A IT service desk agent typically has only a few minutes to prioritize an incident. During those few minutes, the agent must record the contact, identify the issue, assess the impact and urgency of the issue, and react accordingly. All without irritating the end user.
The decisions made by the service desk agent in those few minutes will have a direct influence on end-user satisfaction; but end-user satisfaction is not the only thing impacted. The reputation of the IT organization, how work gets done within IT, and business productivity are all impacted by how well the service desk agent does their job.These are a few of the reasons why having a well-defined incident prioritization matrix is so crucial.
What is Incident Prioritization?
All incidents are important. But some incidents are more important than others. How the IT organization can determine the relative importance of an incident is through the use of an incident prioritization matrix. And defining an effective prioritization matrix is critical for end-user satisfaction, optimal use of resources, and minimized effect on the business.
Incident prioritization is a well-known, yet often underappreciated IT service management (ITSM) concept. Priority is made up of two factors:
- Impact – the degree or amount of harm to the business
- Urgency – how quickly the business needs a resolution
The combination of these two factors determine the priority of an incident, based upon business needs.
Typically, IT organizations will define criteria for evaluating the harm caused by an incident, as well as determining the timeframe for resolving the incident. Based on these criteria, an impact rating and an urgency rating are assigned to an incident.
These ratings are then compared to the values found in a priority table or matrix. And where the impact rating intersects with the urgency rating determines the priority assigned to an incident. The intention is that higher-rated incidents are worked on, and resolved, before lower-rated incidents.
Figure 1 – Example Incident Priority Matrix
Defining an incident prioritization matrix should not be a haphazard exercise. However, many IT organizations will arbitrarily define a prioritization matrix with no input from colleagues outside of IT. But how can such an approach reflect the needs of the business? Sadly, it probably doesn’t.
Defining an Incident Prioritization Matrix
Instead, defining an incident prioritization matrix must be a thoughtful, purposeful exercise that results in outcomes that meet business requirements, drives end-user satisfaction, and enables IT to be successful in managing an incident. This means that business colleagues, not the IT organization, must define the prioritization matrix.
What can IT do to help its business colleagues define an incident prioritization matrix?
- Conduct a Business Impact Analysis (BIA). A BIA is a formal assessment to determine and evaluate the potential effects of an interruption to business operations as a result of a disaster, accident, or emergency. A BIA quantifies the importance of business components and suggests the appropriate funding for measures to protect those components. One of the outputs from a BIA is a suggested recovery order and timeframes for business systems. For example, in the event of a disaster, should the business first concentrate on recovering its manufacturing capability or its customer service center? And what are the needed recovery timeframes for each business component? The answers to such questions provide the business perspective on “what’s most important” – and provides great input into the incident prioritization matrix.
- Identify Vital Business Functions (VBF). ITIL describes a VBF as “the part of a business process that is critical to the success of the business.” The identification of VBFs is used as input into availability designs for an IT service, as those services that support VBFs will require higher levels of resiliency and redundancy. And if higher levels of availability are required for a service, that would imply that an incident involving those services should have a higher level of impact and urgency assigned.
- Interview and survey senior managers and key stakeholders. Conduct formal discussions with senior managers and key stakeholders to understand how they use IT services on a day-to-day basis. Get their perspectives of what is important to the business, and how they would like to have IT respond in the event of a service interruption.
Measure the Right Things
Now that the business perspective has been captured and encoded into the incident prioritization matrix, we must properly measure how incident management is performing. This means that incident handling must be measured not only from the process perspective, but also from the business perspective.
Typical process measures include:
- MTTR (Mean Time to Resolve) – what is the average time it takes to resolve an incident (often broken down by specific priority rating)?
- Number of/percentage of incidents by priority – what is the volume of incidents by priority rating?
But we also need business-relevant measures for incident management, such as:
- Cost impact of incidents – what is the monetary impact of an incident? This could include labor costs and lost opportunity costs.
- Number of/percentage of incidents directly impacting the (external) customer – what is the volume of incidents that impact external customers?
Just as with defining the incident prioritization matrix, the business must be involved with defining the measures for incident management. Don’t just assume – involve your colleagues outside of IT!
Incident Prioritization is Not a “Once and Done” Activity
Keep in mind that defining an incident prioritization matrix is not a “once and done” activity. Businesses are continually evolving and changing, and the incident prioritization matrix must evolve and change as well.
Therefore, it’s important to periodically review the incident prioritization matrix (and associated measures) with key stakeholders outside of IT to ensure alignment with business needs. These reviews may identify adjustments to the matrix, as well as process improvements. But by conducting these periodic reviews, you can be assured that your incident prioritization matrix – and how incident management is performing overall – meets the needs of the business.
Ultimately, an incident prioritization matrix – if used correctly – will enable an IT organization to focus its limited resources on the most important issues first. It’s what the business wants and expects.