Analyze individual incident data to determine a course of action.


The best course of action may be to do nothing, to address an incident as a unique case, to increase monitoring for other incidents, to educate an end user, or to employ a previously established workaround or other known reusable solution for handling similar incidents.

The analysis covered by this practice focuses on resolving incidents as they occur through a course of action that is both timely and effective enough to meet immediate service request needs. When more in-depth analyses and actions are required to mitigate future incidents, refer to the goal to Analyze and Address Causes and Impacts of Selected Incidents.

Example Work Products

  1. Major incident report
  2. Incident assignment report


1. Analyze incident data.

For known incidents, the analysis can be done by merely selecting the type of incident. For major incidents, a separate incident resolution team may be assembled to analyze the incident.

2. Determine which group is best suited to take action to address the incident.

Which group is best suited to take action to address the incident can depend on a number of different factors, including the type of incident, locations involved, and severity.


Examples of groups that deal with different types of incidents include the following:
  • A healthcare team deals with adverse medical outcomes.
  • A network support group handles network connectivity incidents.
  • A help desk deals with password related incidents.

3. Determine actions that must be taken to address the incident.


Examples of actions include the following:
  • Replacing a broken component
  • Notifying or reminding customers, end users, or service delivery staff of correct procedures
  • Releasing an announcement (e.g., public relations release, media response, bulletin, notice to customers or other relevant stakeholders)

4. Plan the actions to be taken.