"Perceived Incident"???

An open discussion on issues related directly or primarily to the service or help desk.
Post Reply
User avatar
Posts: 1
Joined: Mon Apr 05, 2010 8:00 pm

Tue Apr 06, 2010 10:56 am

Lets assume that a use calls in to claim that something is wrong and they do not have access to an application.

After investigation, it is determined that this user is not supposed to have access to the application.

How would the help desk categorize this? Incident? Perceived Incident? I do not recall anything in ITIL Foundation about this.

Thank you!

User avatar
ITIL Expert
ITIL Expert
Posts: 105
Joined: Thu May 24, 2007 8:00 pm
Location: USA

Tue Apr 06, 2010 4:08 pm

I'd call it a closed incident. :-) Actually I'd categorize it as "user error".

You might need to add a procedure for such "perceived" incidents. What do you currently do if someone reports an incident but no one can recreate it? You could probably follow that procedure, just close (or cancel) the incident more quickly.
Ruth Mason
User avatar
ITIL Expert
ITIL Expert
Posts: 1894
Joined: Mon Mar 03, 2008 7:00 pm
Location: Helensburgh

Wed Apr 07, 2010 7:04 am

akantardjian wrote:I do not recall anything in ITIL Foundation about this.
I should hope not. This level of wisdom is the province of the si(x)th book.

ITIL foundation does not qualify you for the more esoteric stuff.

Of course, I may be wrong (Liz?), but if I was giving anyone a fundamental understanding of ITIL, I would emphasise that you have to decide for yourself exactly what is the best way to do things. And that would cover your question. If you start with what you want to do with it then giving it a category becomes easy.

Here is an answer that may or may not be of use to you:

Decide what you want to do with the information that such a call was received.

So, if you want to forget it and get on with the job, then classify it as a spurious call - but then monitor the volume of spurious calls to see if there is an underlying cause.

Or, if you are concerned that many people may have misapprehensions as to what services they were permitted to access, perhaps log it as an incident and when you have enough of them, pass it to problem management to look into.

Or, if you think it might have been a deliberate attempt to breach your access security, log it as an incident, don't close it, but pass it to your security manager for action (or to the customer/owner of the service requested, if that is more appropriate). In some environments this would be a mandatory procedure or there could be a protocol in the SLAs to deal with the situation.

Whether you call it an incident or an event or something else is a matter for what will make its nature clearly understood in your organization to the level that it is important or otherwise to you.

You may conclude from this answer that classifying the call is the least of your worries. I would maintain that it is not the first of them.
"Method goes far to prevent trouble in business: for it makes the task easy, hinders confusion, saves abundance of time, and instructs those that have business depending, both what to do and what to hope."
William Penn 1644-1718
Post Reply