Incident Management Policy
The policy is a management directive that significantly influences the processes and procedures. Incident Management Policy drives the decision-making in incident management operations and ensures consistent and appropriate development and implementation of processes, metrics, roles, activities, etc., with regard to this policy. This policy will be reviewed annually and upon a change to the process and/or tool.
Incident Management Policy Template
Incident Management Policy Purpose
The purpose of this policy is to ensure that any incidents that affect the daily operations of the organization are managed through an established process.
Incident Management Policy Scope
This policy applies to all IT organizations, including contracted vendors involved in activities that cause or require resolution to incidents. Therefore the scope of the Incident Management Policy includes the following:
- All IT-supported locations
- All environments subject to the Incident Management Policy determined by the ITSM Steering Committee
- Vendor owned Incidents under IT service provider management
- Vendor/Partner owned Incidents under Vendor management
- IT service provider owned but Vendor supported Incidents
Incident Management Operations Guidelines
The incident management operations section guidelines define the guidelines for recording, classifying, prioritizing, and communicating with IT stakeholders.
Guidelines to Decide Urgency
Guidelines to decide urgency section defines the guidelines for defining the urgency (urgency is defined based on how criticality of services) is defined as critical, normal, and low.
RACI (Responsibility, Accountability, Consulted & Informed) matrix clearly provides the segregation of roles and responsibilities as activities with respect to the incident management roles (service desk, incident manager, L2, technical lead, service delivery manager, customer service manager).
Service Level Agreements
SLA defines the agreement between the IT service provider and the customer. The SLAs section defines how incidents have to be handled with priority P1/ P2/ P3, the response time, restoration time, closure notification time, resolution time, and communication updates timing.
Reports define the key findings, details, and useful information presented to the different levels of management and users for making effective decisions and actions.
The reports section here talks about three types of reports: post-incident reports, weekly reports, monthly reports, etc.
The meetings section defines the types of meetings that should be conducted, including daily meetings, weekly meetings, monthly meetings, agenda, expected meeting outcomes, etc.
Responsibilities of incident manager define the responsibilities concerning different areas like governance, business impact assessment, involvement, and etiquette in technical bridges, customer engagement, timely notifications, PIR (Post Incident Report), supplier management)