ITIL COBIT Incident Management Checklist

1、Source: 1Problem & Incident ManagementThe Control Objectives for Information and related Technology (COBIT) Delivery and Support (DS) domain focuses on the delivery aspects of IT. It covers areas such as the execution of the applicationswithin the IT system and its results, as well as, the suppo

2、rt processes that enable the effective and efficient execution of these IT systems. DS 10 identifies objectives for managing problems andincidents. The specific objectives listed here can be mapped onto relevant IT Infrastructure Library (ITIL) activities as shown below.”COBIT DS 10: Delivery Suppor

3、t - Manage Problems and IncidentsDS 10.1Management should define and implement a problem managementsystem to ensure that all non-standard operational events (incidents,errors and problems) are identified, recorded, analyzed and resolved.(DS 10.1)The lack of a problem management system may lead to no

4、n-standard operational events, such asincidents, errors and problems, that go unnoticed and/or are not resolved possibly causing critical ITsystems to become inefficient, ineffective or unavailable. -An understanding of problem management application.DS 10.2Management should define and implement pro

5、blem escalationprocedures to ensure that identified incidents, errors and problems aresolved in the most efficient way on a timely basis. (DS 10.2)The lack of problems escalation procedures may lead to non-standard operational events that are notresolved in a timely manner. - List of critical applic

6、ations that immediately escalate for senior management attention for a priorityresolution or are reportable as critical problems.DS 10.3The problem management system should provide for an adequate audittrail that allows tracing from incident to underlying cause and back.(DS 10.3)The lack of an adequ

7、ate audit trail may result in difficulties in identifying the cause of problems, whichmay lead to a more lengthy and costly resolution. - All reports used to track problems and incidents.-List of problems reported during representative period, including date of occurrence, date escalated (ifapplicab

8、le), date of resolution, and time frame to resolve.- Sample of problem tickets from the Problem Management System. DS 10.4The problem management system should ensure that emergency andtemporary access authorizations are documented, approved,communicated (to the necessary organizations), maintained,

9、andterminated as soon as the business need for access no longer exists.(DS 10.4)The lack of a formal plan regarding emergency and temporary IT system access for problem resolutionmay result in access to critical IT systems by an unauthorized user.- Policies and procedures for emergency and temporary

10、 access.- Sample of emergency and temporary access requests with appropriate management approval.DS 10.5The problem management system should establish emergencyprocessing priorities. (DS 10.5)The lack of formally established emergency processing priorities may result in emergency processingthat does

11、 not meet or reflect the needs of the organization. - Documentation of emergency processing priorities.DS 8.5Procedures should be in place that assure adequate reporting withregard to customer queries and resolution, response times and trendidentification. The reports should be adequately analyzed a

12、nd actedupon. (DS 8.5)The lack of trend analysis and reporting may result in an inefficient process for identifying repeatproblems and development of sustainable solutions.-Reports related to resolution of queries and performance statistics of help desk.-Any performance standards for help desk activ

13、ities.Control IDProcessITIL Key ActivityCOBIT DS 10.1COBIT DS 10.2COBIT DS 10.3COBIT DS 10.4COBIT DS 10.5COBIT DS 8.5Mitigated Risks XYZ Company Specific ControlTESTCompletedbyW/P RefIncident Management Checklist1.1Incident Detection and Recording (ITIL 5.6.1)Incidents are recorded by Service Desk a

14、nd/or event managementsystems and include a description of the incident, time of occurrenceand person or area affected.(ITIL Service Support, page 80)XXRecurring incidents are not identified or recorded. Management cannot obtainappropriate data to conduct trend analysis to determine if a problem is

15、evidentbased on the nature of multiple incidents.Source: 2Problem & Incident ManagementThe Control Objectives for Information and related Technology (COBIT) Delivery and Support (DS) domain focuses on the delivery aspects of IT. It covers areas such as the execution of the applicationswithin the

16、 IT system and its results, as well as, the support processes that enable the effective and efficient execution of these IT systems. DS 10 identifies objectives for managing problems andincidents. The specific objectives listed here can be mapped onto relevant IT Infrastructure Library (ITIL) activi

17、ties as shown below.”COBIT DS 10: Delivery Support - Manage Problems and IncidentsDS 10.1Management should define and implement a problem managementsystem to ensure that all non-standard operational events (incidents,errors and problems) are identified, recorded, analyzed and resolved.(DS 10.1)The l

18、ack of a problem management system may lead to non-standard operational events, such asincidents, errors and problems, that go unnoticed and/or are not resolved possibly causing critical ITsystems to become inefficient, ineffective or unavailable. -An understanding of problem management application.

19、DS 10.2Management should define and implement problem escalationprocedures to ensure that identified incidents, errors and problems aresolved in the most efficient way on a timely basis. (DS 10.2)The lack of problems escalation procedures may lead to non-standard operational events that are notresol

20、ved in a timely manner. - List of critical applications that immediately escalate for senior management attention for a priorityresolution or are reportable as critical problems.DS 10.3The problem management system should provide for an adequate audittrail that allows tracing from incident to underl

21、ying cause and back.(DS 10.3)The lack of an adequate audit trail may result in difficulties in identifying the cause of problems, whichmay lead to a more lengthy and costly resolution. - All reports used to track problems and incidents.-List of problems reported during representative period, includi

22、ng date of occurrence, date escalated (ifapplicable), date of resolution, and time frame to resolve.- Sample of problem tickets from the Problem Management System. DS 10.4The problem management system should ensure that emergency andtemporary access authorizations are documented, approved,communicat

23、ed (to the necessary organizations), maintained, andterminated as soon as the business need for access no longer exists.(DS 10.4)The lack of a formal plan regarding emergency and temporary IT system access for problem resolutionmay result in access to critical IT systems by an unauthorized user.- Po

24、licies and procedures for emergency and temporary access.- Sample of emergency and temporary access requests with appropriate management approval.DS 10.5The problem management system should establish emergencyprocessing priorities. (DS 10.5)The lack of formally established emergency processing prior

25、ities may result in emergency processingthat does not meet or reflect the needs of the organization. - Documentation of emergency processing priorities.DS 8.5Procedures should be in place that assure adequate reporting withregard to customer queries and resolution, response times and trendidentifica

26、tion. The reports should be adequately analyzed and actedupon. (DS 8.5)The lack of trend analysis and reporting may result in an inefficient process for identifying repeatproblems and development of sustainable solutions.-Reports related to resolution of queries and performance statistics of help de

27、sk.-Any performance standards for help desk activities.Control IDProcessITIL Key ActivityCOBIT DS 10.1COBIT DS 10.2COBIT DS 10.3COBIT DS 10.4COBIT DS 10.5COBIT DS 8.5Mitigated Risks XYZ Company Specific ControlTESTCompletedbyW/P Ref1.2Incident Detection andRecording (ITIL 5.6.1)Unresolved and critic

28、al incidents should be alerted to higher levels ofService Management to ensure the incident is addressed to meet SLArequirements.(ITIL Service Support, page 81)XCritical incidents are not resolved in a timely manner to meet SLA requirementsimpacting the ability to meet customer needs.1.3Incident Det

29、ection and Recording(ITIL 5.6.1)Unresolved and critical incidents should be alerted to higher levels ofService Management to ensure the incident is addressed to meet SLArequirements.(ITIL Service Support, page 81)XCritical incidents are not resolved in a timely manner to meet SLA requirementsimpacti

30、ng the ability to meet customer needs.Source: 3Problem & Incident ManagementThe Control Objectives for Information and related Technology (COBIT) Delivery and Support (DS) domain focuses on the delivery aspects of IT. It covers areas such as the execution of the applicationswithin the IT system

31、and its results, as well as, the support processes that enable the effective and efficient execution of these IT systems. DS 10 identifies objectives for managing problems andincidents. The specific objectives listed here can be mapped onto relevant IT Infrastructure Library (ITIL) activities as sho

32、wn below.”COBIT DS 10: Delivery Support - Manage Problems and IncidentsDS 10.1Management should define and implement a problem managementsystem to ensure that all non-standard operational events (incidents,errors and problems) are identified, recorded, analyzed and resolved.(DS 10.1)The lack of a pr

33、oblem management system may lead to non-standard operational events, such asincidents, errors and problems, that go unnoticed and/or are not resolved possibly causing critical ITsystems to become inefficient, ineffective or unavailable. -An understanding of problem management application.DS 10.2Mana

34、gement should define and implement problem escalationprocedures to ensure that identified incidents, errors and problems aresolved in the most efficient way on a timely basis. (DS 10.2)The lack of problems escalation procedures may lead to non-standard operational events that are notresolved in a ti

35、mely manner. - List of critical applications that immediately escalate for senior management attention for a priorityresolution or are reportable as critical problems.DS 10.3The problem management system should provide for an adequate audittrail that allows tracing from incident to underlying cause

36、and back.(DS 10.3)The lack of an adequate audit trail may result in difficulties in identifying the cause of problems, whichmay lead to a more lengthy and costly resolution. - All reports used to track problems and incidents.-List of problems reported during representative period, including date of

37、occurrence, date escalated (ifapplicable), date of resolution, and time frame to resolve.- Sample of problem tickets from the Problem Management System. DS 10.4The problem management system should ensure that emergency andtemporary access authorizations are documented, approved,communicated (to the

38、necessary organizations), maintained, andterminated as soon as the business need for access no longer exists.(DS 10.4)The lack of a formal plan regarding emergency and temporary IT system access for problem resolutionmay result in access to critical IT systems by an unauthorized user.- Policies and

39、procedures for emergency and temporary access.- Sample of emergency and temporary access requests with appropriate management approval.DS 10.5The problem management system should establish emergencyprocessing priorities. (DS 10.5)The lack of formally established emergency processing priorities may r

40、esult in emergency processingthat does not meet or reflect the needs of the organization. - Documentation of emergency processing priorities.DS 8.5Procedures should be in place that assure adequate reporting withregard to customer queries and resolution, response times and trendidentification. The r

41、eports should be adequately analyzed and actedupon. (DS 8.5)The lack of trend analysis and reporting may result in an inefficient process for identifying repeatproblems and development of sustainable solutions.-Reports related to resolution of queries and performance statistics of help desk.-Any per

42、formance standards for help desk activities.Control IDProcessITIL Key ActivityCOBIT DS 10.1COBIT DS 10.2COBIT DS 10.3COBIT DS 10.4COBIT DS 10.5COBIT DS 8.5Mitigated Risks XYZ Company Specific ControlTESTCompletedbyW/P Ref1.4Classification and Initial Support(ITIL 5.6.2)Incidents are classified and c

43、ategorized logically to help definecommon reasons for recurring incidents and to provide an organizedmechanism to match incidents to known errors or existing problems. (ITIL Service Support, page 81)XXIncidents are not categorized or logically organized, impacting the ability toeasily match incident

44、s to known errors or problems. Management cannotidentify problems if incidents are not categorized to depict common issues.Source: 4Problem & Incident ManagementThe Control Objectives for Information and related Technology (COBIT) Delivery and Support (DS) domain focuses on the delivery aspects

45、of IT. It covers areas such as the execution of the applicationswithin the IT system and its results, as well as, the support processes that enable the effective and efficient execution of these IT systems. DS 10 identifies objectives for managing problems andincidents. The specific objectives liste

46、d here can be mapped onto relevant IT Infrastructure Library (ITIL) activities as shown below.”COBIT DS 10: Delivery Support - Manage Problems and IncidentsDS 10.1Management should define and implement a problem managementsystem to ensure that all non-standard operational events (incidents,errors an

47、d problems) are identified, recorded, analyzed and resolved.(DS 10.1)The lack of a problem management system may lead to non-standard operational events, such asincidents, errors and problems, that go unnoticed and/or are not resolved possibly causing critical ITsystems to become inefficient, ineffe

48、ctive or unavailable. -An understanding of problem management application.DS 10.2Management should define and implement problem escalationprocedures to ensure that identified incidents, errors and problems aresolved in the most efficient way on a timely basis. (DS 10.2)The lack of problems escalatio

49、n procedures may lead to non-standard operational events that are notresolved in a timely manner. - List of critical applications that immediately escalate for senior management attention for a priorityresolution or are reportable as critical problems.DS 10.3The problem management system should prov

50、ide for an adequate audittrail that allows tracing from incident to underlying cause and back.(DS 10.3)The lack of an adequate audit trail may result in difficulties in identifying the cause of problems, whichmay lead to a more lengthy and costly resolution. - All reports used to track problems and

51、incidents.-List of problems reported during representative period, including date of occurrence, date escalated (ifapplicable), date of resolution, and time frame to resolve.- Sample of problem tickets from the Problem Management System. DS 10.4The problem management system should ensure that emerge

52、ncy andtemporary access authorizations are documented, approved,communicated (to the necessary organizations), maintained, andterminated as soon as the business need for access no longer exists.(DS 10.4)The lack of a formal plan regarding emergency and temporary IT system access for problem resoluti

53、onmay result in access to critical IT systems by an unauthorized user.- Policies and procedures for emergency and temporary access.- Sample of emergency and temporary access requests with appropriate management approval.DS 10.5The problem management system should establish emergencyprocessing priori

54、ties. (DS 10.5)The lack of formally established emergency processing priorities may result in emergency processingthat does not meet or reflect the needs of the organization. - Documentation of emergency processing priorities.DS 8.5Procedures should be in place that assure adequate reporting withreg

55、ard to customer queries and resolution, response times and trendidentification. The reports should be adequately analyzed and actedupon. (DS 8.5)The lack of trend analysis and reporting may result in an inefficient process for identifying repeatproblems and development of sustainable solutions.-Repo

56、rts related to resolution of queries and performance statistics of help desk.-Any performance standards for help desk activities.Control IDProcessITIL Key ActivityCOBIT DS 10.1COBIT DS 10.2COBIT DS 10.3COBIT DS 10.4COBIT DS 10.5COBIT DS 8.5Mitigated Risks XYZ Company Specific ControlTESTCompletedbyW

57、/P Ref1.5Classification and Initial Support (ITIL5.6.2)Incidents are classified and categorized logically to help definecommon reasons for recurring incidents and to provide an organizedmechanism to match incidents to known errors or existing problems. (ITIL Service Support, page 81)XXIncidents are

58、not categorized or logically organized, impacting the ability toeasily match incidents to known errors or problems. Management cannotidentify problems if incidents are not categorized to depict common issues.Source: 5Problem & Incident ManagementThe Control Objectives for Information and related

59、 Technology (COBIT) Delivery and Support (DS) domain focuses on the delivery aspects of IT. It covers areas such as the execution of the applicationswithin the IT system and its results, as well as, the support processes that enable the effective and efficient execution of these IT systems. DS 10 id

60、entifies objectives for managing problems andincidents. The specific objectives listed here can be mapped onto relevant IT Infrastructure Library (ITIL) activities as shown below.”COBIT DS 10: Delivery Support - Manage Problems and IncidentsDS 10.1Management should define and implement a problem managementsystem to e