ITIL Event Management
Event management is a process that defines a standard and sequential procedure for managing the lifecycle of events. Event management is the process of monitoring, responding, and resolving the events triggered in infrastructure through a lifecycle approach. A generic event’s lifecycle can be represented through different phases starting from notification, registration, categorization, prioritization, diagnosis, resolution, and closure.
Any occurrences/observations that have significance to the delivery of IT infrastructure or services are called events.
- Monitor CIs and services constantly and provide operational information about the infrastructure.
- To provide a proactive mechanism for early detection of incidents.
Process Context Diagram
|Event Detection & Filtration||Monitoring tools detect 1. Events in the IT Infrastructure.
2. The two type of monitoring tools used are –
-Active monitoring tools that poll critical CIs to determine their status and availability. Any exceptions will generate an alert that needs to be communicated to the appropriate agency or team for action.
-Passive monitoring tools that detect and correlate operational alerts or communications generated by CIs. Filter the events to decide whether to continue treating the event or to discard it.
|Event Correlation and Response||1. Events are acknowledged and categorized into three broad categories – Informational, Warning, and Exception.
2. If the filtration output is an exception, it means that the service or a device is currently operating abnormally. Abnormalities could represent a total failure, impaired functionality, or degraded performance. Incident management would be invoked.
3. If the output of filtration is Informational, it refers to an event that does not require any action. They are typically stored in a system or service log files and kept for a predetermined period.
4. If the output of filtration is a warning, it is an Event that is when a service or device is approaching a threshold. Signs are intended to notify the appropriate person, process, or tools that the situation can be checked and the appropriate action to prevent an exception.
|Review & Closure||1. Events responded are reviewed for the appropriateness of action taken.
2. Events are closed if satisfactory actions were taken or sent back for correlation.
- Any alerts and events generated by the monitoring tools
- Trigger to Incident Management (which will in turn trigger Problem or Change Management)
- Updated CMDB
- Trigger to Availability Management
- Trigger to Capacity Management
Roles and Responsibilities
Event Management process owner:
- Define the Business Case for the Event Management Process
- Ensure end-to-end responsibility for the Event Management Process
- Ensure that the Event Management process is fit-for-purpose
- Ensure that there is an optimal fit between people, process, and technology
- Ensure that proper Key Performance Indicators (KPIs) are set
- Ensure that reports are produced, distributed, and used
- Ensure that the Event Management process is conducted correctly
- Ensure that the Event Management KPIs are met
- Ensure that the Event Management process operates effectively and efficiently
- Ensure that Event Management Staff are empowered in their jobs
- Ensure that process, procedure, and work instruction documentation is up-to-date.
Event management analyst:
- Be the operational process executer for his or her specific IT service, technology platform, or organizational entity.
- Enter all relevant details into the Event record and ensure that this data is accurate
- Ensure that the Event Management process is used correctly within all departments
- Be informed of the objectives and activities of all support groups.
- Execute and coordinate Proactive & Reactive Event Management
- Ensure correct closure and evaluation of Events