Incident or Service Request

Forum to discuss ITIL issues and disciplines covering Service Delivery.
Post Reply
User avatar
JHH
Newbie
Newbie
Posts: 1
Joined: Wed Jun 15, 2011 8:00 pm

Incident or Service Request

Post by JHH » Thu Jun 16, 2011 2:24 pm

ITIL V3 advises to classify/log incidents sperately from service requests. There is a debate in my organization as to what a "password reset" is. Yes, our Service Desk still has to do some of these manually. My view is that is is neither. It is a "solution" to an incident.

Anyone have any other thoughts?



User avatar
Diarmid
ITIL Expert
ITIL Expert
Posts: 1894
Joined: Mon Mar 03, 2008 7:00 pm
Location: Helensburgh

Post by Diarmid » Sat Jun 18, 2011 8:42 am

When people anguish over this kind of question, I rather think they have put themselves in an ITIL straitjacket. Password reset is a process with important connotations.

It could be requested because;
- forgotten
- expired
- changed (not always distinguishable from forgotten)
and if changed then this could be by legitimate process or by a breach of the system. In any event the user only requests a password reset because they know (or at least believe) that is the solution to their problem logging in.

The organization has to have a view on how to deal with it both in the sense of authentication and of monitoring and review. Why call it an incident or a service request? Why not manage it under something called Password Management (or Security Management!) and build into the process the capability of raising an incident if the situation warrants it?

One of the problems with calling it a service request is that other service requests are likely to be about "real" services and the approach to monitoring them does not lend itself to dealing with the potential security implications or even to the kind of incident analysis that looks into, for example, its too frequent occurrence leading to problem analysis if necessary.

One of the problems with branding it an incident is how you isolate it from "real" incidents, and if you do not isolate it, you need to be mature about how you measure its impact.

Just in passing, there is always a direct interruption to service if someone is unable to login until their password is reset. So, if you want to go by definitions, it has to be an incident. But that is being truly pedantic, beyond even my comfort zone.

Design the procedure to do what needs done and put it under some generic umbrella if your generic process is comfortable with it.

I'm sure some organizations will consider every such request as a security incident, but whether they manage it under the mantle of incident management or security management probably varies.

In the end Incident Management and Service Request are conceptual categories.
"Method goes far to prevent trouble in business: for it makes the task easy, hinders confusion, saves abundance of time, and instructs those that have business depending, both what to do and what to hope."
William Penn 1644-1718

User avatar
abu1
Senior Itiler
Senior Itiler
Posts: 30
Joined: Tue Oct 25, 2011 8:00 pm

Post by abu1 » Wed Nov 30, 2011 5:14 am

In the real world in any organisation a password reset is dealt by the servicedesk.

If your organisation is wasdting time debating these minor matters then they need to look at themselves ..

User avatar
Diarmid
ITIL Expert
ITIL Expert
Posts: 1894
Joined: Mon Mar 03, 2008 7:00 pm
Location: Helensburgh

Post by Diarmid » Wed Nov 30, 2011 5:42 am

In the real world a password reset has security implications that need to be addressed, whether it is dealt with by the service desk, or account managers or through some clever software, as many are.
"Method goes far to prevent trouble in business: for it makes the task easy, hinders confusion, saves abundance of time, and instructs those that have business depending, both what to do and what to hope."
William Penn 1644-1718

User avatar
Sammy024
Newbie
Newbie
Posts: 4
Joined: Mon Jan 13, 2014 7:00 pm

Post by Sammy024 » Tue Jan 14, 2014 5:38 pm

In real world yes - Password resets are done by Service Desk and is done under an incident . ITIL V3 though will tell you that any pwd resets are SR's. I have seen some companies do this ... Log an incident for the pwd reset but categorize the incident area as SR- pwd reset ....
This depends on how the client wants to accept is as. But ITIL wise pwd resets should be SR's.
8)

User avatar
MadhavaVermaDantuluri
Itiler
Itiler
Posts: 14
Joined: Tue Jan 28, 2014 7:00 pm
Location: Delhi, India
Contact:

Should be incident

Post by MadhavaVermaDantuluri » Thu Jan 30, 2014 10:27 pm

In our organization, we treat password reset as an incident by tagging it as "General function". So this way we won't need to confuse these type of incidents under the major real cases. Moreover on a average in a day, we receive around 20 such cases.

Post Reply