ServiceNow – Preferred Ways to Route Incidents to L2/L3 and How to Narrow Selectable TSOs

Short answer (recommended pattern)
------------------------------------------------------------
• Primary: **CI-driven routing (#4)** — Assign L2/L3 based on the CI (or Application Service) on the Incident. This aligns with CSDM and works for events/monitoring-created incidents as well.
• Complement: **Incident Tasks for specialist work (#5)** — Keep the parent Incident with L1 for ownership/comms/SLAs; spawn tasks to L2/L3 for deep-dive work.
• Avoid proliferating custom fields for TS/TSO on the Incident body unless you have a strong reporting need that can’t be met via relationships.

Why this works
- CI/App Service is the core of operational support in CSDM.
- Keeps Incident ownership clear (L1) while enabling parallel expert work (tasks).
- Supports auto-routing from Event Mgmt/AIOps where CI is already set.
- Minimizes customizations and preserves OOB reporting on Business Services/Offerings.

Implementation blueprint
------------------------------------------------------------
1) CSDM hygiene & data model
- Business Service (cmdb_ci_service with classification = business) and **Business Service Offering** (cmdb_ci_service_offering) are already on the Incident for L1.
- Ensure **Technical Services/Offerings** exist and are related to the underpinning CIs (infrastructure + application services).
- Map **support/assignment groups** on one or more of: CI, Application Service, Technical Service Offering (TSO). Use a single source of truth if possible.

2) Auto-assignment logic (priority order)
a) If **CI** present on Incident and CI has support_group/assignment_group → use it (L2/L3).
b) Else, if **Application Service** (app service CI) present → use its support group (or its TSO’s).
c) Else, derive candidate TSOs from the **Business Service Offering → related CIs** and pick the owning L2/L3 group.
d) Fallback → **BSO’s L1** group.
- Implement via **Assignment Rule** (ordered), or **Before Insert/Before Update Business Rule**, or **Flow Designer** action.

Example (scripted assignment rule, pseudo):
```js
(function executeRule(current) {
var grp = RoutingUtils.resolveL2Group(current);
if (grp) current.assignment_group = grp;
})();
```

Script Include (outline):
```js
var RoutingUtils = Class.create();
RoutingUtils.prototype = {
resolveL2Group: function(inc) {
// 1) CI-level
var ci = inc.cmdb_ci;
var g = this._getGroup(ci);
if (g) return g;
// 2) App Service (cmdb_ci_service with classification=technical/application)
var app = this._getAppServiceFromIncident(inc);
g = this._getGroup(app);
if (g) return g;
// 3) From BSO → related TSOs/CI
var tso = this._getTSOFromBSO(inc.service_offering);
g = this._getGroup(tso);
if (g) return g;
// 4) Fallback L1 from BSO
return this._getL1FromBSO(inc.service_offering);
},
// helper methods _getGroup(), _getAppServiceFromIncident(), _getTSOFromBSO(), _getL1FromBSO() omitted for brevity
type: 'RoutingUtils'
};
```

3) Keep ownership with L1; use **Incident Tasks** for L2/L3
- Parent Incident remains with **L1 assignment group** to handle comms/SLAs/coordination.
- Create **Incident Tasks** for L2/L3 teams. Auto-assign tasks from CI/App Service/TSO.
- When tasks close, L1 validates/communicates and resolves the parent Incident.
- Benefits: no need to reassign parent back and forth; clean audit.

4) Reassignment controls & SLAs
- If you do choose direct reassignment of the Incident, persist **original L1 group** in a custom “owner_group” (read-only) field to reassign back upon resolution.
- Ensure SLAs attach to the parent Incident, and define task-level SLAs separately if needed.

How to narrow selectable Technical Service Offerings (TSO)
------------------------------------------------------------
Goal: prevent agents from picking unrelated TSOs; keep choices relevant to the Incident context.

A) CI → TSO filter (best)
- Reference qualifier on TSO field: show TSOs linked to the Incident’s **cmdb_ci** (or its **Application Service**).
- Use **m2m tables** that relate services/offerings to CIs (e.g., **svc_ci_assoc** for service↔CI, and **m2m_service_offering_ci** for offering↔CI; table names can vary by release).
- Advanced ref qual example:
```js
javascript:(function() {
var ci = current.cmdb_ci;
if (!ci) return 'sys_id=javascript:gs.nil("none")';
// Candidates: TSOs that are related to this CI
// Example using m2m_service_offering_ci:
var ids = [];
var m2m = new GlideRecord('m2m_service_offering_ci'); // or service_offering_ci
m2m.addQuery('ci', ci);
m2m.query();
while (m2m.next()) ids.push(m2m.getValue('service_offering'));
if (!ids.length) return 'sys_id=javascript:gs.nil("none")';
return 'sys_idIN' + ids.join(',');
})();
```

B) BSO → TSO filter (fallback)
- If no CI, derive technical offerings connected to the Incident’s **Business Service Offering** via service relationships.
- Use **svc_ci_assoc** to traverse Business Service → App Service/Infra CI → TSO.

C) App Service → TSO
- When Incident has an **Application Service** CI, filter TSOs linked to that app service or its underpinning technical service.

Notes on svc_ci_assoc and scope
- **svc_ci_assoc** is a good starting point to navigate **service↔CI associations**. Depending on your version, it can include both Business and Technical Services, and both Application and Infrastructure CIs.
- For Offerings, use the offering↔CI m2m (commonly **m2m_service_offering_ci** / **service_offering_ci**). Validate in your instance.

Pros/Cons recap of your options
------------------------------------------------------------
#1 Extra TS/TSO fields on Incident – Simple reporting, but adds customization and ownership confusion.
#2 Replace BS/BSO with TS/TSO – Hides business context; not recommended.
#3 Manual reassignment – Low build, high agent effort & error-prone.
#4 **CI-driven routing** – Best fit to CSDM and monitoring, scalable, minimal customization. ✅
#5 **Incident Tasks for L2/L3** – Great for ownership and parallel work; adds some workflow config. ✅

Operational tips
------------------------------------------------------------
- Populate CI automatically where possible (Discovery, Event Mgmt, Transform Maps from source tools).
- Put **support_group** on CI/App Service/TSO as your single routing source of truth.
- Use **Assignment Rules** (ordered) + Script Include for clean governance.
- Provide a **“Propose CI”** quick action for L1 if CI is unknown.
- Add a **UI Action** to spawn Incident Tasks to common L2/L3 towers with pre-set groups from CI/TSO.
- For analytics, report on BS/BSO at the Incident level and on TS/TSO at the Task level.

Bottom line
------------------------------------------------------------
Adopt **#4 (CI-driven)** for automatic, CSDM-aligned routing. Use **#5 (Incident Tasks)** to keep L1 ownership and to engage L2/L3 experts without bouncing the parent Incident. Narrow TSO choices using **CI/App Service relationships** via **svc_ci_assoc** and the offering↔CI m2m table to keep selection relevant and clean.