Incident Management 1. Incident   An incident, defined as an unplanned interruption to an IT service.  1.1 Examples  Email not working  VPN down  Application slow  Printer not responding    2. Incident management   Incident management is the process of identifying, analyzing, and resolving incidents that disrupt normal business operations or IT services, with the goal of restoring services as quickly as possible and minimizing impact on users and business operations.    3. Objectives   Restore the service as quickly as possible  Minimize disruption to the user’s work  Manage the incident throughout its entire lifecycle  Support operational activities    4. How Incidents Can Be Created  Incidents can be raised in many ways:  Service Portal (self-service)  Email inbound actions  Phone call to Service Desk  ITSM Mobile app  Integration (API)  Auto-created via Monitoring/Event Management  Manually by agents in ServiceNow  5. Fields in the incident management    5.1 Caller  Caller field identifies the person who is reporting the issue.  5.2 Urgency   Three levels of urgency are given in the list box that are High, Medium, and Low as per the incident type.   5.3 Channel  Incident can be raised through following channels  1)Chat  2)Email  3) Phone  4)Self-service  5)Virtual Agent  6)Walk-in  Short description: A short description is a summary of an incident, typically used to quickly communicate the nature of the problem to relevant parties.    6. States  State: New, In Progress, On Hold, Resolved, Closed, canceled. These are the states where the incident is placed as the status of the incident by the ‘Assigned to person’.  6.1 Incident States in ServiceNow   State  Meaning  New  Raised but not yet acted on  In Progress  Work is ongoing  On Hold  Waiting for user/vendor/approval/information  Resolved  Fix applied; pending confirmation  Closed  Fully closed  Canceled  Invalid or mistakenly created    New: When incident is new and still not Assigned.  In Progress: When the incident is assigned to someone who can solve the incident.  Two fields are mandatory before putting your incident on-hold state that is   On hold reason and comments (visible to both Customer and IT staff)   On Hold: The On-Hold state in incident management is a temporary status where the incident resolution is suspended because the team is waiting for necessary action from the caller. In the On Hold state, the on-hold reason field is mandatory.  Resolved: The incident considered to be resolved when the service has been resolved to its normal state. The two fields are mandatory to fill.  1) Resolution code   2) Resolution notes  Closed: The incident is closed when issues are resolved, and all necessary actions are completed Canceled: The Canceled state represents an incident that is no longer required to be worked on.  This means the incident does not need investigation, troubleshooting, or resolution.  7. Incident Management – Table Fields (ServiceNow)    Table Name: incident  Field Name  Label  Description  number  Incident Number  Auto-generated unique number for each incident.  caller_id  Caller  The user who reported the incident.  short_description  Short Description  A brief summary of the issue.  description  Description  Detailed explanation of the issue.  category  Category  High-level classification (e.g., Network, Hardware, Software).  subcategory  Subcategory  More specific classification under category.  impact  Impact  Scope of the incident (Low/Medium/High).  urgency  Urgency  How quickly the issue needs to be resolved.  priority  Priority  Calculated from Impact + Urgency.  assignment_group  Assignment Group  The group responsible for working on the incident.  assigned_to  Assigned To  The person working on the incident.  state  State  Current status (New, In Progress, On Hold, Resolved, Closed).  on_hold_reason  On Hold Reason  Reason for putting the incident on hold.  resolve_time  Resolve Time  Date & time when the incident was resolved.  close_code  Close Code  Reason for closing (e.g., Solved Permanently, Duplicate).  close_notes  Close Notes  Notes added by resolver when closing.  opened_at  Opened At  Date & time incident was created.  opened_by  Opened By  User who created the incident.  updated_at  Updated At  Last modified date.  u_symptom  Symptom  Description of symptoms (custom field in many orgs).  cmdb_ci  Configuration Item (CI)  CI affected by the incident.  location  Location  Location of the caller or incident.  contact_type  Contact Type  How the incident was reported (Phone, Email, Self-Service).  work_notes  Work Notes  Internal notes by support team.  comments  Additional Comments  Notes visible to the caller.  sla_due  SLA Due  When the resolution is due as per SLA.  reassignment_count  Reassignment Count  Number of times the ticket was reassigned.  problem_id  Problem  Linked Problem record if related.  rfc  Change Request  Linked Change request if created from the incident.  knowledge  Knowledge  Checkbox to suggest a knowledge article.        Additional comment  Additional comments are used to capture information visible to and often entered by the end user (Caller) as well as IT staff. It facilitates communication between the service desk and the user.    Work note    This field is used to document internal notes and technical details about the incident, intended for IT staff and support teams only.