ITIL Incident Record Template

by Rahulprasad Hurkadli

ITIL is a framework for IT service management that focuses on aligning IT services with business needs. One important aspect of ITIL is incident management, which involves analyzing and resolving disruptions in IT services. During the initial analysis, ITIL gathers information about the incident, determines its priority, and identifies its root cause. This analysis sets the groundwork for resolving the incident and restoring IT services.

Importance of Initial Incident Analysis in ITIL

  • Identify the root cause: During the initial incident analysis, the IT team investigates the incident to determine its underlying cause. This is crucial for preventing future incidents or ensuring a timely resolution. By identifying the root cause, IT professionals can take appropriate corrective actions and implement preventive measures to minimize the recurrence of similar incidents.
  • Prioritize incidents: Incidents vary in terms of their impact on business operations. With the initial incident analysis, ITIL helps categorize and prioritize incidents based on their urgency and impact. This allows IT teams to allocate resources efficiently, focusing on critical incidents that require immediate attention and minimizing disruptions to the business.
  • Reduce downtime and disruptions: By conducting a thorough analysis of an incident, IT professionals can quickly assess the impact on services and take appropriate actions to restore normal operations. Identifying any dependencies or related components affected by the incident enables teams to resolve the issue promptly, minimizing downtime and reducing disruptions to users and customers.
  • Improve incident management processes: The initial incident analysis provides valuable insights into the effectiveness of existing incident management processes. By reviewing and analyzing incidents, organizations can identify areas for improvement, such as refining communication channels, streamlining escalation procedures, or updating knowledge bases. This allows for continuous improvement of incident management processes and ensures a more efficient and effective response to future incidents.

Initial Incident Analysis: Key Steps and Objectives

  • Define the incident: The first step in the initial incident analysis is to clearly define the incident and understand the scope of the problem. This involves gathering information about the incident, such as the time, location, and nature of the incident.
  • Identify the objectives: Once the incident is defined, the next step is to identify the objectives of the analysis. This could include determining the cause of the incident, assessing the impact and severity of the incident, identifying any immediate actions that need to be taken, and preventing similar incidents in the future.
  • Gather data: The next step is to gather all relevant data related to the incident. This can include incident reports, witness statements, photographs, videos, and any other pertinent information. It is important to collect as much data as possible to ensure a thorough analysis.
  • Analyze the data: After gathering the data, the next step is to analyze it. This involves reviewing the information and looking for any patterns, trends, or potential causes of the incident. It may also involve performing forensic analysis or consulting with subject matter experts to gain a better understanding of the incident.

Understanding the Incident Management Process

  • Incident identification: This is the first step in the process and involves recognizing and reporting an incident. Incidents can be reported by users, customers, or through monitoring systems.
  • Incident logging: Once an incident is identified, it needs to be logged in a centralized incident management system. This includes capturing key details such as the time of occurrence, the user or system affected, and the nature of the incident.
  • Incident categorization: The next step is to categorize the incident based on its urgency and impact on the organization. This helps prioritize the resolution process and allocate appropriate resources.
  • Incident prioritization: After categorization, incidents are prioritized based on their urgency and impact. High-priority incidents, which have a significant impact on operations, are given more immediate attention.
  • Incident investigation and diagnosis: This step involves analyzing the incident to determine its root cause. This may involve performing technical diagnostics, reviewing system logs, and gathering additional information from users or other stakeholders.

Gathering Relevant Incident Information

  • Identify the basic facts: Start by gathering basic details such as the date, time, and location of the incident. This information provides a foundation for understanding the context of what happened.
  • Note the parties involved: Identify the individuals or entities involved in the incident. This may include the names, roles, and contact information of those affected, witnesses, and any other relevant parties.
  • Record descriptions: Ask for detailed descriptions of what occurred. Encourage those involved to provide a chronological account of events, including any actions, exchanges, or conversations that took place. Pay attention to specific details and any documentation, such as photos or videos, that may be available.
  • Collect evidence: Gather any available evidence related to the incident. This can include photographs, videos, audio recordings, documents, or any other relevant materials. Evaluate the credibility and authenticity of the evidence to confirm its validity.

Categorizing and Prioritizing Incidents

  • Impact and Urgency Matrix: This method involves assessing the impact of an incident on the organization's operations and the urgency to resolve it. Incidents can be categorized into four quadrants based on their impact and urgency, such as high impact and high urgency, low impact and low urgency, etc. This matrix helps prioritize incidents based on their severity and criticality.
  • Severity Levels: Assigning severity levels to incidents can help categorize and prioritize them appropriately. This can be done by defining severity levels (e.g., critical, high, medium, low) based on the potential impact and business impact of the incident. Higher severity incidents will receive priority attention compared to lower severity ones.
  • Service Level Agreements (SLAs): SLAs define the expected response and resolution times for different types of incidents. Categorizing incidents based on SLAs helps prioritize them as per the agreed service levels. Incidents falling within the SLA timeframe may receive higher priority compared to those that breach the SLA.
  • Business Impact Analysis: Performing a business impact analysis (BIA) helps understand the potential consequences of an incident on business operations. By identifying critical business processes and resources, incidents affecting them can be prioritized more effectively to minimize disruption.
  • Incident Impact Assessments: Conducting impact assessments to evaluate the magnitude and scope of an incident can aid in prioritizing and categorizing incidents. Assessments consider factors such as the number of users affected, the duration of disruption, financial impact, and compliance risks to determine the priority of the incident.

Investigating the Root Cause of the Incident

  • Incident Documentation: Begin by collecting and reviewing all available information related to the incident. This may include incident reports, eyewitness accounts, photos, videos, system logs, and any other relevant documentation. Ensure that all evidence is preserved and organized for analysis.
  • Define the Incident: Clearly define the incident, including the impact, key events, and the timeframe in which it occurred. This will help establish a baseline and provide a starting point for investigation.
  • Gather Data: Collect data on various aspects related to the incident, such as equipment used, processes followed, environmental factors, personnel involved, and any recent changes or updates. Obtain as much relevant information as possible to ensure a comprehensive analysis.
  • Conduct Interviews: Interview individuals involved in or affected by the incident, including eyewitnesses, operators, maintenance personnel, supervisors, and any other relevant stakeholders. Their perspectives can offer valuable insights into potential causes or contributing factors.
  • Analyze the Data: Use analytical tools and techniques to examine the collected data. This may involve statistical analysis, trend analysis, failure mode analysis, or any other suitable method. Look for patterns, trends, and any deviations from normal operations.


The initial incident analysis in ITIL is crucial for several reasons. Firstly, it helps identify the root cause of the incident, allowing for effective resolution and prevention in the future. It also allows for quick identification of temporary solutions and supports the process of escalation.

Additionally, it aids in documentation, data collection, and meeting compliance requirements. Furthermore, it plays a significant role in continuous improvement by identifying areas for enhancement. Overall, it contributes to effective incident management and the success of IT services.