By Hiplink on Wednesday, 21 September 2022
Category: IT - Information Technology

The Importance of Proper After-Incident Reporting

Any textbook or guide on organizational performance management will tell you that you can’t improve what you don’t measure. The whole idea of key performance indicators (KPIs) is that they provide a brief measurement of some performance metric based on accurate data.

This is true for all areas of the enterprise, whether it’s sales, manufacturing, procurement, or IT.

IT organizations with even the most basic computerized ticketing systems have a wealth of data they can use to measure their performance. However, not many take full advantage of this treasure trove; even if they do, not all measure the right things.

In this article, we describe what’s meant by “after-incident reporting” and how doing it properly can result in IT team performance improvements–the most important of which is resolving incidents faster.

What Is After-Incident IT Reporting?

After-incident IT reporting falls into two broad categories, depending on whether you’re looking at the “forest” or individual “trees”: 

Let’s look at these categories in more detail.

Post-Incident Review

Many IT organizations deal with hundreds of incident tickets daily, so holding a post-incident review session for every ticket wouldn’t make sense. For organizations that have post-incident reviews at all, most require them only for major (severity 1) incidents. These reviews should examine several aspects of the incident response and resolution, including:

Some aspects should be captured in the ticket data, whereas other elements are more anecdotal. Both types of information are essential. For example, if the team has trouble engaging a specific external service provider repeatedly–something that might not be captured in a single ticket–it’s a sign that it might be time to shop for a new service provider.

An essential part of a post-incident review is looking at similar previous incidents to see if the same communication issues or root causes are repeatedly encountered. These can point to underlying problems that can be addressed and prevent future incidents or reduce their severity.

Summary Analysis

Summary analysis can cover a broader swath of incidents–not just significant incidents but those of lesser severity. By analyzing the data collected in the ticketing system, you can answer questions such as:

Most of this information is captured in the ticketing system (if it’s being used correctly). Some observations should be correlated with other data to understand the underlying problems fully.

Benefits of Proper After-Incident Reporting

Proper after-incident reporting takes time and effort, but it’s well worth it. IT organizations that perform after-incident reporting can realize numerous benefits, such as:

Furthermore, the team’s experience with significant incidents can inform the organization’s disaster and business continuity planning. Knowing where the likely communications bottlenecks are can enable the team to include mitigation steps in the disaster recovery plan to eliminate or reduce the impact of these bottlenecks.

And, of course, measuring the right things can point you to areas where you can further investigate performance issues, determine their root causes, and address them. The result will be a faster resolution of IT incidents.

Proper after-incident reporting is a critical way to improve IT incident performance, but it’s not the only way. Other methods include rule-based ticket prioritization, simplifying communication channels, and more. For more ways to improve your team’s performance, download our white paper, “8 Solutions to Resolve IT Incidents Faster.”