Page 1 of 1

"Fake" incidents

Posted: Tue May 17, 2011 11:08 am
by henrikh
What is the 'standard' way of handling those incidents from service level measurement perspective, which incidents were eventually not justified?

There is a call from a user to Service Desk, saying that when user is doing X activity with the application Y, he is facing "this and that" symptom, which is against his expections, so there is an issue which needs to be resolved.

So Service Desk is logging an incident which is routed to the 2nd level support team of the respective application. After a series of furhter queries and investigation, it turns out that the user was not right, the application was actually working according to specification, meaning the "issue" reported was not really an incident, there was no "incorrect behavior of service(s)", and there is nothing to restore in the business operation.
Simply the applicaiton was mis-used or the user did not know well how it works.

My question is related to the measurement of such "incidents" in the SLA reports: if the SLA of them were not met (breached), I think't it's not fair to measure them as well within the breached tickets, as they do not fulfill the incident defintion (should not have been raised at all).
Is it common to remove such tickets from the measurement? (I guess the ITIL process itself does not include any guidance regarding this matter).


Posted: Tue May 17, 2011 11:58 am
You should have a proper classification for these so that these can be identified and collected and some action derived from the resulting data set

The issue the user may be perceived to have may be a lack of training or some such like that or in extreme circumstance - failure to follow instructions or listen to instructions

Sinec the SD spent time on a wild goose chase, these need to be tracked and measure to see if there is a pattern ... say after a major upgrade

"Fake" Incidents

Posted: Mon Mar 18, 2013 10:59 am
by David64
Just had an interesting discussion around "Fake" incidents. The issue in question is whether a "Fake" or "keyboard-n-chair" issue should fall under the ITIL definition of an incident. Or, is there another ITIL term we should be event?

Any ideas?

Posted: Mon Mar 18, 2013 6:15 pm
by Diarmid
An incident should never breach an SLA because an SLA should not be about individual incidents. And genuinely fake incidents should be too rare to impact your figures.

If they are not that rare they indicate a problem of some kind. And if they cause much waste of time you may also have a problem with your first line diagnosis.

Posted: Fri Apr 26, 2013 11:50 am
by LizGallacher
Diarmid, I think they mean breaching the service level target, which may, in turn lead to an SLA breach.
David64 - it is NOT an event. It is an incident, albeit, one where the underlying cause is lack of user knowledge. You could agree that these are excluded from SLA calculations, but better t address the underlying cause through training etc. Problem management should be responsible for this