Should you take time to validate major incidents?


Before fully directing all of the operation’s resources, people and activities, it is best practice to validate the major incident. However, our advice would be to engage the primary Technical Resolver Group before validation in order to avoid losing essential resolution time.

There are several, often quick ways to validate that a major incident has occurred:

  1. Contact the affected end users
  2. The Technical Resolving Group can confirm that the technology or service is affected

Validation avoids wasting time, effort and resources. Here are some examples of instances that may have initially been flagged as a major incident, but following validation, could be down graded:

  • The affected infrastructure and related business critical services may have had a momentary alert, but still be functioning with no impact on end users or their services
  • It can often be the case in large organisations that an approved change is being implemented to the IT infrastructure, but this has not been communicated effectively within the IT operation
  • Limited information has been taken by the Service Desk that has been misinterpreted as a major incident
  • A service or device that is not live receives an alert or notification in Event Monitoring. Where teams are not familiar with the services/ assets or there is not clear documentation on what services/ assets are live, this can cause confusion.

Note: If, during the initial 15 minutes, the major incident has already been resolved, whether with or without action, the incident ticket should be retrospectively updated to ensure the historical information is available to the Technical Resolving Groups and Problem Management.