Incident Management Policy
Policy is a management directive that significantly influences the processes and procedures. Incident Management Policy drives the decision making in incident management operations and ensures consistent and appropriate development and implementation of processes, metrics, roles, activities, etc., with regard to this policy. This policy will be reviewed annually and upon a change to the process and/or tool.
Incident Management Policy Template
Incident Management Policy Purpose
The purpose of this policy is to ensure that any incidents that affect the daily operations of the organization are managed through an established process.
Incident Management Policy Scope
This policy applies to all IT organization, including contracted vendors involved in activities that cause or require resolution to incidents. Therefore the scope of the Incident Management Policy includes the following:
- All IT supported locations
- All environments subject to the Incident Management Policy determined by the ITSM Steering Committee
- Vendor owned Incidents under IT service provider management
- Vendor/Partner owned Incidents under Vendor management
- IT service provider owned but Vendor supported Incidents
Incident Management Operations Guidelines
Guidelines for incident management operations section defines the guidelines for the recording, classifying, prioritizing, and communicating with IT stakeholders.
Guidelines to Decide Urgency
Guidelines to decide urgency section defines the guidelines for defining the urgency (urgency is defined based on how criticality of services) which is defined as critical, normal and low.
RACI (Responsibility, Accountability, Consulted & Informed) matrix clearly provides the segregation of roles and responsibilities as activities with respect to the incident management roles (service desk, incident manager, L2, technical lead, service delivery manager, customer service manager).
Service Level Agreements
SLA’s defines the agreement between IT service provider and the customer. SLAs section, defines how incidents have to be handled with priority P1/ P2/ P3, what should be the response time, restoration time, closure notification time, resolution time, and communication updates timing.
Reports define the key findings, details, and useful information presented to the different levels of management and users for making effective decisions and actions.
Reports section here talks about three types of reports like post incident report, weekly reports, monthly reports, etc.
Meetings section defines the types of meetings that should be conducted like daily meetings, weekly meeting and monthly meetings, its agenda, expected meeting outcomes, etc.
Responsibilities of Incident Manager
Responsibilities of incident manager defines the responsibilities with respect to different areas like governance, business impact assessment, involvement and etiquette in technical bridges, customer engagement, timely notifications, PIR (Post Incident Report), supplier management)