ITSM - Major incident process and handling child incidents
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-16-2023 10:02 PM
Hi Everyone,
First time posting on these boards but I am hoping you may be able to help. Our organization is quite large, we have 100,000 staff spread out across a very large geographical location. We have many different teams who manage IT for our organization.
For our major incident process, our Service Desk manager (can be any fulfiller but Service Desk manager is usually the one) will propose a major incident through the incident form in ServiceNow, we usually use the first incident ticket that is proposed to coordinate the major incident (Parent ticket), if multiple tickets are proposed at around the same time, we will select the most detailed ticket. All subsequent tickets for this major incident are linked as child incidents to the parent incident as a parent-child relationship.
Currently our process is that the parent incident is assigned to the major incident manager who will create incident tasks and assign them to the relevant teams (this could mean 1 or 20 incident tasks depending on the service). This process works well for us but due to the size of the organization, a major incident has the potential to generate hundreds of child tickets. The current process is that our Service Desk will assign these tickets to the Incident management assignment group that the Major incident manager monitors, but this can quickly lead to this assignment group becoming unwieldy.
What are your recommendations on where child incidents should be placed? The issues with our current practice are:
- Due to the number of tickets, if a major incident is closed off, all the child tickets are automatically resolved but if a customer replies to say that the issue still exists then this may be missed.
- The queue cannot be used for other ticket types as an unrelated low priority incident or request will quickly be lost.
- Our service desk and service owners don’t want us to leave the tickets in their queue for the same reason.
- hundreds of child incidents can generate an enormous number of notifications.
My question is, how do you manage child incidents for a major incident in your organization? Do they stay with the Service Desk, go to the team who owns the specific Service? or do you have an assignment group specifically for holding child incidents?