Major incident management process

Major incident management process involves proposing an incident as a major incident candidate, accepting the candidate as a major incident, working with the major incident management group and different stakeholders to resolve an issue and to communicate between different group members.

If a critical business service is impacted or if there is a service outage that affects large number of users, you can create a major incident. To create a major incident, you first propose that an incident becomes a major incident candidate. You can also create a new major incident candidate by clicking Create Major Incident Candidate from the left navigation pane. The major incident manager then analyses the candidate and decides whether a major incident is at all required. The Create major incident from candidate property ( .min.major_incident_creation) provides option to create a new major incident or to promote a major incident candidate to a major incident.
Note: The base system major incident trigger rules are disabled by default. You need to activate the trigger rules that define conditions under which an incident is automatically considered as a major incident candidate.

When you create a new major incident from a candidate, a new incident is created and becomes the major incident. The candidate is added as the child of the major incident. The major incident is automatically assigned to the Major Incident Management group. System automatically assigns the newly created parent major incident to a user when the On-Call Scheduling plugin (com.snc.on_call_rotation) is activated, a rota is defined for the major incident management group, and a user is available for the on-call rota. If no on-call rota exists, the major incident manager decides the user for the Assigned to field.

When a major incident candidate is promoted as a major incident, the incident itself is considered as a major incident. There is no new incident that is created. The value in the existing Assignment group or the Assigned to field does not change to the major incident management group or any user. The major incident manager needs to reassign the value of the fields as appropriate.

One of the crucial things in responding to a major incident is to involve right resources, communicate updates to the required users, initiate conference calls, and escalate an incident when required. In the Incident Alert (incident_alert) table, a new column Type is added that has Technical Communication and Business Communication as its value. To cater to the requirements, when a major incident is created, two incident alerts are generated automatically. These alerts appear in the Incident Alerts related list — Technical and Business Communication. Each of these incident alerts have incident alert tasks created automatically for managing collaboration and communication activities such as initial, update, and resolution notifications.

You can configure the automatic creation of Incident Alerts and Incident Alert Tasks using the Flow Designer .

For email communication, there are pre-composed email client templates for business as well as technical communication that is created for the Incident Alert Task [incident_alert_task] table.