ITSM Module 3: Incident Management
What are some PA KPIs that can help?
- % incidents assigned to a person who doesn't work there anymore - % incidents not updated in the last 5 days - Average age of open incidents - Average re-assignment open incidents - Average number of tasks per open ticket - Average spotlight score - Number of incidents re-opened
What does an Incident User perform?
-Create Incident -Read Incident -Update Incident (caller or itil) -Reopen Incident (in what situation can you reopen an incident?) (not closed, caller or itil) -Resolve Incident (caller or itil) -Propose Major Incident (itil) -Close Incident (caller) -Create Change (itil, not closed) -Create Problem (itil, not closed) -Create Request (itil, not closed)
What does an Incident Admin do?
-Delete Incident -Close Incident
What are some pain points of organizations in ITSM?
-Hard to predict demand/anticipate on demand -Not able to find the bottleneck of the re-opened tickets -Is my process compliant? -No idea where work is piling -Hard to prioritize work for my team -Can see if we are effective in tasks
What are the Assigned to methods and tips?
• Methods - Manual selection - Assign to me - On‐call scheduling • Tips - Disable Assign to me, which does not validate if "me" is a member of the current Assignment group
What are the Dictionary Overrides to specify Reference Qualifiers?
-Incident: javascript:GetGroupFilter('incident') -Change: javascript:GetGroupFilter('change') -Request: javascript:GetGroupFilter('request') This will make it so on the incident/change/request table, only assignment groups with type incident/change/request will show up in assignment group option
What does an Incident Manager perform?
-Manage Incident Properties -Read Incident -Update Incident -Resolve Incident -Reopen Incident -Propose Major Incident -Accept, Promote Major Incident (if major_incident_manager) -Create request -Create Change from Incident -Create outage from incident
What are some integration points?
-Platform Web Services -Event Management -Communication
What does a Business User perform?
-Read Incident (sn_incident_read) -Update Incident (sn_incident_write)(not closed)
What are the Incident Management platform roles?
-admin -itil_admin -itil -incident_manager -major_incident_manager -user(caller) -sn_incident_read -sn_incident_write -system
What value disables the feature of glide.ui.autoclose.time?
0
How do you configure the Activity log?
1. Click the Filter icon next to the Activity field. 2. Select Configure available fields. 3. Select fields to be displayed
What are the benefits of Notify plugin?
1. Compress response and resolution timelines by quickly connecting people 2. Reduce downtime, achieve SLAs, and increase satisfaction 3. Fewer integrations means lower total cost of ownership when compared to other notification solutions
What are the two ways in which the Category is populated on a form?
1. Have the agent (or end‐user) populate the category and sub‐category manually OR 2. Have the category (and sub‐category) populate based on the configuration item selected.
What is the Incident architecture?
1. Incident [incident] table stores incident records. 2. Incident extends from the Task [task] table. 3. Incident Task [incident_task] is a related table that extends from Task. This table appears as a related list on the Incident form. 4. Related records for other ITSM Processes. [change_request] [problem] 5. Referenced foundation data tables. 6. Incident fields referencing the table.
What additional information may pop up once the Caller field is populated?
1. Very Important Person (VIP) Flag - Field Style Callers, such as executives and leadership, may be designated as VIP users. VIP users' names appear in red to make them more visible to agents. In the baseline, a caller's VIP status does NOT affect the incident priority or any other process logic. This is managed in Highlight VIP Caller Client Script. 2. Caller Lookup Select Box -Reference Field Auto-Complete When entering a caller's name, the drop‐down list may display additional fields on the caller's user record to help ensure the proper caller is selected. This can be very helpful when callers have similar names. Some helpful fields to display include employee number, company, and department. In the baseline instance, the user's name and email address are displayed. However, additional fields may be added by adding the ref_ac_column attribute from the dictionary entry and listing all the columns you want visible. Note: When adding additional columns, if you would like to keep email in the pop‐up, you must manually add it to the new Reference auto completer columns attribute. 3. Reference Decorations By default there is a reference icon that provides a preview of the related record for all reference fields. Additional reference icons can be set up. For example, the Caller field displays an icon that links to show a list of the user's active incidents. This icon is controlled by the ref_contributions attribute. For a CI field the task_show_ci_map reference contribution value will display the icon that will launch the Dependency View. Note: ref_contribution icons will not be displayed when a field is read‐only unless the clickthrough=true attribute is added to the field's Dictionary entry.
What is MIM?
A major incident (MI) is an incident that results in significant disruption to the business and demands a response beyond the routine incident management process. Major incidents have a separate procedure with shorter timescales and urgency that is required to accelerate resolution process for incidents with high business impact.
What does agent assist allow you to do?
Agent Assist gives agents automatic search results that show possible solutions for records they open. It is pre‐configured to search Incident, Problem, Change, Knowledge, and Case tables for solutions, and can be configured to search additional information sources. Agent Assist is part of the contextual side panel within Agent Workspace. It uses contextual search and optionally machine learning
Which types of records may be populated using name:value pairs in inbound emails?
Any record that has an inbound action defined.
If com.snc.incident.autoclose.based is set true, what does that mean?
Auto closure of incidents is based on the Resolution date. If it's set to false it will be based on the Updated date.
What are some useful hidden fields and metrics?
Business duration [business_duration] •Elapsed time from create to resolve during SLA schedule Duration [calendar_duration] •Total elapsed time from create to resolve using 24 hour clock Child Incidents [child_incidents] •Count of child incidents Correlation ID [correlation_id] •Foreign key for integrations Reassignment count [reassignment_count] •Count of times assignment group was changed Reopen count [reopen_count] •Count of times incident was changed from Resolved to Open Time worked [time_worked] * •If used, cumulative time logged (manually reported) by the assignee
Which fields are being set in the newly created incident?
Caller, Comments, Short description, Category, State, Notify, Contact type, Assigned to, Impact, and Urgency.
Where do you create and manage email client templates?
Email Client > Email Client Templates.
How do you send an email directly from a record?
Email Client plugin (com.glide.email_client), which is active by default on the Now Platform To open the email client in a workspace, open a record and navigate to More options > Compose Email.
What property closes open incident tasks when an incident is closed or cancelled?
Enable System property ‐ com.snc.incident.incident_task.closure
Should you use State or Incident State?
Even though there are business rules to keep values in sync, use State [state] rather than Incident State [incident_state]. This is especially useful for reporting across multiple types of tasks, since State is available at the task level.
What should the default value of Send to event creator be?
False because it doesn't make sense to send a notification to the person who created the event.
How does Incident management interact with ITIL processes?
For example, portal users may create new incidents using record producers through the service catalog. Service Desk and internal users will: • Track changes that caused incidents and create change requests to resolve incidents • Relate and tracks CIs (components and/or services), services, and service offerings to incident records affected by service interruptions • Use knowledge articles to troubleshoot and resolve incidents, and create knowledge articles from incident resolution steps• Use workarounds for recurring incidents being investigated by Problem Management and create known errors
What is the Now Agent application?
In conjunction with the ITSM Mobile Agent (sn_itsm_mobile_agt) plugin, the Now Agent application frees IT service agents from their desks and enable them to work on the go. Resolvers are able to access incidents from their mobile and tablet devices to accelerate service restoration and critical incident resolution.
What can inbound email actions do in the system?
Incident •Create/Update incident Change •Update change Problem •Update problem Request Item •Update request item Approval •Approve/Reject approval
What plugins are associated with MIM?
Incident Management ‐ Major Incident Management plugin (com.snc.incident.mim). This plugin may also activate related plugins, if they are not already active: • Incident Communications Management (com.snc.iam) • Incident Updates (com.snc.incident.updates) • Task‐Outage Relationship (com.snc.task_outage)
How does Slack integrate with SN?
Key features • Send a direct message to the caller • Assign the incident to a user • Create a collaboration channel for an incident • View and join a channel from an incident • Create and update incident using a Slash Command • View who is on‐call for a group
Why leverage the group Type field?
Leverage the group Type field and reference qualifiers to restrict assignment options to only include appropriate groups. Group types in the base instance include catalog, itil, and survey. A group may be assigned several group types.
How do you automate Major Incident Creation?
Major Incidents > Administration > Major Incident Trigger Rules There are three pre‐defined trigger rules available with the Major Incident Management plugin: • Critical Business Services Impacted • Number of child Incidents • P1 Incident System Administrators and Incident Managers have the ability to modify and/or create additional trigger rules.
What are the different ways Incidents are created?
Most incidents are generated through interactions (call, chat, walk‐up, etc.) with the service desk. However, there are other ways to create incidents: • Through end‐user facing portals such as the Service Portal, record producers allow you to create task‐based records, such as incidents. The record producer copies the user input and populates the incident. • Using Connect Support (chat), service desk agents can create and collaborate on incidents. Alternatively, end users can also create incidents from Virtual Agent (chat bot). • Using inbound email, users or third‐party systems can send email to an address pointed at your ServiceNow instance. When ServiceNow receives the email, it may be processed as an incident or a different type of record (depending upon the conditions). • Webservices (i.e. import sets, REST, SOAP) allows third‐party systems to integrate and communicate with ServiceNow to create, update, and delete records such as incidents.
Is the Description field set based on the email body?
No, the email body is scoped to the Comments field.
What is Notify?
Notify is a free plugin used for communicating internally with team members and externally with customers and contractors Notify also provides APIs and workflow activities to achieve the above. This feature is most commonly powered by (integrated with) Twilio, which is a robust cloud communication infrastructure. On‐call scheduling works best with Notify as recipients can respond to assignment or acknowledgment alerts via phone call or text message. The interactions can also be tracked and managed directly in the system
What is the third tab for on-call that you can purchase?
On‐Call Scheduling Performance. This tab provides a detailed review of how well escalations are being processed. You have precise control of the data that describes escalation progress using filters like group, priority, level, or escalation category. Within this tab are three sub-tabs: • All Escalations • Acknowledged Escalations • Unacknowledged Escalations
What is on-call scheduling?
On‐call scheduling provides a way to determine which member of a user group is available to complete a task, for example to find the right person to assign an incident. It enables organizations to ensure that dedicated support team members are available to resolve any issues as they arise. On‐call scheduling is first defined by schedules and schedule templates. From there, users can be assigned shifts within the defined schedule through a roster. Roster members can be assigned as primary, secondary, tertiary, etc. The turn of duty between roster members is defined through the rotation and escalations defined.
What tool do you use to see what an end user sees article wise?
Optionally, administrators may enable Search as. This feature returns search results as both the current user and a specified user on the current form (i.e. caller). This allows agents to be confident that articles shared with users are appropriate. To configure the properties of contextual search on a table admins can navigate to Contextual Search > Table Configurations
How do SLA flows work?
SLA Flows use percentages to time Breach Warning and Breach Notice emails rather than actual time. This allows a single, generic SLA workflow to work in most instances. Note that the SLA Percentage Timers are cumulative. 1. Trigger at 50% of the SLA duration. 2. Trigger at 75% of the total SLA duration. 3. At 100% SLA duration, Has Breached = true.
Why use inbound email triggers in flow designer?
Save time from responding to emails manually when you configure your instance to send replies, create incidents, or update records automatically in response to inbound emails. You can define system responses to inbound emails in two ways: • • Create an inbound email flow in Flow Designer (New for New York) • Script an inbound email action
Why are SNC script includes read only?
Script includes with SNC in the name are meant to be read‐only. This ensures that the SNC script includes are updated during upgrades. To override a function defined in an "SNC" Script Include, copy that function to the paired version of the script include that does not contain "SNC." Paste and customize the function there. If SNC is at the end, it's read only.
How will the Activity log be viewed for different users/roles?
Security still applies! Activity log entries are filtered against the current user's access rights.Example: End users will not see Work Notes.
Where do you create and maintain Record Producers?
Service Catalog > Catalog Definition > Record Producers
How can you trigger the timing of surveys?
Survey administrators can use trigger conditions to configure the system to generate a survey instance each time a specified action occurs on a specified table such as when an incident closes. The system sends the survey to user(s) that are related to the triggering record, for example, incident callers. You can choose to send a survey every time the condition is met, or you can set a probability for the system to send a survey at random when the condition is met.
Who can create and maintain surveys and configured how they are distributed and published?
Survey administrators—users with the survey_admin role
Where do you find Priority Lookup Rules?
System Policy > Rules > Priority Lookup Rules
What is a form of Incident deflection?
The Related Search Results that appear on incident records Incident deflection aims to help users resolve issues before they submitting an incident by providing related items such as knowledge articles, catalog items, open and resolved incidents, and open and resolved problems. It is by default added to the Additional comments (Customer visible) field. You can specify the field based on the table, either globally or locally. The local field for a table overrides the global default field value. To specify the global field, navigate to Knowledge > Administration > Properties > Other Knowledge Properties and specify the name of the field in the glide.knowman.attach.fields property.
How is the Assignment group field populated?
The business rule Populate Assignment Group based on CI/SO triggers the functionality when an incident, problem, or change request is created or updated and when the Assignment group and the Assigned to field is empty.
What is the default value of the glide.ui.autoclose.time?
The default time for resolved incidents to be closed by the system is SEVEN days (previously ONE day).
What is the MIM workflow?
The first step in the process is to identify a potential major incident and document it as major incident candidate. Incident Users: -Propose Major Incident from the context menu of the Incident form -Create Major Incident Candidate from the left navigation pane. -Automatically document an incident as a major incident candidate based on the major incident trigger rules Major Incident Managers: • Promote a candidate to a major incident by clicking Promote to Major Incident from the context menu. • Create a new major incident by clicking Create Major Incident from the left navigation pane. • Promote an incident to a major incident without going through the proposal process.
How would you impose prerequisites or limits for moving from one state to another?
To impose prerequisites or limits for moving from one state to another, incorporate new logic in the IncidentState script include. As a best practice, refer to states in code using the constants (IncidentState.NEW) rather than values (1)
Will this capability be more useful to you when processing emails from users or devices/applications?
Users
What are the On hold reasons?
When the State field is set to On Hold, a UI Policy makes the On Hold reason field visible on the form. Options available for On Hold reason include: • Awaiting Caller -There is no baseline application logic that will update the state if a caller updates the incident. Some customers choose to update the state back to In Progress if a caller updates the incident. The state must be updated manually. • Awaiting Change -There is no baseline application logic that will update the state if a related change request is updated. The state must be updated manually. • Awaiting Problem -Users in the Problem application may resolve related incidents through a UI Action available in the Problem application. • Awaiting Vendor -There is no baseline application logic that will update the state of an incident that is Awaiting Vendor. The state must be updated manually
What plugins allow users to create Knowledge from an incident?
With the Knowledge Management Advanced (Com.snc.knowledge_advanced) and the KCS Integration for Incident Management plugins, users are able to create a knowledge article directly from the (resolved) incident record. Clicking Create Knowledge from the Related Links section will redirect users to a new knowledge article record which leverages the Incident KCS Article template. ServiceNow automatically maps key fields from the incident record to the knowledge article record and users are able to select the knowledge base to save the article to.
What is the processing order of inbound emails?
With the inbound email trigger in Flow Designer, you can create flows that define the automated processes that your instance takes when it receives an email. Inbound email flows take priority over inbound email actions. If you create flows with inbound email triggers, emails are first processed by the inbound email triggers before they are processed by inbound email actions. When an email is sent to your instance, the system first classifies the email as a reply, forward, or new email. Then the system runs the inbound email through an inbound email flow. If the flow issues stop processing, the email is finished being processed. If the flow does not issue stop processing, the system tries to match the email to another inbound email flow. If at any point the email does not match with an inbound email flow, the system matches the email to an inbound email action instead.
What are two ways to transfer information from once incident to another?
You can copy or create child incident without manually entering the value of all the fields in the new incident. The Copy Incident functionality copies the details of an existing incident record to a new incident record. The Create Child Incident functionality copies the details of the parent incident and links the new incident to the parent incident. Administrators are able to enable or disable the ability to copy incidents or to create child incidents. They may also define which fields, related lists, and if attachments are carried over to the copied and child incidents through the Incident > Administration >Incident Properties module. Note: An itil user can copy or create any incident whereas a user without any role may only copy the incident which the user has created.
How may group types be used?
You have the ability to add additional group types. A common use case is to set up a type to represent each application (Incident, Problem, Change, Request, Knowledge, etc.). Another example might be to set up group types like Security, Reporting, or Organizational. By using Dictionary Overrides, you can restrict which groups can be used for which records. For example, Incidents could be assigned to groups with the ITIL type, but not the CAB Approval group because it does not have Type = itil.
How do you configure the popup window associated with a reference field?
https://<your instance name>.service‐now.com/<table name>.do?sysparm_view=sys_popup
What are the two On-call dashboards?
• Escalations Overview - Includes report widgets such as Active Escalations, Unacknowledged Escalations, Escalations per Day, and more. • Group Overview - Includes report widgets such as On‐Call Hours, Acknowledged Escalations by shift and by user, Unacknowledged Escalations by shift and by user, and Hours Distribution by user
What roles come with the MIM plugin?
major_incident_manager communications_manager incident_manager
What does changing the Number field to {URI_REF} do?
{URI_REF} will insert a link to the incident record within the notification.
What part of conditions should you be careful with regarding email notifications?
• Be careful with Conditions! Use Changes to rather than Is
What does survey admin procedures include?
• Create, customize, and publish surveys. • Write and maintain survey questions. • Define trigger conditions for when surveys are sent to users, such as when an incident closes. • Maintain surveys and survey questions as the organization's needs change
What are Notification pitfalls?
• Customers tend to overdo e‐mail notifications • Customers get overwhelmed and confused by the number of different notifications • Customers specify requirements for caller‐facing notifications too late into implementation
What are the views in which an Incident can be viewed?
• Default view (agents) • Major incidents • Metrics • Mobile (Mobile Classic) • Password • Self Service (end users)
What are notification tips?
• Go for under‐notification vs. over‐notification • Guide and advise customers on what notifications they should be using • Ask if IT Marketing and Communications needs to craft the wording and format, for caller facing notifications
What are the Assignment group methods and tips?
• Methods - Manual selection - Assignment rules - Data lookup rules - Script - Automatic population via business rule • Tips - Use reference qualifiers to restrict options to appropriate groups - Leverage Configuration item support groups
What are the Agent Workspace Components?
• Tabs ‐ Enable agents to create the records they need so they can do their work in Agent Workspace. • Notifications ‐ Send notifications to an agent or a small group of agents when there are updates to important records. • Form Header ‐ Configure the primary field and secondary values in form headers so that agents can quickly orient themselves to an issue. • UI Actions ‐ Set up UI actions to customize Workspace for your organization. UI actions include custom buttons, menu items and limiting access to forms based on a user's role. • Ribbon ‐ Set up ribbons in Agent Workspace to help agents quickly scan relevant information about a record, such as the record's time line, a customer summary, and record SLAs. • Form pane ‐ Select the fields that appear in form pane to help agents do their work. • Actions & Components -Customize your workspace forms, fields, lists, and related lists without writing custom scripts or learning APIs. • Activity Stream -Set up the options of how agents can interact with Activity Stream to make their job easier. • Contextual Side Panel -Provides agents with tools to research and resolve problems. The different components provide the agents with different types of help.