Does SNow has a way to analyze the Incident Service Level quality?

Joe78man · ‎12-31-2019

Hello guys,

I'm in charge of taking a sample and analyzing the incidents from the incident management perspective and measure the quality of the troubleshooting logs, customer interactions, correct use of incident status, etc.

So far I've been struggling to generate a report that would pull all the data we need to see to analyze it and many times we need to access SNow and manually search each incident to clear out doubs of the behavior of the team or the analysts. Sadly what is seen in the incident (activities) is not something that can be pulled in a report (very unsmart in my opinion), so we have to deal with work notes and comments and check the incident manually if we want more details.

I'm wondering if SNow offers any valuable alternative that does not require to use the admin tables and pull a huge amount of useless data (everything altogether is almost as bad as no info at all) that would help me make the analysis more agile.

Is there any feature that could help me achieve this or I have to get accustomed to the limited fields I currently pull?

Thanks,

Allen Andreas · ‎01-01-2020

Hi,

I'm struggling a bit to fully understand what you're wanting to do...but let's assume your organization uses KPIs....let's assume you all evaluate and use SLAs....AND...let's assume you all also take advantage of customer service surveys. So that alone is a ton of information to really get the ball rolling....then if you're being tasked to "sample" or spot-check 'x' amount of Incidents...that would mean you are looking at things beyond the data you've already received. The reason they are spot checked is because most likely it needs that human element to it, meaning...you would need to access those Incidents and look things over.

Again, you didn't really say WHAT you are looking for...so we can't really help there, but the comment about not being able to pull a report using what's in the activity log is false. You can...it's just annoying to allow those audited journal log fields be reportable for something that's more of an edge case situation. And then as far as any other data (like status changes and length of time, etc.) those can be tracked via metrics.

So if you could elaborate a bit more on what you're looking for in this sample size of records, we may be able to help, but I would almost imagine that looking at this individually is the purpose here...

Please mark reply as Helpful/Correct, if applicable. Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

Joe78man · ‎01-02-2020

Hi Allen,

What we do specifically is taking a sample of 10 incidents per analyst (monthly) and check those incidents in detail. Using SNow directly to do this is impractical because we need to capture the information in an external tool to be able to point out the errors, tips, behaviors, expressions, use of work notes and additional comments, attachments, approvals, etc. so, we pull what we can, which is comments and work notes, among other data, and import it in an excel file that has a master sheet with our QA parameters where we can check the criterias that failed and add comments of what was expected instead, save that data in a table that we then use to build up reports and provide feedback.

We dig into the incident and tell you if your work notes are completed, if they are clear enough, if when you used or should have used additional comments and advise you on your communication skills, etc. To be able to measure the performance we set we need the data. If there was a field called "activity log" that would return what you can see in the incident activity section it would be great, SNow shows it, I guessed it should be a field that would return the same in a report, if the only option to get more than comments and worknotes is pulling big tables with a lot of technical information just to capture when the state was changed or the pending reason used or if there is any screen capture attached then it's as good as not having the option.

We know many teams use the pending status to prevent SLA breaches which makes the SLA metrics less valuable since they don't reflect the reality. We discovered that by doing our analysis and checking each of the sample incidents where the pending was used.

Currently I pull the pending count to know if there was any pending set, open snow, look for the incident manually, browse the activities and ctrl-find pending to see who used it, when and if there is any work notes with the justification. Same thing with the priority.

There are many fields and information I see in an incident when I open it but then I can't find a field that would bring that same data in a report, such as many activities in the activity log.

if the URL contained the incident number it would be awesome, easy to parametrize, but I understand the only way to get the link is to pull the info from, again, the admin tables so I cannot optimize the access to the incident and we have to manually search for the incident number.

I'm looking for any field out there that I can pull that would help me automate more the process or know if SNow has anything to accomplish something like what we are doing.

MichaelNOW · ‎12-11-2021

Did you ever get an answer or solution as I have the same problem to solve?

Joe78man · ‎12-11-2021

Nope, the only alternative they offer is pulling data from some admin tables but they are full of pointless information that is near to useless for the amount of work to cherrypick the data you'd actually need, not mentioning the approval to access to those tables in particular.

I'm really amazed how a company could invest so much and earn so much with a product and there is no leader with enough common sense to make the activities a built in field that you could pull data from instead of requesting access to more tables and have the need to create the field by scripting and such. It's like they sell you the bricks, beams, cement and a picture of your house and then call that a service