A major incident is a highest-impact, highest-urgency incident that affects a large number of users, depriving the business of one or more crucial services. Given the urgency of the situation, a well-coordinated response process is required to accelerate the resolution and minimize the business impact.

The goal of an organization is to have an effective and efficient system for responding to major incidents. The requirements are to:
  • Minimize the impact of service interruptions.
  • Ensure that an appropriate Incident Manager/Major Incident Team/Management Group are in place to manage a major incident.
  • Ensure that stakeholders are well-informed of service interruptions, degradations, and resolutions.
  • Conduct a review of each major incident once service is restored. Its purpose is to analyze the incident, and understand what can be done to prevent a similar incident in the future. This review also provides an opportunity to evaluate the incident response process and identify areas for improvement.
  • Create a problem for root cause analysis.
Keeping the goals in mind, a major incident management process can be broadly classified into the following phases:
Identification
The first step in the process is to identify a potential major incident. A potential major incident can be identified automatically based on trigger rules or an existing incident can be proposed as a major incident candidate. These incidents are classified as major incident candidates and are reviewed by major incident managers who initiate the major incident response process.
Communication and Collaboration
Timely communication during a major incident is crucial to ensure that the IT teams, business stakeholders, end users, and customers are informed about the impact and progress of the incident. An occurrence of a major incident requires a comprehensive communication plan that includes who is contacted, the methods and frequency of communication, messaging, and so on. The communication plan enables the incident response team to focus their efforts on the resolution process and sets expectations for any future communications.

You can define one or more communication plans based on the type, priority of the incident, or the target audience. For example, communication plans for a P1 major incident could have more frequent communication than a communication plan for a P2 major incident.

Throughout the life cycle of the major incident, notifications and status updates are sent to the stakeholders to keep them informed and involved.

Resolution
In this phase, the agreed upon path to resolution is followed to resolve the issue. Resolving a major incident resolves all associated child incidents, and the individual callers receive a notification about incident resolution.
Post incident review
This is the final phase of a major incident life cycle. After the major incident is resolved, a post-incident review is conducted. Its purpose is to analyze the incident and understand what can be done to prevent a similar incident in the future. This review also provides an opportunity to evaluate the incident response process and identify areas for improvement.

To streamline the process, a post-incident report is created when an incident is resolved. The post-incident report can be reviewed and updated during the review process before it is shared with stakeholders.

A major incident progresses through different states during its life cycle. The following diagram illustrates the different states involved in a major incident management:

Figure 1. Major Incident Management state flow
Major incident management state flow