Major Incident Management II – Comments on Roles and Communication

In our last post we began discussing Major Incident Management and offered some thoughts around the authority to declare a Major Incident (MI) and guidelines for when such a declaration should be made. Let’s continue that topic by outlining the roles we typically define for the process. We’ll also offer some suggestions for handling communications during a Major Incident.

Remember – Major Incident Management is a process where the key activity happens outside of your ITSM software. We raise Major Incident records to document what has been done, but the process activities themselves are driven by immediate verbal communication.

Once a Major Incident is declared we suggest three roles to manage the response –
1. The Owner of the Major Incident. This person is responsible for coordinating efforts to resolve the issue. This includes naming the Technical Lead, overseeing communications, contacting vendors and ensuring all the other tasks that are required are assigned and carried out.

The Owner of the Major Incident can change during the lifecycle of the event as the nature of the issue is learned and troubleshooting advances. Any such turnover should, of course, be verbally confirmed, and then documented in the MI record.

We usually recommend that anyone in IT is eligible to be the Owner of any specific Major Incident. We reflect this in the ITSM software by not restricting the ‘Assigned To’ field to be a member of the ‘Assignment Group.’ This field is left open to be filled in by anyone from any IT group.

2. The Technical Lead. The Technical Lead works with the Owner of the Major Incident to form the Technical Team that will be in the troubleshooting room and on the conference bridge, and in the data center, to figure out what went wrong and how to restore service.

As with the Owner of the Major Incident, the Technical Lead and the members of the Technical Team, can change as the Major Incident moves through its lifecycle and details of the issue develop.

The Owner of the Major Incident serves as the conduit for communications with the Technical Lead. You should strive to limit the point of contact to only the Owner of the Major Incident. This allows the Technical resources to focus their energies on troubleshooting and resolving the issue.

3. The Communications Lead. The Communications Lead is responsible for coordinating messages about the Major Incident to the client community and other stakeholders (e.g. Board of Directors, Media, etc). The Owner of the Major Incident will serve as a coordination point between the Tech Lead and the Communications Lead.

Some clients have dedicated Communications officers or departments and these folks handle all the communications responsibilities for all Major Incidents. Others do not have permanent dedicated roles for this and the role is assigned separately for each Major Incident.

A brief ServiceNow comment – one fancy thing we usually do is to establish a separate ‘MI Communications Tab’ to facilitate the collection and coordination of information that will be used to communicate status and progress about the Major Incident. The specifics of this tab varies greatly from client to client but the underlying principle is the same, allow the central collection of information that will be used to build communications about the Major Incident and also have the capacity to build distribution lists that are used to disseminate the right information to the right groups of clients and stakeholders.

Now that we have considered the three roles of Major Incident Management we can take a quick look at an example of a high level workflow of the overall process. This sample process illustrates the MI declaration and the three roles in action:

In our last two posts we have covered some of the considerations we bring to the design of a Major Incident Management process. In a future post we will discuss some ideas for designing a Major Incident process in ServiceNow. (I think we promised that a few posts ago…)

If you would like to discuss these concepts further – you can contact us at or call us at +1.888.718.1708 and let us know you would like to discuss Major Incident Management or anything about ITSM and ServiceNow implementation services.