Create an incident

  • Release version: Australia
  • Updated January 30, 2025
  • 7 minutes to read

    • Create an incident record to document a deviation from an expected standard of operation.

    Before you begin

    Role required: itil, sn_incident_write, or admin

    About this task

    This procedure describes how an ITIL agent completes the Incident form. Incidents are also logged when a user fills out a record producer in the service catalog, or sends an email to the instance.

    Procedure

    1. Navigate to All > Incident > Create New.
      You can also select New from the Incident list view.
      If the Incident module is not visible in the All menu, contact your system administrator to verify that the itil or sn_incident_write role is assigned to your user record.
    2. Optional: Use a template, if one exists for the type of incident that you are logging.
      If the organization uses form templates, then you can apply a template to pre-populate some of the fields for specific types of incidents.
    3. On the form, fill in the fields.
      Your organization has configured the Incident form to adhere to its incident management process. Enter information in the form field is based on the process. The following table describes typical Incident form fields.
      Table 1. Incident form
      Field Description
      Number Unique system-generated incident number.
      Caller User who contacted you with an issue.
      Category and Subcategory Type of issue. After selecting the category, select the subcategory, if applicable.
      Service Affected business service, if applicable.
      Note:

      If you select a business service as the configuration item and if that business service is also listed as the configuration item in any other active task, then the active tasks icon (Other active tasks) appears. Click the icon to view the list of all the other active tasks that are affecting the business service.

      You can view the BSM map (dependency view) of the selected business service by clicking the dependency icon (Open dependency view).
      Service Offering Service offering consists of one or more service commitments that uniquely define the level of service in terms of availability, scope, pricing, and packaging options. This field enables you to receive different features and their levels of performance for a given service.
      Configuration item Affected CI, if applicable.

      After a CI is selected, you can click the open Dependency views icon (Open dependency view) next to the field to see how the CI maps into the infrastructure. The dependency view shows you what is impacted and whether other CIs or services are experiencing issues. To capture information on the affected CIs, refer to Capture information on affected configuration items in an incident.

      When adding configuration items to the Configuration item field of an incident form, the search result containing a list of configuration items (CI) is displayed and sorted based on the CI names in alphabetical order.
      Channel Communication method that is used by the user to create the incident. Following are the available options:
      • Chat
      • Email
      • Phone
      • Monitoring
      • Self-service
      • Virtual agent
      • Walk-in
      Origin Source of the incident. For example, if an incident is created from alert, this field contains the value Alert. This is a auto-populated field and you cannot fill the value manually.
      State State of the incident. The state moves and tracks incidents through several stages of resolution.
      Tip:
      Use the State field, rather than the Incident State or Problem State fields, as your primary means of tracking the state of an incident because this state progresses through the entire processing cycle. To learn more, see Life cycle of an Incident.
      Impact Impact is a measure of the effect of an incident, problem, or change on business processes.
      Urgency Urgency is a measure of how long the resolution can be delayed until an incident, problem, or change has a significant business impact.
      Priority Priority is based on impact and urgency, and it identifies how quickly the service desk should address the task.
      Assignment group Group who will work on the incident.
      The business rule Populate Assignment Group based on CI/SO populates the Assignment group field based on the support group available for the configuration item (CI) or the Service offering consecutively.
      Note:
      The business rule is triggered when an incident is created or updated, and when the Assignment group and the Assigned to fields are empty.
      If you want to override the default value, then you need to create new properties and provide the field in the property value that must be used to populate the Assignment group field. Create the properties in the following order of preference:
      • com.snc.incident.ci_assignment_group.field_name: Identifies which CI field populates the Assignment group field.
      • com.snc.incident.service_offering_assignment_group.field_name: Identifies which service offering field populates the Assignment group field.
      Note:
      • The sys_user_group read ACL calls the SNCRoleUtil function. The function verifies whether the group that is reviewed contains either the admin role or security_admin role. The function enables the user to view the group only if the user has the same role. As a result, a user with the itil role cannot assign an incident to a group that has the admin role or security_admin role, nor to any group whose parent has those roles.
      • Other than using the read ACLs, you can also restrict incidents with specific assignment group(s) for visibility only to the group members using before-query business rule. For details, see How to restrict a specific group incidents to only its group members [KB0790987] article in the Now Support Knowledge Base. You must log in to view the article.
      Assigned to User who works on this incident. If the Assignment group changes, the Assigned to field is cleared.
      Short description Brief description of the incident.
      Description Detailed explanation on the incident.
      Attachments Attachments related to the incident that helps in incident resolution such as screenshots or pdfs. Select the Attachment (Attachment icon) to add and manage the attachments.
      Notes
      Watch list Users who receive notifications about this incident when comments are added. Click the add me icon (Add me icon) to add yourself to the watch list.
      Work notes list Users who receive notifications about this incident when work notes are added. Click the add me icon (Add me icon) to add yourself to the work notes list.
      Note:
      The administrator must create an email notification for the work notes list.
      Additional comments More information about the issue as needed. All users who can view incidents see additional comments.
      Work notes Information about how to resolve the incident, or steps taken to resolve it, if applicable.
      Actions taken A journal field where you can enter details of the actions taken for a major incident. This field is for only internal users.
      Note:
      This field is only visible when you activate the Major Incident Management plugin (com.snc.incident.mim).
      Related Records
      Parent Incident Unique number of the parent incident for this incident record.
      Problem Unique number of any related problem record that is related to the incident.
      Change Request Unique number of any related change request that is related to the incident.
      Caused by Change Unique number of the change request that resulted in the creation of the incident.
      Note:
      The Caller and Company fields are optional for the following situations:
      • An incident is created from an alert.
      • An incident is created from a change request. In such case, the change request number is populated in the Caused by Change field.
    4. Click Submit.

    Result

    The incident is created.

    What to do next

    • If you want to mail the incident record, click the more options icon (More options icon) in the title bar and select Email.

      The user who requested the incident and the user who is assigned to the incident are automatically populated in the list of recipients.

    • When an incident is created from a case, the Customer Service with Service Management plugin (com.sn_cs_sm) is installed and you have a customer service agent (sn_customerservice_agent) role, you can view the Customer Cases tab in the Related Links section of the Incident form. This tab contains the list of the customer cases associated with the incident record.
    • When there are one or more interaction records associated with the incident record, you can view the Interaction tab in the Related Links section of the Incident form that contains the list of the interaction records.
    • A Primary device health link appears on the Related Links section of the Incident form. Select to launch the Digital End-User Experience application and device health page for the selected CI in Service Operations Workspace on a separate browser tab. This tab enables agents to view all the available metrics and the device health for the selected CI, which were collected by DEX. You can also access this feature using the View device health option on the classic U16 CI record.
      Note:
      • DEX requires a separate entitlement.
      • This link is available to the agent only if the following conditions are met:
        • The selected CI is of type Device, which is also known as Endpoint.
        • The DEX plugin is installed on the instance. For more information on DEX, see Digital End-User Experience.
        • The DEX agent is installed on the selected CI.