Establish and apply solutions to reduce the occurrence of selected incidents.


After analysis has determined the underlying causes of incidents, the actions to be taken, if any, are planned and performed. Planning includes determining who will act, when, and how. All of this information is documented in an action proposal. The action proposal is used by those who take action to address the underlying causes of incidents, and the actions are managed to closure. The end result will be a reduction in the occurrence of the selected incidents.

Example Work Products

  1. Action proposal
  2. Contribution to collection of known approaches to addressing underlying causes of incidents
  3. Updated incident management record


1. Determine which group is best suited to address the underlying cause.

Which group is best suited to address the underlying cause can depend on the type of underlying cause, configuration items involved, and the severity of the relevant incidents.


Examples of groups and departments that deal with different types of underlying causes include the following:
  • A network support group handles network issues.
  • A UNIX server support team deals with server configuration issues.
  • Human Resources handles privacy issues.
  • The Legal department controls issues relating to intellectual property, disclosure of information, and data loss
  • Public Relations is responsible for issues relating to the reputation of the organization.

2. Determine the actions to be taken to address the underlying cause.

When analyzing standard incidents, the actions for addressing that standard incident can be documented as a standard action plan. If the incident is not standard, a historical collection of addressed incidents and known errors should be searched to see if the incident is related to others. This data should be maintained to allow this kind of analysis, thus saving time and leveraging effort.


Examples of actions taken to address the underlying cause include the following:
  • Replacing a broken component
  • Training end users or service delivery staff
  • Fixing a software defect
  • Not addressing the underlying cause because it is cheaper or less risky to deal with the incidents than address the underlying cause

Refer to the Decision Analysis and Resolution (DAR) (CMMI-SVC) process area for more information about analyzing possible decisions using a formal evaluation process that evaluates identified alternatives against established criteria.

3. Document the actions to be taken in an action proposal.

4. Verify and validate the action proposal to ensure that it effectively addresses the underlying cause.

5. Communicate the action proposal to relevant stakeholders.

6. Address the underlying cause by implementing the action proposal that resulted from the analysis of the incidents’ underlying causes.

Often, the actions called for in an action proposal will include maintaining or changing the service system.

Refer to the Service Delivery (SD) (CMMI-SVC) process area for more information about maintaining the service system.


SSD Addition
Refer to the Service System Development (SSD) (CMMI-SVC) process area for more information about developing service systems.

7. Manage the actions until the underlying cause is addressed.

Managing the actions can include escalating the selected incidents as appropriate.


Examples of escalation criteria include the following:
  • When the impact of the selected incidents on the organization or customer is large
  • When addressing the underlying cause of the selected incidents will take considerable time or effort

8. Record the actions and result.

The actions used to address the underlying cause of the selected incidents and the results of those approaches are recorded in the incident management system to support analyzing similar incidents in the future.