INCIDENT MANAGEMENT

1. What is Incident Management?

Incident Management (IM) is the process of handling unplanned service disruptions and failures in an organisation — especially within IT — in a fast, structured, traceable and business-critical way.

The goal is to ensure that an incident:

✔ Is detected and triaged quickly
✔ Minimises disruption to operations and customers
✔ Is assigned the correct severity and priority
✔ Is handled by the right people and teams
✔ Is fully documented with audit-ready traceability

IM processes focus on:

• Detection → How is the incident identified?
• Classification → Severity, category, impact, business criticality
• Assignment → Who owns the incident?
• Resolution → What actions are required to resolve it?
• Communication → Who needs to be informed, when, and how?
• Post-Incident Review → What did we learn and how do we improve?

Important to understand:

Incident Management is primarily about response, governance and communication — not about log collection or technical troubleshooting tools.
Technical diagnosis happens in monitoring systems, logging frameworks and operational environments, but IM provides structure, priority, accountability and transparency.

2. Incident maturity depends on CMDB, relationships and service context

Effective Incident Management requires clear insight into:

• Which systems, services and Configuration Items (CIs) are affected
• Who depends on these components
• How upstream/downstream dependencies impact the organisation
• What severity level is actually appropriate

The CMDB is therefore the core of modern IM.

Example:

An incident on a database node does not only affect the database itself.
It may also impact:

• API services
• Authentication flows
• Tenant isolation
• Workflows consuming the database
• Monitoring and autoscaling
• Downstream dashboards and reporting

This cannot be mapped manually.
It requires CMDB relationships and dependency structures that automatically show the true impact scope.

3. Affected Items — the key to severity, governance and audit

Incident Management must answer:

• What is affected?
• Who is affected?
• Why is it affected?
• What is the impact level?
• What is the correct severity?
• What is the root cause?

IM ties technical information together with business governance and operational criticality.

4. Severity models, standards and triage

Modern organisations work with standardised severity levels, such as:

Standardised severity frameworks deliver:

✔ Clear expectations
✔ Correct prioritisation
✔ Faster engagement from the right teams
✔ Consistent communication with stakeholders

Practicle supports severity as part of:

• Classification
• Governance
• Communication
• SLA handling
• KPI and reporting

5. Task Management and Incident Workflows

Incident Management is strongest when it enables:

• Real-time communication and collaboration
• Breakdown of actions into manageable steps
• Timeline and life-cycle visibility
• Full documentation of all activities for audit
• Clear accountability through Incident Owner

Workflows in Incident Management are about:

• Coordination
• Speed
• Priority
• Transparency

They are not about automated remediation — that belongs to monitoring or automation systems.

6. Coordination with monitoring, logging and automation

A modern IM solution must:

• Receive incidents automatically via API/webhooks from monitoring systems
• Provide context using CMDB dependencies
• Link to Knowledge Base articles for troubleshooting
• Coordinate communication throughout the resolution
• Allow technical systems to handle remediation and automation

Incidents are not resolved inside the IM tool.
They are structured, governed and documented inside the IM tool.

Actual resolution happens through:

• Observability stacks (Wazuh, Prometheus, Elastic, OpenSearch, Grafana etc.)
• DevOps and automation tooling
• Infrastructure and application logs

Incident Management provides governance, communication, structure and audit-ready traceability.

7. Audit & compliance — what must an auditor be able to see?

An auditor must be able to open any incident and clearly see:

• Who created the incident
• Who took ownership
• Which severity was assigned — and the reasoning
• Which CIs were affected in the CMDB
• Which business services were impacted
• When it was detected, escalated and resolved
• All comments, actions and communication
• Links to related changes, tasks, SOPs or knowledge

Practicle stores a complete incident timeline:

• Status changes
• Severity adjustments
• Assigned teams and owners
• Comments and collaboration
• Related items (changes, tasks, problems, KB articles)
• Event chronology with timestamps

This provides auditors with a transparent, compliant and fully traceable record.

8. Practicle v4 — a complete Incident Management solution

Practicle v4 delivers a full IM platform with:

9. The brilliance of Practicle

Practicle stands out by combining:

• Rapid incident capture and triage
• CMDB-driven impact clarity
• Real Affected Item mapping
• Strong severity and governance controls
• Tasks, comments, ownership and collaboration
• Full timeline and audit visibility
• Integration with monitoring, automation and CI/CD

Practicle becomes a balanced, modern and collaboration-driven Incident Management platform that strengthens:

✔ Operations
✔ Governance
✔ Compliance
✔ Stability
✔ Visibility
✔ Prevention of future issues