“All Incidents are Events, but not all Events are Incidents”.
This sentence describes the relationship between ITIL processes Event Management and Incident Management. Events are merely changes in the state of Services, CI’s, or anything of significance across IT infrastructure.
Examples of Events are users logging in, a notification that a scheduled workload has been completed or other occurrences that signify normal operation. Events could also be exceptions, e.g. a device operating abnormally, or a transaction with unacceptable performance. ITIL calls these exceptions Incidents.
ITIL defines the Incident as:
“An Unplanned interruption to an IT Service or reduction in the quality of an IT service”.
Assessing the impact of the Incidents can be complex, and as a result, also processes, resources, and tools a company needs to put in place to manage them to mitigate the related risks.
That said, it’s straightforward to understand how having a poor Event Management could bring to a waste of resources and time in managing Incidents. What does it mean “poor” Event Management? It can be explained by referring to some ITIL Event Management activities and imagine they aren’t managed correctly.
Event occurrence, notification and detection. This is the most important source for poor Incident Management: affected Cis (ICT devices, IT services, etc.) don’t communicate the “illness” to the management tool. You will only see the effects later, maybe when the Business Service is down, and your customer will lose trust in the Company.
Event filtering. “Too much information is equal to no information”. Imagine a flood of events and the management tool not able to filter them: the operators working at the Event Console will be distracted by useless information – Noise – and won’t notice important ones. Many Incidents could always be opened reporting the same information. The overall rating and trust in the ITSM architecture decrease.
Event correlation. Events come from different sources and sometimes are the result of some root cause. Not being able to identify the root cause and the correlation between events means dealing with several Incidents to investigate and to resolve and spending more time and resources than necessary.