Documente Academic
Documente Profesional
Documente Cultură
Author
Approved
Current Version
Issue Date
Review Date
13/09/2011 13:22:00
Document Control
Revision History
Version
Date
Author(s)
Notes on Revisions
2.1
12.09.11
Mark N R Smith
2.2
13.09.11
Mark N R Smith
Corrected typos
Approval
This document has been approved by:
Head of ICT
Signed:
Date:
12.09.11
I.Marshall
Page 2 of 7
File: ICT Incident Management Procedures - v2_2.docx
13/09/2011 13:22:00
Contents
1
2
3
Introduction ............................................................................................................ 4
Purpose ................................................................................................................... 4
Incident Procedure ................................................................................................. 4
3.1 ICT Procedure Checklist ................................................................................. 5
3.2 Incident Procedure Details .............................................................................. 5
3.2.1
Within the First 30 Minutes ..................................................................... 5
3.2.2
Within the First Hour ............................................................................... 6
3.2.3
Each Subsequent Hour ............................................................................. 6
Page 3 of 7
File: ICT Incident Management Procedures - v2_2.docx
13/09/2011 13:22:00
1 Introduction
This procedure details the steps to be taken in the event of a situation that is
affecting staff or student access to IT systems within ICT.
2 Purpose
All sections within ICT should use these procedures when a system (A system
could be an Operating System, Application, web service or hardware) is
unavailable, unresponsive or its security is compromised and a solution is not
identified within the first 30 minutes. This document details the steps that have to
be taken and provides guidelines on how to manage the incident.
3 Incident Procedure
Incident Identified
Triage
Form Incident
Management Team
Assess Impact
Initial phone call and email to:
VCO
Head of Service
Deans
SU
Invoke Support
Plan Comms
Work on fix/alternatives
Communicate
Stakeholders
Page 4 of 7
File: ICT Incident Management Procedures - v2_2.docx
13/09/2011 13:22:00
Action
Perform initial diagnosis
Attempt initial fix
Assess impact of fault
Plan Comms. based on impact
Action initial Comms. plan step(s) (Service
Desk)
Form ICT Incident Management Team
(IIMT)
Each hour
3.2
3.2.1
Done By
When
During the first 30 minutes the initial problem diagnosis will take place to gather
information, assess the impact of the problem and to attempt to establish a
recovery time to bring the service back into operation. This process will be
managed by the most senior member of staff available in the ICT business unit.
Based on diagnostic information and in conjunction with the service owners,
where applicable, fixes may be applied to restore the service.
Within 30 minutes of the problem if the service is not restored or judged
sufficiently serious, an ICT Incident Management Team (IIMT) will be formed.
An incident could be categorised as serious if:
Page 5 of 7
File: ICT Incident Management Procedures - v2_2.docx
13/09/2011 13:22:00
3.2.2
The IIMT will re-visit the impact assessment and formulate a communications
plan. For a serious incident this means the Service Desk (or member of the IIMT
if Service Desk not available) will telephone the VCO, the Heads of Service and
Faculties and the Students Union. A less serious incident will email affected
individuals. The communications will provide details of how to obtain more
information and how to get support for urgent business requirements. Also
feedback from affected individuals will inform the planning for communications,
the workaround situation.
The IIMT will produce an action plan to restore the service. The first item in the
action plan, done immediately, will be to invoke all the relevant third-party
support arrangements to work with ICT specialists. The existing system will not
then be changed except under the direction of third-party support except in a
limited easily-reversible way.
Also the IIMT will begin to consider alternative methods to provide the service
taking into account user feedback. During this time the IIMT will consider if the
issue requires greater resources than those available within ICT then the incident
should be escalated to the university IMT.
3.2.3
Each subsequent hour the IIMT will revisit the action plan on the basis of
additional information acquired. ICT specialists will continue to work with support
providers to diagnose and fix the problem. The Comms. plan will continue and be
refined in the light of further information, particularly about recovery times. The
IIMT will continue to consider if implementation of alternative service provision or
escalation to the University IMT is appropriate.
Page 6 of 7
File: ICT Incident Management Procedures - v2_2.docx
Elapsed
Time
Within 30
mins.
13/09/2011 13:22:00
Action
Done
By
Within
first hour
Each hour
Page 7 of 7
File: ICT Incident Management Procedures - v2_2.docx
When
(Date&Time)