Skip to main content

29 Incident Management & SLA

I. Introduction to Core ServiceNow Applications (Section 7 Overview)

  • Purpose: This section dives into the core applications within ServiceNow, focusing on their configuration and functionality within the platform rather than ITIL theory. This is crucial for understanding how to administer and customize ServiceNow.
  • Why Now? The instructor explains that covering configurations and inner workings (tables, fields, business rules) before the applications provides a more solid understanding.
  • Applications Covered:
    • Incident Management
    • Service Level Agreements (SLAs)
    • Problem Management
    • Change Management
    • CMDB (Configuration Management Database)
    • Service Catalog
    • Knowledge Management
    • Service Portal
    • Connect
    • Visual Task Boards
  • Focus: The course emphasizes the practical implementation of IT Service Management (ITSM) processes within ServiceNow, not the theoretical aspects of ITSM frameworks like ITIL. It's about how things are done in ServiceNow, not why according to ITIL.
  • Depth: The course will "scratch the surface" of each application, providing enough information for the exam, recognizing that each application could be a course in itself.

II. Incident Management

  • Definition (from ServiceNow Docs): "The goal of Incident Management is to restore normal service operation as quickly as possible while minimizing impact to business operations and ensuring quality is maintained." Key concepts: restore, quickly, minimizing impact.
  • Core Function: Incident Management is used to log and track "incidents" (tickets) representing problems or disruptions to service. It's the most popular application in ServiceNow.
  • User Interaction: Any user in the platform can create an incident record (e.g., Bob reporting a flickering monitor). This is a key differentiator from some other applications.
  • Tracking: Incidents provide a unique ID (ticket number) for tracking and communication with the service desk.
  • Table: Incident records are stored in the incident table.
  • Classification: Key fields for classifying incidents:
    • Impact & Urgency: Used to calculate Priority (this is a critical relationship).
    • Configuration Item: The specific item affected (e.g., a specific server, application).
    • Business Service: The broader service affected (e.g., Email, HR System).
    • Category & Subcategory: Used to classify the type of incident (e.g., Hardware > Monitor).
  • Incident Creation Triggers:
    • Create New module (within the Incident application)
    • Service Portal (via a record producer)
    • Caller
    • Email
    • Integrations
  • Out-of-Box Configurations: ServiceNow provides many pre-built configurations for Incident Management, such as:
    • Contextual Search
    • Data Lookups
  • Notifications: Incident Management uses ServiceNow's built-in email and SMS notification capabilities.
  • Relationship to SLAs: Incident Management heavily leverages Service Level Agreements (SLAs) to track response and resolution times.

III. Service Level Agreements (SLAs)

  • Definition (from ServiceNow Docs): "A service level agreement, SLA, is a record that specifies the time within which service must be provided."
  • Purpose: SLAs define time windows or targets for resolving records (most commonly incidents). They track whether agreed-upon service levels are being met.
  • Example: A company promises that all Priority 1 incidents will be acknowledged within 15 minutes and resolved (or a workaround provided) within 2 hours.
  • Usage: While most common for incidents, SLAs can be used with other record types.
  • Workflows: SLAs can leverage workflows (covered in Section 8) to define complex processes.
  • SLA Conditions:
    • Start Conditions: Define when the SLA timer begins (e.g., when an incident is created and Priority = 1).
    • Pause Conditions: Define when the SLA timer is paused (e.g., when an incident is set to "Awaiting Caller").
    • Stop Conditions: Define when the SLA timer stops (e.g., when an incident is Closed).
    • Reset Conditions: Define when an SLA is restarted (less common).
  • Key Factors: Time zones, business calendars, and durations are critical for defining accurate SLAs.
  • Retroactive Start: Allows the SLA to start based on a field other than the creation date (e.g., based on the "Updated" field).

IV. Demo: Incident Management in ServiceNow

  • Incident Application Modules:
    • Create New: Creates a new incident record.
    • Assigned to me: Incidents assigned to the current user.
    • Open: All open incidents.
    • Open Unassigned: Open incidents with no assigned user.
    • Resolved: Resolved incidents.
    • All: All incidents.
    • Overview: Incident dashboard.
    • Critical Incidents Map: Geographic view of critical incidents.
    • Administration: Incident properties.
  • Number Field
    • located in system definition>number maintenance.
  • Caller Field:
    • Reference field to the sys_user table.
    • Displays related records and user information.
    • caller_id is the actual column name (important for scripting).
    • Uses a dynamic default value (Incident Get Caller).
  • Category & Subcategory:
    • Choice fields.
    • Subcategory is dependent on the Category field (configured in the dictionary entry).
    • The dependent value in the choice record determines which subcategories are available for a given category.
  • Business Service & Configuration Item:
    • Reference fields to their respective tables.
    • Configuration Item uses an advanced reference qualifier with JavaScript to filter the available CIs.
  • Contact Type: A simple choice field.
  • State:
    • A crucial field that tracks the incident lifecycle.
    • A choice field, but uses dictionary overrides to limit the choices displayed on the Incident form (because it's inherited from the task table).
  • Impact, Urgency, and Priority:
    • Priority is calculated based on Impact and Urgency.
    • This logic is defined in Data Lookup Definitions (System Policy > Data Lookup Definitions > Priority Lookup).
    • The dl_u_priority table contains the matrix that maps Impact/Urgency combinations to Priority values. This is a no-code way to configure this logic.
  • Assignment Group:
    • Reference field to the sys_group table.
    • Uses a reference qualifier to limit groups to those with a type of itil or null.
  • Short Description & Contextual Search:
    • Typing in the Short Description triggers Contextual Search.
    • Contextual Search displays relevant Knowledge Articles and Catalog Items based on keywords.
    • Configured in the Search Context application (Incident Deflection record).
    • Table Configurations specify which tables are searched.
  • Sections on the Incident Form:
    • Notes: Watch List (users notified of updates), Work Notes (internal notes), Additional Comments (customer-facing).
    • Related Records: Parent Incident, Problem, Change Request.
    • Resolution Information: Fields that become mandatory when the incident is Resolved (Knowledge checkbox, Resolution Code, Resolved By, etc.).
  • Related Lists: Task SLAs, Affected CIs, Impacted Services, Child Incidents.
  • UI Actions: (Copy Incident, Create Problem, Create Request, etc.) These actions create related records.

V. Demo: Service Level Agreements in ServiceNow

  • SLA Definitions: (SLA > SLA Definitions) This is where SLAs are configured.
  • Priority One Resolution SLA:
    • Type: SLA
    • Table: Incident
    • Start Condition: Active = true, Priority = Critical
    • Retroactive Start: True
    • Pause Condition: State = On Hold, On Hold Reason = Awaiting Caller OR State = Resolved
    • Stop Condition: State = Closed
    • Workflow: Can be viewed (but workflows are covered in Section 8).
  • SAN 001 Contract Resolution SLA:
    • Type: Underpinning Contract (associated with a Configuration Item's contract)
    • Start Condition: Configuration Item = Storage Area Network 001
    • Pause/Stop Conditions: Similar to the Priority One SLA.
  • Creating an Incident to Trigger SLAs:
    • Create a new incident.
    • Set Caller, Category, Subcategory, Configuration Item (Storage Area Network 001), and Priority (1 - Critical).
    • This triggers both the Priority One Resolution SLA and the SAN 001 Contract Resolution SLA.
  • Viewing SLA Status:
    • The Task SLA related list shows the active SLAs.
    • Stage: In Progress, Paused, Completed, etc.
    • Business Time Left, Business Elapsed Time, etc.
  • Pausing and Stopping SLAs:
    • Setting the incident to On Hold (Awaiting Caller) pauses the SLAs.
    • Setting the incident to Resolved pauses the SLAs (waiting for potential reopening).
    • Setting the incident to Closed stops and completes the SLAs.
  • SLA Details:
    • Clicking on an SLA record in the related list shows detailed information.
    • Show Workflow: Displays the workflow context for the specific SLA instance.
    • Show SLA Timeline: Provides a visual timeline of the SLA.

Key Takeaways:

  • Incident Management and SLAs are tightly integrated. SLAs are a fundamental part of managing incidents effectively.
  • ServiceNow provides a lot of out-of-box functionality, but it's also highly configurable.
  • Understanding dictionary entries, reference qualifiers, data lookups, and contextual search is essential for administering Incident Management.
  • The demos show how to navigate the system and find where configurations are defined. This is crucial for both the exam and real-world administration.
  • The use of no code and low code solutions such as data lookups
No Comments
Back to top