IT Services Incident Management

An incident is defined as "an unplanned interruption or degradation to an IT service".

The goal of incident management is to restore service as quickly as possible and minimise the impact to the organisation.

This article explains how IT services manages incidents and how you can help us, to help you.

Incident Logging

During normal service hours incidents are reported to the IT Service Desk via usual channels. See or specifically IT Service Desk - opening hours and how to contact us

It is important to state the impact when logging an incident. If there is a significant issue/outage which needs to be given priority or if escalation of an existing incident is needed, it is advisable to do this via telephone.

Please do not contact members of IT directly, as this may delay the response/resolution. Staff may be in meetings, on leave or off sick and therefore unable to respond. The IT Service Desk will ensure the incident is correctly logged, assigned and tracked and may already be aware of the issue.

Outside normal service hours telephone calls are diverted to an external support desk (NORMAN) provided by another HE institution. Only basic support can be provided and more serious incidents will be handed over to the IT Service Desk next working day.

Incident categorisation and prioritisation

Incidents are logged in the IT support tool (ServiceNow) and categorised based on the service impacted. The IT Service Desk team triage, monitor for patterns and potential high/critical priority incidents. Other IT staff may also identify issues and log incidents proactively. 

The following definitions and resulting priorities are built into the incident form:

Incident Impact description:

UniversalImpact is campus wide or is a key system outage or event, or affects key individuals
SignificantImpact is on a large proportion of campus, a full faculty or multiple buildings
PartialImpact affects part of a building or system or a group of users
IndividualImpact affects a handful of people or one person

Incident Urgency:

UrgentRisk to key events or business deadlines
Business As UsualNormal work, during business hours
ScheduledCan be done when possible, outside teaching year, out of hours

A combination of impact and urgency determines the priority and target times for response and resolution:

Incident Priority Matrix:

UrgentBusiness As UsualScheduled

Incident Investigation and Diagnosis

Our aim is to resolve an incident either at first point of contact, or at least at the first line of support (IT Service Desk). However, if the IT Service Desk are unable to resolve an incident, it will be escalated to a more specific support area.

The IT Service Desk or anyone else may alert the duty Major Incident Manager (MIM) of any incidents of concern. The duty MIM and or Head of Front Line Services can declare a Major Incident (MI).

A major incident is defined as being "an incident of sufficiently high impact that a considerable portion of the business, or a key business event, is not able to be carried out."

The MIM will pull together the incident response team and ensure resources are focussed on the incident resolution, escalating any concerns to the duty Executive team member.

The IT Communications team and the IT Executive will support outward communication and engagement with senior leadership across the university, as appropriate and depending on the impacted service(s).

Incident Resolution

If a permanent resolution is found, this will be confirmed with a sample of users and communicated more widely before incident closure.

It may be that a workaround can be provided in the interim to get users working again, before a permanent resolution is found. When this happens the incident will be classed as resolved in the IT support tool and further investigation will be carried out under a separate process called Problem Management.

Executive level engagement will consider at what point an incident is deemed to cross over into the University Critical Incident Management Plan (CIMP).

Post Incident Review

Incidents reviews are carried out regularly (typically high, critical and MI level), to identify any lessons learned, outstanding actions or process improvement opportunities.