"Fake" incidents

An open discussion on issues related directly or primarily to the service or help desk.
Post Reply
User avatar
Posts: 1
Joined: Sun May 15, 2011 8:00 pm

Tue May 17, 2011 11:08 am

What is the 'standard' way of handling those incidents from service level measurement perspective, which incidents were eventually not justified?

There is a call from a user to Service Desk, saying that when user is doing X activity with the application Y, he is facing "this and that" symptom, which is against his expections, so there is an issue which needs to be resolved.

So Service Desk is logging an incident which is routed to the 2nd level support team of the respective application. After a series of furhter queries and investigation, it turns out that the user was not right, the application was actually working according to specification, meaning the "issue" reported was not really an incident, there was no "incorrect behavior of service(s)", and there is nothing to restore in the business operation.
Simply the applicaiton was mis-used or the user did not know well how it works.

My question is related to the measurement of such "incidents" in the SLA reports: if the SLA of them were not met (breached), I think't it's not fair to measure them as well within the breached tickets, as they do not fulfill the incident defintion (should not have been raised at all).
Is it common to remove such tickets from the measurement? (I guess the ITIL process itself does not include any guidance regarding this matter).


User avatar
ITIL Expert
ITIL Expert
Posts: 3639
Joined: Fri Sep 15, 2006 8:00 pm
Location: London, UK

Tue May 17, 2011 11:58 am

You should have a proper classification for these so that these can be identified and collected and some action derived from the resulting data set

The issue the user may be perceived to have may be a lack of training or some such like that or in extreme circumstance - failure to follow instructions or listen to instructions

Sinec the SD spent time on a wild goose chase, these need to be tracked and measure to see if there is a pattern ... say after a major upgrade
John Hardesty
ITSM Manager's Certificate (Red Badge)

Change Management is POWER & CONTROL. /....evil laughter
User avatar
Posts: 1
Joined: Sat Mar 16, 2013 8:00 pm

Mon Mar 18, 2013 10:59 am

Just had an interesting discussion around "Fake" incidents. The issue in question is whether a "Fake" or "keyboard-n-chair" issue should fall under the ITIL definition of an incident. Or, is there another ITIL term we should be using...like event?

Any ideas?
User avatar
ITIL Expert
ITIL Expert
Posts: 1894
Joined: Mon Mar 03, 2008 7:00 pm
Location: Helensburgh

Mon Mar 18, 2013 6:15 pm

An incident should never breach an SLA because an SLA should not be about individual incidents. And genuinely fake incidents should be too rare to impact your figures.

If they are not that rare they indicate a problem of some kind. And if they cause much waste of time you may also have a problem with your first line diagnosis.
"Method goes far to prevent trouble in business: for it makes the task easy, hinders confusion, saves abundance of time, and instructs those that have business depending, both what to do and what to hope."
William Penn 1644-1718
User avatar
ITIL Expert
ITIL Expert
Posts: 550
Joined: Tue Aug 30, 2005 8:00 pm
Location: UK

Fri Apr 26, 2013 11:50 am

Diarmid, I think they mean breaching the service level target, which may, in turn lead to an SLA breach.
David64 - it is NOT an event. It is an incident, albeit, one where the underlying cause is lack of user knowledge. You could agree that these are excluded from SLA calculations, but better t address the underlying cause through training etc. Problem management should be responsible for this
Liz Gallacher,
Accredited ITIL and ISO/IEC20000 Trainer and Consultant - Freelance
Post Reply