Incident Communications

Similar documents
Exhibit E - Support & Service Definitions. v1.11 /

SERVICE LEVEL AGREEMENT

Problem Management Why and how? Author : George Ritchie, Serio Ltd george dot- ritchie at- seriosoft.com

RUTGERS POLICY. Section Title: Legacy UMDNJ policies associated with Information Technology

MASTER SERVICE LEVEL AGREEMENT (MSLA)

Use of The Information Services Active Directory Service (AD) Code of Practice

Information Technology Services (ITS)

INCIDENT MANAGEMENT SCHEDULE

> SuperSTAR Suite. Customer Support Guide

Bloom Enhanced Performance Monitoring Service Level Agreement

Contact / Escalation Guide. For OPENHIVE Managed Services provided by Capita. Version 6.0

IT Services. incident criteria

Gradwell VoIP Migration Issues Report

Keywords: Escalation, Incident, Management, Process

Business Continuity Management Policy and Plan

MT Services Computer Systems Ltd MT Services SystemCare

b. Contact for contract issues/requests (Including billing)

Product Maintenance Services. General Terms for Product Maintenance

Business Continuity (Policy & Procedure)

Support and Service Management Service Description

ITIL A guide to incident management

Hosted Contact Centre (HCC) Customer Service Plan

Sagari Ltd. Service Catalogue and Service Level Agreement For Outsource IT Services

Understanding High Availability

NHS Lancashire North CCG Business Continuity Management Policy and Plan

Instructional Technology & Distance Education

Information Technology Services Core Services SLA

Oadby and Wigston Borough Council. Information and Communications Technology (I.C.T.) Section

Infasme Support. Incident Management Process. [Version 1.0]

Guardian365. Managed IT Support Services Suite

Resource Ordering and Status System. User Business Resumption Plan

BUSINESS CONTINUITY PLAN (TEMPLATE)

IRM Incident Communication and Response Plan

Customer Service Charter TEMPLATE. Customer Service Charter Version: 0.1 Issue date :

ITIL v3 Incident Management Process

ENTERPRISE SERVICE DESK (ESD) SERVICE DELIVERY GUIDE

A Guide to Categories & SLA Management

Managed Service for MaaS360 Helpdesk to Helpdesk Support Service Charter

Introduction to ITIL. Author : George Ritchie, Serio Ltd george dot- ritchie at- seriosoft.com

BrandMaker Service Level Agreement

IT Disaster Recovery...It's Just the Tip of the Business Continuity Iceberg

JOB DESCRIPTION. Financial Services and Support. Lead Service Desk Analyst

HP Service Manager. Software Version: 9.34 For the supported Windows and UNIX operating systems. Incident Management help topics for printing

Proving Control of the Infrastructure

Post Incident Review

IT Help Desk Call Priorities

POSITION DESCRIPTION. Service Desk Analyst. Information Technology Services

Organizing a Network Operation Centre on Campus

JOB SPECIFICATION. Service Support Manager ORGANISATION CHART: JOB PURPOSE:

i. Maintenance of the operating system, applications, content on the server, or fault tolerant network connections

Texas Digital Library Business Continuity Plan

Statement of Service Enterprise Services - AID Microsoft IIS

TVision Support Service Guidelines

Kaspersky Lab Product Support. Enterprise Support Program

How To Use The Pace Help Desk

Service Level Agreement

Supportworks Training

How To Create A Help Desk For A System Center System Manager

Auxilion Service Desk as a Service. Service Desk as a Service. Date January Commercial in Confidence Auxilion 2015 Page 1

Emergency Management Plan

Contact / Escalation Guide. For OPENHIVE Managed Services provided by Capita. Version 3.0

A Comparison of unmanaged AV against Managed AV Systems

The Service Provider will monitor the VM for the Customer and provide notifications on an opt in basis, which is strongly recommended.

SFJCCAD2 Promote business continuity management

The University of Glasgow Mobile Strategy

ITSM Process Description

Schedule A Support and Maintenance Agreement

excommerce Online Systems as a service

Informix Dynamic Server May Availability Solutions with Informix Dynamic Server 11

OPERATIONAL SERVICE LEVEL AGREEMENT BETWEEN THE CLIENT AND FOR THE PROVISION OF PRO-ACTIVE MONITORING & SUPPORT SERVICES

SERVICE SCHEDULE INFRASTRUCTURE AND PLATFORM SERVICES

Module 7: System Component Failure Contingencies

ITIL A guide to problem management

NOS for Network Support (903)

24/7 Monitoring Pro-Active Support High Availability Hardware & Software Helpdesk. itg CloudBase

Why Should Companies Take a Closer Look at Business Continuity Planning?

ICT Contingency Plan Top Level Plan

Blackboard Managed Hosting SM Disaster Recovery Planning Document

Enterprise File Service

Service Improvement. Part 1 The Frontline. Robert.Gormley@ed.ac.uk

SERVICE LEVEL AGREEMENT January 2015

Cisco Unified MobilityManager Version 1.2

We released this document in response to a Freedom of Information request. Over time it may become out of date. Department for Work and Pensions

Thales Service Definition for NOC Services for Cloud

Fully Managed IT Support. Proactive Maintenance. Disaster Recovery. Remote Support. Service Desk. Call Centre. Fully Managed Services Guide July 2007

Schools ICT Support Service (SITSS) Service Level Agreement 2014/15

SERVICE LEVEL AGREEMENT. CUIT Converged Infrastructure: Infrastructure Services for VM Hosting

DOCUMENT HISTORY LOG. Description

Cisco Change Management: Best Practices White Paper

Assigning Severity Codes

Client Services Manager Self and contribution to Team. Information Services

WHITEPAPER. 10 Simple Steps to ITIL Network Compliance

Emergency Management Policy v Page 1 of 12

Disaster Recovery Policy

RSA SecurID Tokens Service Level Agreement (SLA)

CCIT Change Management Procedures & Documentation

Network Configuration Management

ICT Strategy

Sheridan/Gillette College IT Help Desk Service Level Agreement

BUSINESS CLASS SERVICE FOR LARGE BUSINESS CUSTOMERS SOLUTION DESCRIPTION

Transcription:

Incident Communications Prepared for Front Line Alerts Procedure group Prepared by Drew McConnell Information Officer IT Services University of Glasgow June 2007 Updated Jan 2011

Contents Summary...4 Background...5 Incident communication...6 Factors...6 Incident sources...6 Audiences...6 Channels for communication...6 Message content...7 Current situation...7 Methodology...7 Current practice...7 Proposal...8 A possible template for incidents...8 Unplanned incidents...8 Planned incidents... 10 Closing an incident... 10 Reviewing an incident... 10 Areas for development... 10 Documentation... 10 Publicity... 10 Proposed roles and responsibilities... 11 Staff cover... 11 Communication channels... 11 2

Conclusions... 12 References... 13 Appendix 1... 14 Diary of an unplanned incident... 14 Appendix 2... 16 3

Summary Current incident communication methods require a review in order to ensure an accurate message is being given to the correct audience in a timely manner using the appropriate language. The proposals are:- The Help desk will act as a single point of contact for reporting all incidents and changes. The Information Officer will be responsible for publishing information to the appropriate communications channels including the Service Alerts. The Incident coordinator (the person managing the incident investigation and fix activity) will communicate through the Information officer. This will help to protect and improve IT Services (ITS) reputation as well as allowing service teams to work uninterrupted. There are several areas that are in need of development. These are: Documentation Publicity Roles and responsibilities Communication channels 4

Background An incident may affect one or more users. When an incident is expected to impact on a large number of users it is necessary to communicate this to them in an appropriate and timely manner. IT Services currently has several difficulties in communicating to the user community in the event of a planned or unexpected major loss or disruption of service. These include channels of communication that are not well known to our audiences and ambiguous internal processes for utilising those channels. The purpose of this report is to explore channels and methods of providing information to various University stake holders in the event of a disruption or loss to a service provided by IT Services. The report will describe current internal and external communication procedures in the event of an incident, either planned or unplanned, and propose a template for incident communication management. This report will focus on the communication process to the user and IT community. It will not define the types of service losses or on Business Continuity (BC) or Disaster Recovery (DR) processes. Definitions: Incident - any event which is not part of the standard operation of a service and which causes, or may cause, an interruption to, or a reduction in the quality of that service. Incident Co-ordinator (IC) - the person responsible for managing an incident response. This person would normally be the team leader of the affected service or an ITS director depending on the scale and nature of the incident. In the event of an unidentified incident the Information officer or the Helpdesk may be the IC until the incident is identified and passed to the appropriate team. Change Co-ordinator (CC) - the person responsible for managing a change. IO Information Officer or deputy N.B For the purposes of this report a planned change will be considered as a type of incident. 5

Incident communication Factors There are several factors to take into account for the successful communication of an incident these are: Incident sources Audiences Channels for communication Message content Incident sources When there is an incident the initial notice may come from several sources:- 1. Helpdesk 2. Other IT Services staff 3. Distributed IT community staff 4. Outside Source e.g. other member of staff, student etc It is preferable that all reporting should be via the Helpdesk as the first point of contact. Note: only the Helpdesk or other IT Services staff may formally raise an Incident. Audiences The target audiences for communication include:- IT Services staff Distributed IT support community Other staff Students Postgraduates Visitors General public Press Channels for communication The possible channels for communication currently include:- Service Alerts Websites (Spotlight, Landing pages, news or equivalent) Supportworks Moodle RSS 6

Telephone Telephone answering machine message University Voicemail broadcast Message of the day on Library CSCE Machines SMS text messaging Corporate communications (in the event that the press request information) Screen saver on Library CSCE machines Written publications e.g. University newsletter, mail shots etc Message content The language used in any communiqué should be appropriate for the target audience(s) and wherever possible in plain English i.e. no jargon, acronyms or cryptic references to network topology. The messages given need to be consistent, clear and concise. Current situation Methodology The current methods used for communication are:- 1. Service alerts system (http://alerts.gla.ac.uk) Directed at Technical IT staff. This is inputted by IT Services operators at the behest of an Incident or Change Co-ordinator. There is also an e-mail list which sends a copy of all alerts to a number of IT Services staff and an RSS feed. 2. Spotlight http://www.gla.ac.uk/it/helpdesk. Web information system directed at the main body of IT users. Various links exist elsewhere on the site that link to this page. E.g. www.gla.ac.uk/it /for staff, as well as on the main student computing page. 3. Email - Some departments and teams will email their users to make them aware of upcoming changes or current problems with a particular service. This is usually, but not always, done in conjunction with the Service alerts and/or the Spotlight. 4. News Content in some cases e.g. holiday arrangements, the news section of IT Services website (http://www.gla.ac.uk/it ) is used to communicate to users. The news section is mirrored in various locations throughout the site in an attempt to target the widest possible audience. Current practice At the moment alerts are raised as and when required. The subsequent actions e.g. Service alerts, mailing user groups etc, are picked up (or not) by IT staff on a fairly informal basis and rely solely on the practitioners rather than on a process. The language used is often terse and written for a specialist technical audience. (see appendix 1) In the case of emailing users it is not always possible to tell which users are receiving the message or if there are other affected groups who are not on the email list. 7

There are no systematic processes for informing end users of service outages or planned changes. Lack of information leads to user confusion and negative perceptions of IT Services even when a great deal of work is actually taking place. Proposal There are a large number of possible incidents ranging from relatively minor to catastrophic system failures. It is not possible to document procedures for each possible incident but the following is an attempt to create a procedural template which could be used and adapted for each eventuality. A possible template for incidents Unplanned incidents When an unplanned incident occurs the Incident Manager (IM) or the person discovering the Incident should contact the IT Help Desk with the following information:- What is the problem? (or the symptoms if problem is as yet unidentified) What is affected? Where is affected? Who is affected? The Helpdesk as part of their incident procedures will inform the Information Officer of these details at the earliest opportunity. The Information Officer (IO) will raise an alert using the appropriate language for the various channels. 8

The IO may seek clarification from the Incident co-ordinator and communications should then proceed as per figure 1. Figure 1 The IO should also consult with the helpdesk to determine the level of calls being received in relation to the incident. If the level of calls is very high the helpdesk manager may decide to stop logging calls but a record should be kept to monitor the levels of calls. There may also be incidents where the problem is resolved very quickly. In this event the IO should be informed to determine in conjunction with the Help Desk whether any user group requires reassurance. Any changes/developments throughout the course of the incident should be routed through the IO for further action on communication channels. Any requests for information or updates during the incident, including management requests, should be made to the Information Officer who will liaise with the Incident co-ordinator to make an appropriate response. (Figure 1) This process has the advantage of allowing the Incident co-ordinator and incident teams to work uninterrupted on the resolution of the incident as well as protecting and enhancing ITS reputation due to the fast response and correct and frequent information being circulated. (See figure 2) 9

Planned incidents A planned incident (i.e. a change) should follow the same general process as an unplanned incident, with the obvious exception that it would be the Change Co-ordinator who would be responsible for informing the Help Desk. This should be done as far in advance as possible. Closing an incident An unplanned incident would be deemed to be closed when all of the following are met:- The Incident Co-ordinator has declared a fix is in place. The helpdesk are receiving no calls relating to the incident after the fix is declared. (Subsequent calls relating to the incident should be double checked as they may have originated from before implementation of the fix). Affected users agree the incident is resolved. A planned incident would be closed when the planned change has been successfully carried out and tested. Reviewing an incident After an incident is closed a review of the communications procedures and events should take place using the following criteria:- Was every appropriate party informed in a timely and accurate manner? What lessons have been learned from this experience? Areas for development Documentation Records or logs should be kept of incidents and changes and a system of keeping these records developed. A contacts list for both internal and external contacts should be created and maintained. Publicity Several of ITS channels of communication are web based. If the affected members of staff are unaware of 10

these web pages then they are of little use informing users during an incident. Best practice would indicate that the Helpdesk should be the single point of contact 1 for users to approach IT Services and users should be made aware of this. End users are becoming increasingly intolerant of downtime and tend to expect 24/7 always on services. In any IT Infrastructure and certainly in one as complex as the Glasgow campus (which includes multiple remote sites), then some level of incidents is inevitable. Education of the end user of this fact should be a goal of any communication strategy. Proposed roles and responsibilities It is the responsibility of the: Incident discoverer to inform the helpdesk. Helpdesk to inform the Information Officer and any other appropriate staff. Information Officer to : o o o o publish information about the change or incident using available communication channels in the appropriate language. to solicit information from the appropriate expert (s) should that prove necessary. ensure communications are taking place. review the incident in conjunction with the ITS Director of user services. Incident or change manager to update the information officer of changes in the situation that may affect end users. Staff cover In the event of the Information Officer being unavailable 2nd and 3 rd line deputies should be appointed. The deputies should be familiar with all procedures and practices relating to incident communications as well as have some skill in using the appropriate language to the target audience. It is also essential to create and maintain contact lists of Key IT Services staff and functions Distributed IT Managers Communication channels 1 IT Infrastructure Library Service Support 11

The communication channels ITS use at the moment are either web or email based. In the unlikely event of a failure of both of these services we would be unable to communicate information about the incident. It is advisable to develop as a minimum a telephone network and/or a voluntarily subscribed-to SMS text service to communicate with the Distributed IT Community in particular. A further development would be the installation of a static web server in the disaster recovery suit serving up one web page at www.gla.ac.uk which we could use to communicate with staff, students and the rest of the world. There appears to be no email alerts list to the distributed IT community and the creation of a voluntarily subscribed-to list should be a priority. Conclusions There is a need to improve our current processes to: 1. Maintain and improve IT Services reputation- good incident response would reduce any negative reactions and focus on quick reaction time. 2. Assist in business continuity by keeping our users informed. 3. Allow Internal ITS staff to be more effective through better use of their time -The teams would not be spending time answering users requests for information or assistance. The Information Officer would be the single point of contact for external and internal communications and so we would, in effect, be creating a buffer between the ITS staff and the user community. Our current methods are not as widely known as would be desirable. This is an obvious problem and some thought needs to be given to the channels we actually want to use as and some efforts made to publicise and utilise these. There are clear areas that require development and a plan should be created and acted upon to implement these. 12

References Contingency Planning Guide for IT Systems - National Institute of Standards and Technology (US Department of Commerce) June 2002 IT Infrastructure Library (ITIL) - IT Service Management Forum 2007 Good Practice Guidelines - Business Continuity Institute 2007 Communicating in a crisis-communications for Management inc. 1996 13

Appendix 1 Diary of an unplanned incident This is an example based on an actual incident. Notice the difference between the technical language and the broadcast language. 09:50 Unidentified Network Service Issue 09.54 Service alert issued There is currently a problem with network routing which is being investigated Not all users/services will be affected. 09:55 Spotlight posted There is an, as yet, unidentified problem with the network which is being investigated. If you are experiencing loss of connectivity please wait 30 minutes and try again. IT Services apologises for any inconvenience. 10:06 update from Incident coordinator VRRP Subsystem in James Watt North has failed. Workaround in progress. Uncertain as to who or where is affected -possibly Library. 10.07 IO Called helpdesk HD report no related calls. CSCE operational in Library. 10:15 Service alert updated Service alert updated: An issue with part of the coding in the James Watt router was found and a work round put in place. Most services should now be restored. Further investigation is being carried out. 10:18 Spotlight updated A network issue has been resolved and most services should be restored. If you are still experiencing difficulties then please wait for 20 minutes and try again. If problems persist please contact the helpdesk. IT Services apologises for any inconvenience. 10.28 IC Informs IO incident resolved 10.30 Service alert updated Normal service has been restored. Fault was due to a mis-configured channel group on the router and difference in the default behaviour for VRRP grouping between CISCO code releases. 10.30 Spotlight updated A network issue has been resolved and most services should be restored. If you are still experiencing difficulties please contact the helpdesk. IT Services apologises for any inconvenience. 14

11.15 Called helpdesk Zero calls relating to the incident since fix implementation 11.25 Service alert archived 11.30 Spotlight removed 11.31 Incident closed 15

Appendix 2 1. end users 16

2. ITS staff Incident - any event which is not part of the standard operation of a service and which causes, or may cause, an interruption to, or a reduction in the quality of that service. I have discovered an Incident Inform the Helpdesk What is the problem? (or the symptoms if problem is unidentified) What is affected? Where is affected? Who is affected? 0141 330 4800 helpdesk@it.gla.ac.uk www.gla.ac.uk/helpdesk/its If known Investigate/repair/fix Incident Update as available Information officer 1. 0141 330 8532 2. 014 330 8796 3. 0141330 8099 4. 07971676904 its@it.gla.ac.uk 17

3. Information Officer Incident - any event which is not part of the standard operation of a service and which causes, or may cause, an interruption to, or a reduction in the quality of that service. Helpdesk Other source I have been informed of an Incident Start log Raise Spotlight? Issue service alert? Other channels? Service Alert Contact Net ops Network@it.gla.ac.uk Telephone: (+44) 141 330 4843 Fax: (+44) 141 330 4850 SPOTLIGHT www.gla.ac.uk/it/helpdesk Require more information/been updated/incident closed? Update spotlight and service alert Update log COMMUNICATE with helpdesk and Incident manager/team(s) Review Incident Where people appropriately informed? What could we do better? 18

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information