A strong relationship between an IT department and a business team doesn’t develop by chance. As such, many businesses choose to use the comprehensive, consistent guidance offered by frameworks like the Information Technology Infrastructure Library (ITIL) to foster such relationships. Currently overseen by AXELOS, ITIL has been around in some form since the 1980s and is a proven way to align how IT services are chosen, planned, delivered, and managed with overall business needs.
Event management is a major part of ITIL. If you’re a large enterprise, thousands or even millions of “events” could occur every day across your network. Of course, these aren’t all significant, but for the many that are, it’s important to have a management plan in place that includes clear ITIL event management roles and responsibilities. This goes beyond basic event monitoring—incident management implies understanding and, if necessary, taking action to respond to events. The first step in doing so is understanding the difference between “events” and “incidents.”
The Difference Between Events and Incidents for Event Management ITIL
Event management is what admins do to monitor all events throughout an IT infrastructure. However, when talking about event management, it’s easy to get confused about the difference between “events” and “incidents.” These are terms ITIL tries to clarify through its guidelines. In casual language, both words more or less refer to things happening, but within the event management ITIL guidelines, there are key differences in what they mean to IT service operations.
- Events: Events are state changes that are significant to overall IT management. These could be routine changes or unusual or problematic changes. For instance, a user logging in, an application crashing, a backup successfully completing, or the utilization of a tool rapidly increasing are all types of events. While events can include incidents, they can also include occurrences that aren’t incidents. In short, event management is important for understanding what’s functioning, what might need action, and what’s going wrong.
- Incidents: Incidents are a subset of events that produce a negative effect on IT service operation. Essentially, incidents are when something “goes wrong.” Whether it’s delivered through automated software or admin action, an incident requires a response. Incidents can cause business disruptions, so it’s important to have a strategy and a software solution in place to catch and address them as quickly as possible.
An Introduction to ITIL Event Management Best Practices
ITIL event management—and, by extension, ITIL incident management—is all about addressing negative changes and restoring IT service quickly to minimize business disruptions and security risks. There is no single correct ITIL event management cycle for every business in every industry, as such standardization would ignore differences in setups, requirements, and resources. That said, ITIL service protocols can help you create a process that is more significant for management—and perhaps even motivate you to stick to this process, which is arguably the key to success. By starting with the following event management best practices, you’ll be well on your way to a more consistent and effective workflow.
- Detect, identify, and log the incident: An incident may initially be detected by automated software, an employee, or an IT team member. Typically, an incident reported by an employee comes through a help desk platform. You should gather as much information as you can about the incident to help identify it and make sure it’s logged in the system as an action item.
- Categorize incidents based on existing problems: In some cases, incidents will relate to other ongoing IT situations. In these cases, you should be sure to group these service operation events together, so you don’t end up working on the same overarching issue more than once. Categorization is also useful for organizing your IT team’s workflow, and for catching bigger trends that might point to underlying issues.
- Prioritize incidents based on impact: It doesn’t always make sense to address incidents in the order they occur—your team could end up working through minor aggravations before they get to major business disruption. Make sure to apply a transparent and dynamic prioritization protocol so you can make any necessary changes.
- Diagnose and delegate to facilitate a fast resolution: The first step in crafting an effective incident response is to understand the incident. This requires you to form a hypothesis using the best information available in the knowledge base. Sometimes this is enough to allow a first-line admin to fix the issue. If not, it’s time to escalate the situation and send the issue to an IT team member who can go further in-depth.
- Close the incident: An ITIL security management admin should make sure the incident was successfully resolved and can now be closed. To avoid confusion, only designated team members—typically service desk admins—should take care of this step of the workflow.
3 Best ITIL Security Management Tools
While, in theory, some small businesses may be able to get away with performing their ITIL event management process tasks manually, just about every business should be using software to automate most of its ITIL functions. Of course, the mere act of purchasing software isn’t a substitute for understanding event management guidelines, but the right programs can be invaluable for fulfilling ITIL principles.
I’m typically a fan of using SolarWinds products for event management. In fact, as shown below, the range of SolarWinds products helps illustrate the variety of different approaches to event management practices. Each of the following tools has a different emphasis, but they’re all strong contenders for a business needing better ITIL event management solutions.
1. Custom configurations built into a help desk with SolarWinds® Service Desk: This tool is all about leveling up the overall help desk experience for a business. With Service Desk, employees can submit their ticket requests and agents can provide faster and more consistent service. Features include ticket prioritization and a user-friendly interface, including a mobile app. Admin teams often struggle with managing IT changes, but Service Desk helps you structure releases and deployments, so you don’t cause business interruptions. One unique feature I like is that SolarWinds Service Desk captures real-time service desk data so you can compare against industry benchmarks, helping ensure your service stays top-of-line and compliant.
2. Incident Management with SolarWinds Web Help Desk®: Web Help Desk (WHD) can help you focus on the “incident management” part of ITIL, and can help make sure your IT team can perform the activities outlined in that category. WHD helps centralize and streamline this process with its customizable configuration items and great dashboard. It also has useful differentiation features—with WHD, you can create and manage a parent-child relationship with incident and problem tickets. What’s more, this tool can help you improve your help desk ticketing and asset inventory—both key activities for successful event management.
3. ITIL Information Security Management with SolarWinds Security Event Manager (formerly Log & Event Manager): If you aren’t necessarily looking for help desk features and want a tool focused more on threat management, a solution like Security Event Manager (SEM) is right up your alley. With features like automated security responses and compliance reporting, this event monitoring tool can help you streamline your ITIL event management processes. With SEM, you can monitor file and folder activity across your network and even enforce USB device policies. This is more than “security software”—it contributes to an enterprise’s incident response mission.