Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

What is the reason you cannot add a close incident to a problem record in ServiceNow OOB

dipak_thakor
ServiceNow Employee
ServiceNow Employee
3 weeks ago

What is the reason you cannot add a close incident to a problem record in ServiceNow OOB. This is a common point of confusion in ServiceNow and in ITIL practices more generally. Let’s unpack this carefully:

 

The Situation

 

You’ve got:

  • A Problem record — used to identify and eliminate the root cause of one or more incidents.

  • One or more Incidents — which are user-facing interruptions or degradations of service.

In ServiceNow, you can link incidents to a problem record (via the “Related Incidents” list) so that all related incidents are associated with the same underlying problem.

 

Why you can’t (or shouldn’t) add a closed incident to a problem

 

In out-of-box ServiceNow configurations, you cannot relate closed incidents to a problem record — 

 

The main reasons are process and governance:

  1. ITIL best practice encourages proactive problem management

    • Problem investigation should start while incidents are active or recently resolved.

    • Once incidents are closed, they’ve already gone through their lifecycle — reopening them or attaching them to a problem after closure can complicate metrics and reporting.

  2. Data integrity and reporting concerns

    • Attaching closed incidents later can skew KPIs such as “mean time to resolve” or “number of incidents per problem.”

    • Many organizations lock closed incidents from further modification to ensure audit consistency.

  3. Workflow and automation design

    • ServiceNow workflows often trigger notifications, updates, and status changes when incidents are linked to problems.

    • Doing this retroactively on a closed record may trigger unintended actions or break automation sequences.

 

What is the ITIL stance

 

ITIL does not strictly forbid linking closed incidents to problems. However:

  • Proactive Problem Management (identifying issues before they recur) focuses on open or recent incidents.

  • Reactive Problem Management (after incidents occur) can include analysis of closed incidents for trend analysis — but this is typically done via reporting and analytics, not by re-linking old incident records.

So, it’s not “against ITIL”, but it’s usually against local process controls designed to preserve clean data and audit trails.

0 Helpfuls
  • 1,943 Views