MIPRO 2024, May 20 - 24, 2024, Opatija, Croatia
Benefits of ITIL Incident Management Process
Implementation in one Public Institution in
Bosnia and Herzegovina
Anel Tanović*, Ajla Ćerimagić Hasibović**
2024 47th MIPRO ICT and Electronics Convention (MIPRO) | 979-8-3503-8250-1/24/$31.00 ©2024 IEEE | DOI: 10.1109/MIPRO60963.2024.10569337
* Faculty of Electrical Engineering, University of Sarajevo, Sarajevo, Bosnia and Herzegovina
[email protected] ** Faculty of Electrical Engineering, University of Sarajevo, Sarajevo, Bosnia and Herzegovina
[email protected] Abstract - ITIL is the most accepted framework for the x Portfolio management
managing of IT services. Incident Management process is x Architecture management
the process which is integrated inside ITIL framework x Service financial management
and is responsible for: logging, categorization, x Workforce and talent management
prioritization and resolving of all incidents. This paper
x Continual improvement
describes the implementation of ITIL Incident
x Measurement and reporting
Management process inside one public institution in
Bosnia and Herzegovina. Detailed implementation is
x Risk management
described inside this paper. After successful x Information security management
implementation, measurements are completed in order to x Knowledge management
check is Incident Management helped organization to x Organizational change management
improve its performances. The conclusion of the paper x Project management
described benefits of implementation of ITIL Incident x Relationship management
Management inside any type of the organization and x Supplier management
future work.
The service management processes in ITIL 4 include:
Keywords – ITIL; Incident Management; SLA; urgency;
x Business analysis
priority.
x Service catalogue management
I. INTRODUCTION x Service design
x Service level management
ITIL 4 brings the ITIL framework up to date,
x Availability management
introducing a holistic approach to service management
and focusing on 'end-to-end service management from x Capacity and performance management
demand to value'. x Service continuity management
The new edition of ITIL 4 is the first major update to x Monitoring and event management
ITIL since 2007 and is arguably a response to the x Service desk
emergence of newer service management frameworks x Incident management
such as VeriSM™, SIAM® and FitSM. It expands the x Service request management
previous version of ITIL V3 (ITIL 2011) and provides x Problem management
a flexible basis to support organizations on their x Release management
journey to the new world of digital transformation [1, x Change enablement
2, 3]. x Service validation and testing
ITIL 4 describes an operating model for the delivery of x Service configuration management
tech-enabled products and services. The x IT asset management.
documentation has been completely revised and
streamlined to make it easier to read and enhanced with The ITIL 4 technical management processes include:
many practical examples.
x Deployment management
The 34 ITIL 4 processes are grouped into three
x Infrastructure and platform management
categories:
x General management practices x Software development and management.
x Service management practices
Section II. of the paper describes organization of
x Technical management practices. Service Desk as single point of contact. Section III.
The ITIL 4 general management processes include: describes Incident Management process activities.
x Strategy management Section IV. describes incidents prioritizations. Section
1954
Authorized licensed use limited to: b-on: UNIVERSIDADE NOVA DE LISBOA. Downloaded on November 04,2024 at 20:10:23 UTC from IEEE Xplore. Restrictions apply.
� V. describes overall implementation of Incident an organization. In the case of the public employment
Management process and measurements which are service, there is a problem of distribution of locations
completed after the successful implementation of (each cantonal employment office has its own Service
Incident Management process. Section VI. is the Desk). However, the existence of the Internet makes it
conclusion of the paper [5]. possible to give the impression of the existence of a
single and centralized Service Desk, although its
II. ORGANIZATION OF SERVICE DESK – SINGLE POINT personnel may be distributed in several different
OF CONTACT geographical locations [7]. As a reference model, the
Public Institution: Employment Agency of the
In ITIL terminology, an incident is any IT service Federation of Bosnia and Herzegovina was taken.
interruption or IT service quality reduction or
component failure that has not yet affected the IT Currently, the Service Desk of the cantonal
service. In other words, any deviation from normal institutes is organized in such a way that each Institute
behavior can be viewed as an incident. Incident has its own toll-free line, a separate email address, and
Management is a process that deals with the a contact form. This form in ITIL is called a local
management of incidents, whether they are detected Service Desk. The existence of a local Service Desk is
and reported by users or event monitoring tools [7, 8, justified for the Institute's legacy systems, however,
9]. The goal is to return the service to a normal state as due to the establishment of JIS, the desire to centralize
soon as possible and minimize the impact of the the Service Desk of all Institutes would be desirable.
incident on the business, thus maintaining the agreed Using a virtual Service Desk would imply the
service level defined in the SLA [9]. existence of a centralized Service Desk with personnel
distributed in different geographical locations [8].
Incident Management is the first to be introduced in
ITIL projects, due to the fact that its importance is The centralization of the Service Desk will enable
visible in business, which is not the case with other the use of a unique knowledge base about incidents
processes [8]. The public employment service strives and their resolution, which is very important for the
to get closer to the users and their needs, which is why Service Desk, whose success metrics are mainly based
the reduced quality in the work of the service is not on the time period required to resolve a specific
acceptable. Trust in the public administration system incident. In this way, citizens are prevented from
will be ensured through quick diagnosis and return of waiting for a response at local Service Desks [4],
service operation in a short period of time, in the event which is one of the main goals of e-Government,
of an interruption. where in the event that staff from the canton is not
available, the call or email inquiry will be reviewed by
Incidents can be of different categories, priorities, an employee from another Office, and can be resolved
and complexity of operations necessary for their using a common incident knowledge base [6].
resolution, which is why the FIFO (First in First Out)
approach is not applicable in their case. Here, in the
case of e-Government applications, a new dimension
could be added regarding the priority of the user who
reported the incident, where in the case of a very
important stakeholder, resources should be redirected
to solving his incident [5, 6].
A fully functioning system cannot exist in reality,
which is why, as an alternative, ways are introduced to
return the system to a normal state as soon as possible,
without the user noticing it. All key components
should be monitored so that failures or potential
failures are detected as soon as possible through
monitoring systems. However, very often incidents are
reported by end users or internal IT members. Of
course, the incidents reported by users on the one hand
and internal members on the other generally concern
different things (advertising does not work, i.e. a Figure 1. Virtual Service Desk
problem with the network equipment), however, it is
III. INCIDENT MANAGEMENT PROCESS ACTIVITIES
important that all incidents are centralized, in order to
act in the correct way and prevent duplication work Report an incident
(the part of the service visible to the user does not
work, which may be the result of a malfunction of The life cycle of an incident begins with its
some component). reporting by the user or the system via Event
There are many ways to organize a Service Desk in Management. Traditional channels for reporting
service outages include a call center, through which
1955
Authorized licensed use limited to: b-on: UNIVERSIDADE NOVA DE LISBOA. Downloaded on November 04,2024 at 20:10:23 UTC from IEEE Xplore. Restrictions apply.
� users report incidents to dedicated staff. More modern A multi-level categorization was used to categorize
methods include the possibility of contacting via email the incident, whereby the initial category was based on
or a web form specifically intended for reporting user location, general, or technical. Figure 3 shows an
problems. The importance of the existence of a single example of the multi-level categorization of the
point of contact described above is a consequence of incident described in figure 2. The initial category of
the different ways of reporting incidents, and the the incident was assigned based on the location where
existence of a single information system. the incident occurred or to which the incident was
referred (Sarajevo Service Desk). It was reported via
First line of support the web through the incident report form. Further
research concluded that it was the impossibility of the
When creating an incident or report, there is no employer's application to the co-financing program.
possibility of assigning a specific support member to it Since the deadline for applying for the co-financing
[2]. Upon arrival at the Virtual Service Desk, incidents program is coming up, the urgency of the ticket is set
are placed in a waiting queue from where, based on the to high, while the impact of the incident is moderate,
initial category, the ticket can be redirected to the because only one employer is affected by the
appropriate cantonal service, using an auto-routing unavailability of the service. Through the investigation
algorithm to any support member in the case of a of the incident, the incident is linked to a specific
general inquiry, or technical staff if it is in regarding a failure/error of the component, which in this case was
ticket that requires the intervention of an IT expert [2]. the database, where it was not updated that the
The reason for the existence of the initial category is to employer had settled the obligations to the Institute for
redirect the ticket to the right place in case the incident the already used funds, which is why he was not given
is closely related to a certain domain (an incident access to the application for the co-financing program.
related to the KS employment service should be This way of categorization allows the incident to be
redirected to the KS local service desk), and on the connected to a larger number of categories and should
other hand, a general incident can be solved by any not be final, but tried and improved over time.
member support using the knowledge base. In this way,
the process of resolving the incident will be
accelerated, and unnecessary redirection of the ticket
will be prevented.
Logging of an incident begins with its arrival in the
queue, and all relevant information about the incident
and the history of the actions taken are recorded, so that
in the case of redirection of the ticket to another team,
it will be easier to resolve and provide insight into the
actions performed. Other teams from the second line of
support should also maintain a history of the incident Figure 3. Multilevel categorization of incidents
such as its priority or final status. Information about the In the case of a major incident, the specific
support member monitoring the incident is also procedures intended for critical incidents are
recorded, as well as the method of notifying the user immediately switched to. Examples may include
who reported the incident [7]. Figure 2. shows an unavailability of the public employment service
example of how to monitor an incident from the application, security incidents generated by Event
moment of its occurrence until its resolution. It is Management, etc.
important to point out that the incident is closed only
after the user confirms that it has been resolved [5]. The importance of the existence of a Knowledge
Base is a detailed description of how to solve a
particular incident, which shortens the time of solving
and returning the service to a normal state. In this case,
a described procedure for solving this incident was
found, which implied that the employer did not inform
the service about the settled funds in the defined period,
which is why the record in the database for the
employer remained unchanged, that is, it was
impossible for him to apply for the co-financing
program for the current year. After the user has been
notified, it is checked whether the action resolved the
incident. If not, the incident is still being resolved,
however there is a time frame within which actions are
taken. Once the limit is exceeded, it means that the
ticket is escalated to another level of support, where it
Figure 2. Log of incidents
will be resolved by a dedicated expert. Defining the
1956
Authorized licensed use limited to: b-on: UNIVERSIDADE NOVA DE LISBOA. Downloaded on November 04,2024 at 20:10:23 UTC from IEEE Xplore. Restrictions apply.
� time frame depends on the urgency of resolving the The same applies to the urgency of resolving the
incident and its impact. The greater the urgency or incident, the importance of the business process can
impact of the incident, the shorter the timeframe for determine the urgency, because each of the services
resolving the incident should be. In the event that a does not have the same business value [8]. Changing
component change is necessary to resolve the incident, the priority of the incident is possible and it should
the incident is forwarded to Change Management. reflect the real situation, e.g. in case the incident is not
resolved within the first line of support, its priority
IV. INCIDENTS PRIORITIZAZIONS must be increased because it has been resolved for long
enough.
Incident prioritization is described in ITIL as a
combination of urgency and impact of the incident on
business. Urgency means how quickly the business
requires resolving the incident, while the impact of the
incident is mainly the number of users affected by the
incident. The number itself is automatic and does not
mean a higher priority, it all depends on who was trying
to do what in the system. The combination of urgency
and impact gives priority to the incident, most often
presented in the form of a number that tells more about
the time period within which the incident should be
resolved. Figure 4. shows a simple priority coding
system, modeled on ITIL, and also it shows a
description of priorities and how to solve them.
Figure 6. Urgency of services
V. OVERAL INCIDENT MANAGEMENT
IMPLEMENTATION
By combining the label from figure 6. for the
urgency of the incident, and the label from figure 5. for
the impact of the incident, the priority of the incident
(figure 4.) and the time frame for solving it are
obtained. The described coding system should be
Figure 4. Incidents priorities and resolution descriptions evaluated and changed over time, if different behaviors
are observed in the system. From the incident log
In the case of public employment services, not only described in Figure 5, the situation is as follows:
the number of users affected by the service is Service to which the incident is linked: Co-financing
considered, but also the type of user affected by the program (figure 6.)
incident. Figure 5. shows that the number of users does service urgency: high
not have the same influence in the case of all roles. For Role that reported the incident: business (Figure 5.)
example, if it is a non-governmental organization and Number of affected users: 1 (Figure 6.)
a large number of users are affected by the non- impact: moderate
functioning of the service, the impact of the incident is Service priority: 2 (high + moderate, Figure 5.), which
moderate [6, 7, 8]. While in the case of employees or means that the incident should be resolved within 8
managers of the Institute and other cantonal agencies, hours (Figure 4.).
the impact of the incident is significant for the same In case the incident is not resolved within the
number of users. expected time frame, it must be escalated to the next
support group in the hierarchy, as it requires deeper
technical knowledge. These groups can be internal or
external (software suppliers, hardware manufacturers
or service providers) depending on the nature of the
incident, and everything must be agreed within the
OLA (English Operational Level Agreement). What is
important is that the life cycle is closed again in the
Service Desk, and that after the successful closure of
Figure 5. Influence of the index
the incident, the activities are recorded in the
1957
Authorized licensed use limited to: b-on: UNIVERSIDADE NOVA DE LISBOA. Downloaded on November 04,2024 at 20:10:23 UTC from IEEE Xplore. Restrictions apply.
� Knowledge Base and the Service Desk is notified of the The average 2 1
closure of the incident [7]. number of
engineers who were
included in Incident
Management
process activities
The satisfaction of 66% 85%
internal Service
Desk users for
incidents resolving
VI. BRIEF COMPARISON OF ITIL WITH OTHER INCIDENT
MANAGEMENT APPROACHES
Certainly, the paper could benefit from comparing
ITIL with other approaches to incident management. If
ITIL is compared to COBIT, it is possible to conclude
that COBIT is also used for IT management, but
focuses on managing processes and controls within the
organization. Although COBIT includes guidelines for
incident management, ITIL provides more detailed
guidelines and practices specific to incident
management [10].
On the other hand, there is also ISO/IEC 20000,
which is an international standard that defines
requirements for managing IT services. While ITIL
provides a framework and recommendations for
implementation, ISO/IEC 20000 is a certification
standard that certifies compliance with specific
requirements. ISO/IEC 20000 incorporates some of
ITIL's guidelines, including incident management, but
Figure 7. Incident Management implementation does not provide as detailed guidance as ITIL [11].
After successful implementation of Incident Today, the increasingly popular and used agile
Management process, it is strongly important to check methodology is used in software development and
is the Incident Management process implementation focuses on rapid iterations and adaptability to changes.
was successful. The table below shows measurements Of course, agile does not provide as detailed guidelines
of five key performance indicators before Incident for incident management as ITIL, but it promotes
Management process implementation and after adaptability and quick reactions to change. The same
Incident Management process implementation. comparison if given with DevOps can provide
TABLE I: RESULTS OF INCIDENT MANAGEMENT conclusion that incident management in DevOps
IMPLEMENTATION typically involves automation, continuous monitoring,
and rapid incident responses to reduce recovery time,
Key performance The result before The result after while ITIL provides extensive guidelines for incident
indicator Incident Incident
Management Management management.
process process
implementation implementation VII. CONCLUSION
The average time 65 hours 32 hours
needed for ITIL Incident Management process has been
detection of a new successfully implemented in Employment Agency of
incident the Federation of Bosnia and Herzegovina by
The average time 18 hours 7 hours implementing Virtual Service Desk. All key elements
needed for of ITIL Incident Management process are implemented
resolving of a new
incident
including: reporting incidents, first line of support,
logging incidents, prioritization of incidents, urgency
The overall 68% 89%
percentage of
of services, key performance indicators and overall of
incidents during Incident Management process activities.
one month which
are successfully Five key performance indicators are taken into the
resolved consideration to measure the effectiveness of Incident
1958
Authorized licensed use limited to: b-on: UNIVERSIDADE NOVA DE LISBOA. Downloaded on November 04,2024 at 20:10:23 UTC from IEEE Xplore. Restrictions apply.
� Management process before ITIL implementation and REFERENCES
after ITIL implementation. For the first key [1] Akbar Dwiyoga Nugraha and Nilo Legowo, “Implementation of
performance indicator, the average time needed for incident management for data services using ITIL V3 in
detection of a new incident, the result is 65 hours before telecommunication operator company”, International Conference on
ITIL implementation and 32 hours after ITIL Applied Computer and Communication Technologies (ComCom
2017)
implementation which means that a new [2] Guoxiang Zhao and Shanlin Yang, “IT service incident
implementation has increased a level of incidents management model decision based on ELECTRE III”, 6 th
detection for 103%. For the second key performance International Conference on Information Management, Innovation
indicator, the average time needed for resolving a new Management and Industrial Engineering, IEEE Publisher, 2013
[3] Lohana Lema-Moreta and Jose Calvo-Manzano, “A proposal for
incident, the result is 18 hours before ITIL implementation of ITIL incident management process in SMEs”,
implementation and 7 hours after ITIL implementation IEEE Second Ecuador Technical Chapters Meeting (ETCM), IEEE
which means that a new implementation has increased Publisher, 2017
a level of incidents resolving for 257%. For the third [4] Marko Jantti, Kirsi Tanskanen and Jukka Kaukola, “Knowledge
Management Challenges in Customer Support: A Case Study”,
key performance indicator, the overall percentage of International Conference on Information, Process, and Knowledge
incidents during one month which are successfully Management, IEEE Publisher, 2009.
resolved, the result is 68% before ITIL implementation [5] Rajjev Gupta, K Hima Prasad, Mukesh Mohania, “Automating
and 89% after ITIL implementation which means that ITSM Incident Management Process”, International Conference on
Autonomic Computing, IEEE Publisher, 2008.
a new implementation has achieved a better result for [6] Wei Guo and Ying Wang, “An Incident Management Model for
21%. For the fourth key performance indicator, the SaaS Application in IT Organization”, International Conference on
average number of engineers who were included in Research Challenges in Computer Science, IEEE Publisher, 2009.
Incident Management process activities, the result was [7] Evgeniy Lavrov, Pavel Paderno, Olga Siryk, Evgeniy Burkov,
Nadiia Pasko and Volodymyr Nahornyi, “Decision Support in
2 engineers before ITIL implementation and 1 engineer Incident Management Systems. Models of Searching for Ergonomic
after ITIL implementation which means that a new Reserves to Increase Efficiency”, International Conference on
implementation needs one engineer instead of two Problems of Infocommunications, Science and Technology (PIC
engineers. For the fifth key performance indicator, the S%T), IEEE Publisher, 2020.
[8] Ismail Ghrab, Mounir Ketata, Zied Loukil, and Faiez Gargouri,
satisfaction of internal Service Desk users for incidents “Using constraint programming techniques to improve incident
resolving, the result is 66% before ITIL management process in ITIL”, 3rd International Conference on
implementation and 85% after ITIL implementation Artificial Intelligence and Pattern Recognition (AIPR), IEEE
which means that a new implementation has achieved Publisher, 2016.
[9] Wang Dan, Zhan Zhiqiang, and Shi Hao, “An Incident
a better result for 19% in the measuring of user PrioritizationAlgorithm Based on BDIM”, 2 nd International
satisfaction. Conference on Computer Modeling and Simulation, IEEE Publisher,
2010.
Future work includes implementation of other ITIL [10] Arif Rusman, Reny Nadlifatin, Apol Pribadi Subriadi, “Analysis
processes inside the same public organization: Service Factors Affect Information System Audit Using COBIT and ITIL
Request Management, Release Management, Problem Framework”, Jurnal dan Penelitian Teknik Informatika, 2022.
[11] Nur Kholis Gunawan, Raden Budiarto Hadiprakoso, Herman
Management and Change Management. Kabetta, “Comparative Study Between the Integration of ITIL and
ISO / IEC 27001 with the Integration of COBIT and ISO / IEC
27001”, 2020
[12] Yavuz Ozdemir, Huseyin Basligil, Pelin Alcan, Bahadir Murat
Kandemirli, “Evaluation and comparison of COBIT, ITIL and
ISO27K1/2 standards within the framework of information security”,
2014.
1959
Authorized licensed use limited to: b-on: UNIVERSIDADE NOVA DE LISBOA. Downloaded on November 04,2024 at 20:10:23 UTC from IEEE Xplore. Restrictions apply.
