Managing incidents

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Managing incidents

    Managing incidents in ServiceNow involves diagnosing, investigating, recording results, escalating, and promoting incidents to ensure timely resolution. The process heavily relies on human interaction, primarily by service desk agents who gather information from users and utilize the Configuration Management Database (CMDB) to aid diagnosis and investigation.

    Show full answer Show less

    Incident Diagnosis and Investigation

    Service desk agents use the incident details and communicate with users to diagnose issues. The CMDB, which holds data about hardware, software, and their relationships, supports this process. Discovery, available as a separate product, helps populate the CMDB. Work notes are added to incidents to facilitate communication, and updates can be sent via email notifications.

    Identifying Related Incidents

    • Related Incidents Icon: Appears beside the Caller field to show incidents linked to the same caller, helping agents quickly identify recurring issues.
    • Incidents by Same Caller Related List: Displays related incidents on the form and may require administrator configuration.
    • Dependency Views: Visual maps linked to configuration items (CIs) help find related incidents and attached tasks, improving root cause analysis.

    Incident Promotion and Request Creation

    When an incident is linked to a broader problem or requires infrastructure change, it can be promoted to a problem or change record directly from the incident form. This integration streamlines escalation to problem or change management processes. Additionally, agents can create hardware or software requests linked to incidents, useful when user resolution involves new equipment. This feature requires the Problem Management Best Practice – Jakarta plugin and is available starting with the Jakarta release.

    Incident Escalation

    To ensure incidents are resolved within organizational standards, two escalation methods are used:

    • Service Level Agreements (SLAs): SLAs track incident progress against agreed service quality and timeline targets, escalating incident priority as deadlines approach and serving as a performance metric for the service desk.
    • Inactivity Monitor: Generates events and notifications if incidents remain unupdated for a specified duration, preventing incidents from being overlooked.

    Working on incidents involves diagnosing and investigating the incident, recording results, and sometimes escalating or promoting the incident.

    Initial diagnosis of incidents is largely a human process. The service desk agent looks at the details of the incident and communicates with the user to diagnose the issue.

    To aid in the diagnosis, the service desk agent can query the configuration management database, or CMDB. The CMDB contains information about hardware and software within a network and the relationships between them. The CMDB can be populated by: Discovery . Discovery is available as a separate product.

    Incident investigation

    Incident investigation is also a human process. The service desk continues to use the information in the Incident form as well as the CMDB to solve the issue. Work notes are added to the incident as the service desk evaluates the incident, facilitating communication between the concerned parties. Work notes and other updates can be communicated to the concerned parties through email notifications.

    One way to investigate incidents is to determine whether related records exist, using one of the following features.

    Related incidents icon
    The show related incidents icon (Show related incidents icon) appears beside the Caller field when it is populated. Click the icon to view the list of incidents for the same caller.
    Note:
    Administrators can add this icon to any reference field by modifying the dictionary entry and adding the ref_contributions=user_show_incidents dictionary attribute. The icon appears only for users who have read or write access to the field. A UI macro named user_show_incidents defines the behavior. The UI macro must be active to view the related incidents icon.
    Incidents by Same Caller related list
    Another way to research related incidents is to use the Incidents by Same Caller related list. The administrator may need to configure the form to display this related list.
    Dependency views
    Dependency views can help find related incidents based on configuration items (CI). If a configuration item is attached to an incident, click the map icon (Dependency view icon) to display the dependency views map. In the dependency map, if you want to view the tasks that are attached to the CI, click the down arrow next to the CI and from the menu, select View Related Tasks.
    Figure 1. CI options
    CI options menu

    Incident promotion

    When the incident management team has determined that the cause of an incident is an error or widespread problem, the team initiates the problem management process. When the issue requires a change to the infrastructure or a business service, the team initiates the change management process.

    A menu item on the Incident form lets you create a problem or change record easily and associate the incident with the problem or change record. For more information, refer Create a record from incident
    Note:
    If the incident already has an associated problem or change record, you cannot create another record of the same task type.
    Sometimes, the resolution for the user is to request hardware or software for them. For example, a user may report a problem that requires a new mouse device or keyboard. The service desk agent can create a request from the incident. The incident is associated with the requested item.
    Note:
    This feature is available only in new instances starting with Jakarta or a later release. The Problem Management Best Practice – Jakarta plugin (com.snc.best_practice.problem.jakarta) plugin must be activate.

    Incident escalation

    There are two escalation methods the platform uses to track and report on incidents that are not being resolved according to your organization standards.

    Service level agreements (SLAs)
    SLAs monitor the progress of an incident according to a set of agreements between a service provider and customer that define the scope, quality, and speed of the services being provided. As time passes, the SLA escalates the priority of the incident and leaves a marker as to its progress. SLAs are also used as a performance indicator for the service desk.
    Inactivity monitor
    The inactivity monitor generates an event to prevent incidents from going unnoticed. When a certain amount of time has passed without an update to the incident, the event creates an email notification or triggers a script.