Purpose
This document describes the process followed by Helpdesk for Major Incident Management
(Severity 1 and Severity 2).
Scope
This document is intended as a reference for CompanyX IS employees.
Overview
Major Incident is an unplanned interruption to an IS service which causes serious interruptions of
business activities (like affecting revenue, financial impact, potential loss of machine critical data,
damage to the reputation of business) that must be resolved with greater urgency. The aim is the
fast recovery of the service, where necessary by means of a Workaround. If required, specialist
support groups or third-party suppliers (3rd Level Support) are involved. If the correction of the
root cause is not possible, a Problem Record is created and transferred to Problem Management.
Related Documents
Document Title
User Access Management Process
Incident Priority Matrix
Incident Management Process
Problem Management Process
Abbreviations and Acronyms
Term
CMR
ECMR
MOD
NOC
SLO
SNOW
SOS
MOC
Description
Change Management Request
Emergency Change Management Request
Manager on Duty
Network Operations Center
Service Level Objective
Service Now
System Order Severity
Manager On Call
Common Terms
Term
Change Request
Everbridge
Incident
Problem
Description
A formal proposal for a Change to be made.
Third-party SMS mass notification system.
An unplanned interruption to an IS service or a reduction in quality of an IS
service. It could also be a failure of a configuration item such as server,
database, application, network, scheduled job, and so on, prior to service
disruption (Event Management input).
A problem is the unknown, underlying cause of one or more incidents. The
cause is usually unknown at the time of Record creation. Problem
Management process is responsible for further investigation.
Clarifications and Revisions
Please send an e-mail to cybersecurity@CompanyX.com for any of the following:
 Clarifications on this process
 Recommendations for revision
MAJOR INCIDENT MANAGEMENT PROCESS
The process flow diagram and process descriptions are provided in the following sections.
Severity 1 Process Flow
The following diagram shows the process activities. Double-click to view in the PDF Format.
Severity 1 Process Description
1. NOC team will send a bridge notification to IS users and call on-call support groups if it
is determined that a bridge is required.
2. If the incident is being worked upon by a vendor, ISP, or a power related issue, a
bridge is not required. NOC team will call on-call support groups if required.
Helpdesk/NOC works with the IT vendor/third-party on the resolution of this issue.
Once the issue is resolved and the confirmation is received, step 12 is followed.
Problem ticket will be assigned to the respective team who needs to coordinate with
the IT vendor/third-party.
3. MOC to call and inform the MOD on the Severity 1 incident and send SMS to the list of
members in the MOC list using MIR3.
4. If the magnitude of the impact is higher like Wolverine unavailable globally, it is treated
as an SOS. NOC and Helpdesk team will start calling the people on the SOS list. MOD
takes a decision on calling it out as an SOS.
5. For issues like e-mails are not available on mobile devices, SMS will be sent to
executives if it is decided on the bridge.
6. Alert message will be sent by the Helpdesk to the end users for issues which require a
communication. This needs to be discussed and decided on the bridge.
7. Initial diagnosis and troubleshooting is carried out by the support groups on the bridge.
8. When a potential resolution has been identified, this should be applied and tested to
ensure that the service has been fully restored to the users.
9. If a change is required to restore the services, an ECMR will be raised and it goes
through the Change Management process. Once the ECMR is implemented, it should
be tested to ensure that the service has been fully restored to the users.
10. After incident resolution, the incident ticket is assigned to the support group who
resolved this incident and the incident will be closed in SNOW. Only Helpdesk should
be closing the Severity 1 incident.
11. A problem ticket should be created against the incident in SNOW and assigned to the
respective support group (This will be discussed on the bridge).
12. The User and IS communications on the resolution/availability of the systems will be
sent out by the Helpdesk team.
Severity 2 Process Flow
The following diagram shows the process activities. Double-click to view the PDF.
Severity 2 Process Description
1. In most of the Severity 2 incidents, a bridge is not required. NOC/Helpdesk team calls
the on-call support groups. For the Severity 2 tickets generated out of alerts, the NOC
team calls the on-call support group. For User reported issues, the Helpdesk team
calls the on-call support group.
2. NOC team will send a bridge notification to IS users and call on-call support groups if it
is determined that a bridge is required.
3. If the incident is being worked upon by a vendor, ISP, or a power related issue, NOC
team will call on-call support groups if required. Helpdesk/NOC works with the IT
vendor/third-party on the resolution of this issue. Once the issue is resolved and the
confirmation is received, step 10 is followed.
4. For issues like e-mails are not available on mobile devices, SMS will be sent to
executives if it is required or the management requests for it.
5. Alert message will be sent by the Helpdesk to the end users for issues which require a
communication.
6. Initial diagnosis and troubleshooting is carried out by the support groups (if a bridge is
opened, the support groups do the troubleshooting on the bridge). If this is a recurring
incident, it goes the Problem Management Process. Refer to 05.84 Problem
Management Process.
7. When a potential resolution has been identified, this should be applied and tested to
ensure that the service has been fully restored to the users.
8. If a change is required to restore the services, a CMR will be raised and it goes
through the Change Management process. Once the CMR is implemented, it should
be tested to ensure that the service has been fully restored to the users.
9. After incident resolution, the incident ticket should be resolved in SNOW by the support
group who resolved the incident.
10. The User and IS communications on the resolution/availability of the systems will be
sent out by the Helpdesk team.