

Orchestration in incident management refers to the automated coordination and execution of workflows, processes, and tasks across different teams, tools, and systems to efficiently detect, respond to, and resolve incidents. It ensures that the right actions are taken at the right time with minimal manual intervention, improving response times and reducing human errors.

Repetitive tasks must be executed to resolve an incident automatically or with less manual intervention. Based on the configured scripts, the action is executed automatically.

Modify and Manage Incidents

To Manage your Incidents, perform the following steps:

1. Navigate to Service Management > Incident.
3. Select Manage Incidents and the following list page is displayed.
Manage Incidents List

Figure: List page

4. Click any Incident ID hyperlink and the following screen is displayed.

Figure: Incident details page

The upper-right corner contains several action icons, which are explained below.

Change History

Click the change history icon 2(4)to view the History of the Incident. The following screen is displayed.

Change History

View the complete record or log of all the changes made to the Incident throughout its lifecycle by clicking on the Change History tab.

Figure: Change History

Click on the Change History ribbon to expand it and view the complete details of the changes occurred on the Incident. It displays the date and time of the change along with information like Impact, Urgency, Priority, Pending Reason, Requestor, Tenant, Classification, Status, Workgroup, Service Window and much more. (Refer the following screenshot)

Figure: Change History

Click and view the Change History in Timeline View or Tabular View. (Refer to the following screenshot)

Figure: Change History

You can export the details to an excel by clicking on the Export to excel icon.

Communication History

A communication history is a list or documentation of all the exchanges of messages, discussions, and interactions that have taken place over a given time period between different people or entities. It offers an in-depth description of who spoke with whom, when, and what was said. For more information, refer to the image below.

Figure: Communication History

Click on the log to find the audit trail of communication as given below.

Figure: Additional details

Workflow History

View the entire history and progress of the Workflow. Workflow History refers to a log or record of actions and events that have taken place during a workflow or business process. Workflows are a popular tool for managing and streamlining intricate procedures, guaranteeing that assignments are finished quickly and methodically. For more information, refer to the image below.

Figure: Workflow History

Click the highlighted icon and the following page is displayed with the workflow diagram.

Figure: Workflow Diagram

Note

The green line denotes approvals done and the orange box denotes the status at which the approval is pending.

Link History

Link history usually means a list of URLs or hyperlinks that are pertinent to the incident. This can be significant in a scenario where a particular incident is linked to another record. For more information refer to the image below.

Figure: Link History

Note

The link history is also used to track changes in the event of conversion of records. For example, when a service request is created from an incident or vice versa, or Incident to Service Request, Incident to Work order, etc.

SLA History

The term "SLA history" describes the progression and historical development of service-level agreements. It includes the main turning points, how SLAs have changed over time, and how businesses have utilized them to monitor and guarantee the caliber of services they offer to clients.

Figure: SLA History

  • Resolution SLA - Resolution SLA refers to a service provider's guarantee as to how quickly they will address and fix a reported issue or request.

  • Response SLA - Response SLA is the guarantee given by a service provider on how quickly they will react to a customer's request or issue that they have reported.

Click and view the SLA History in Timeline View or Tabular View. (Refer to the following screenshot)

Figure: SLA Tabular view

Figure: SLA Timeline view
You can export the details to an excel by clicking on the Export to excel icon

The Rule History provides a log of any rule changes adopted during the progress of the Incident. Any such changes will be reflected in the SLA value being calculated for completion of the Incident.

Figure: SLA Rule History

For more information, refer to the table below.

Field

Description

SLA Rule Id

The unique Id provided for the SLA.

SLA Rule Name

The name given to the SLA task.

Applied Date

The date on which the SLA Rule was applied to the Incident

SLA Criteria

The criteria if any applied.

SLA Value

The calculated days of the SLA is provided.

SLA Elapsed Time

The SLA Elapsed Time is automatically calculated based on the SLA Rule selected.

SLA Detail History - The Detail History will have a comprehensive log of the SLA details captured to provide a birds-eye view of the status of SLA and elapsed time.

Figure: SLA Detail History

For more information refer to the table below

Field

Description

Status

The status of the Form is displayed here.

Start Time

The Start time of the SLA when it is activated is displayed.

End Time

The End time of the SLA is displayed.

SLA Elapsed Time

The SLA Elapsed Time is automatically calculated based on the SLA Rule selected.


SLA Status

The status of the SLA is displayed when the cursor is hovered over the icon

SLA Deadline History - A historical tracking of compliance with deadlines providing a history of how deadlines or timelines have been managed in the context of SLA.

Figure: SLA Deadline History

For more information, refer to the table below.

Field

Description

SLA Rule Name

The unique name of the SLA Rule configured.

Deadline

The Deadline as per the rule is displayed.

Updated By

The last person who updated the records.

Updated on

The time in which the records were last updated.

Business Rule History

View the list of Business rules triggered and satisfied for the Incident. It also provides a log of the business rules triggered with details.

Click on the highlighted part to reveal the business rules that were satisfied and triggered and vice versa.

  • Business Rules satisfied - This provides the details of the business rules that were triggered and satisfied.

    Figure: BR satisfied

  • Business Rules Not satisfied - This provides details of the business rules that were triggered and not satisfied.

    Figure: BR not satisfied

    Search Function is available for BR history logs using Keywords as shown below.

    Figure: BR History search

Note


Whenever an action fails during the processing of a business rule, resulting in a 'Failed' status, the Business Rule History will display the status as 'Failed' along with reason for the failure, accompanied by the error. This is crucial for facilitating the investigation of the issue.

Access History

It provides details of the access details and history of accesses in chronologically descending order.

Figure: Access History log

Import Template

A template guarantees uniformity in the manner in which incident data is recorded. By automatically filling in the fields, templates make the process of submitting new records easier.
Click the Import Template icon and apply the required templates from existing records. The following screen is displayed.
Figure: Import Template

Select the required template and Apply

Generate Summary

The Incident Management "Generate Summary" function streamlines the process of producing thorough incident summaries, guaranteeing that all relevant parties have a clear understanding of the incident details, resolution procedures, and any necessary follow-up actions.

Click the icon to generate a summary of the Incident.

Figure: Generate Summary

The Create Template icon can be used to create a new template from existing incident details.
  Click the Create Template icon and the following page is displayed.

Figure: Create Template

Provide a Template name with sufficient Tags for the template. Enable the toggle button to make the template available for the end user

More Options

Click the more options icon to view more options available to the Analyst. The following options are available in this section. Each section has been explained in detail below.

Figure: More Options

Reminder

Reminders are used in incident management as a proactive measure to guarantee that events are handled effectively, in accordance with SLAs, and with an emphasis on ongoing improvement.

Click Reminder and the following page is displayed.
Reminder Figure: Reminder

Set Reminders for specific date and time and enable Notify Me to receive Notifications. Also, you have an option to Create Incident for reminder too.

Remote Desktop

Remote desktop functionality is a valuable tool in incident management, where you make take control of the End user's system to analyze the issue. It is useful when it comes to troubleshooting and resolving IT issues.

Click Remote Desktop and the following page is displayed.
remote desktopFigure: Remote Desktop

Set Remote Desktop connections for specific RDP Type and add Analyst E-mail ID to send Notifications.
Also, the Requestor E-mail ID is selected by default, and you can change the same.

AI Suggestions

Artificial intelligence (AI) has the potential to significantly improve incident management procedures by providing insightful recommendations and modifications that increase productivity, accuracy, and issue-solving efficacy. AI-driven recommendations can help make incident management more proactive, effective, and responsive, which will ultimately enhance the delivery of IT services as a whole.

1. Click icon on the right of the top ribbon.

2. Click AI Suggestions and the following page is displayed.

AI suggestions

Figure: AI Suggestions

  • Based on the inputs such as Symptom and Description, Service Desk Intelligence scans all the available history or records and identifies similar records. Further, the Service Desk Intelligence understands human responses to similar records in the past and then provides suggestions. Analysts can view and apply the AI suggestions by clicking Apply. However, the predictions made by Service Desk Intelligence reflects past data. If sufficient records exist with “proper” data, the field predictions are in conjunction with that.

  • The Service Desk Intelligence makes the Analyst's job easier by auto filling the following fields of the Incident based on the Service Desk Intelligence: Workgroup, Impact, Urgency, Category, Classification. By default, these fields are enabled. Click Cancel if you do not want to apply the AI suggestions to the record's details page.

Transfer Incidents

The process of transferring responsibility for handling an incident from one support group or team to another. This transfer might occur for various reasons, such as when the initial team realizes that the incident requires expertise or resources beyond their scope, or when there's a predefined escalation or handover process in place.

Click Transfer Incidents and the following page is displayed.
transfer incidentsTransfer the Incidents to appropriate Tenant, Workgroup with Remarks on why is the Incident being transferred.

Article Suggestions

Article Suggestions provide articles of similar interest that can be referenced for resolution of the incident. This can help in knowledge sharing and problem solving. This knowledge sharing mechanism can enhance the efficiency and effectiveness of incident resolution process.

Click Article Suggestions and the following window is displayed.
Figure: Article Suggestions

User Record History

User record history refers to a record of events and modifications connected to a user's account or profile that is organized chronologically. It is a log or record of activities, changes, and updates related to a specific user's tickets. This record history provides a detailed timeline of interactions, communications, and any modifications made to a specific user's tickets throughout its lifecycle.

Click User Records History and the following window is displayed.
Figure: User Record History

It provides a log of the user who has logged an Incident. The screen shows details like ID, Status , Symptom etc. Click on the Incident ID to open the incident in a new tab. If there are many tickets logged by the user, a list of the tickets is displayed. Click Close to close the pop-up of User Record History.

Convert

The convert functionality is utilized to convert a record from its current status. For example. Incident to Service Request, Incident to Change Records, etc and vice versa. By doing so, you can efficiently manage and address specific issues associated with the converted record type.

Figure: Convert

Note

When an Incident is converted to a Service Request, a new tab is opened with the new Service record as given below. The fields get auto populated and the mandatory fields need to be filled in. Refer to the figure below for new Service Request.

Form relations play a crucial role in ensuring that the auto-populated data is coherent and logically correct.

Figure: New Service Request converted from Incident

Once you select the type of record to which you want to convert the Incident into, it will open a new details page of the selected record type. The details are auto-populated from the Incident record.

Send Email

The Send Email feature is designed to streamline communication within the Incident Management. It helps to have seamless communication between Analyst, End users and other stakeholders involved in the Incident resolution. for Click the Send Email to send the Incident as a mail. The following screen is displayed.

Figure: Send Email

Recipients Selection
Select the list of contacts: by users or by recipients. (Refer the following screenshots)Figure: Send Email - Recipient Selection

Once you click the text field, the following options appear:Figure: Recipient Selection

Click the first option to select the group of users to which you want to send the email. The options in the dropdown menu are: Users, User Groups, By Roles, Groups based on User Properties, Dynamic Groups, Approvers, Custom Email IDs. (Refer the following screenshot)Figure: Contact List - Groups

Once you select the required option from the first menu, the names of the Recipients are auto-populated in the next field. Click on the dropdown menu icon next to Select Recipient to expand the menu. It displays a list of recipients to choose from. (Refer the following screenshot)
Figure: Contact list - recipients

You can include additional recipients who should receive a copy of the email under the Cc section. Add recipients in the Bcc section to include additional recipients who should receive a copy of the email without other recipients knowing.

Notification Template Selection

Select the notification by clicking the Notification Template dropdown menu. (Refer the following screenshot)

Figure: Notification Template Selection.

Specify the Subject and Body for the email. Subject and Body are mandatory fields. You can also send attachments with the email. (Refer the following image)

Figure: Email body, subject, attachment

Click Submit to save the email settings. If you do now want to configure the Send Email option, click Cancel.


Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.