recover

Question 1

what is an event

Answer 1

any change of state that has significance for the management of a service. Typically, they are notifications from monitoring tools

Question 2

what is an incident

Answer 2

an unplanned interruption to a service or reduction in the quality of a service.

Question 3

what is a problem
- what is a known error

Answer 3

a cause, or potential cause, of one or more incidents

• known errors are problems that have been analysed but not resolved

Question 4

what is incident management
- purpose?

Answer 4

• to minimise the negative impacts of incidents by restoring normal service operation as quickly as possible
• diagnose and escalate
• reactive process
• not a proactive measure

Question 5

what is problem management
- purpose?

Answer 5

• reduce likelihood and impact of incidents by identifying actual and potential causes of incidents and managing workarounds and known errors
• reactive and proactive
• same incident occurring many times; affects many users;

Question 6

incident management process (4)

Answer 6

1. identify
2. log
3. categorise
4. prioritise

Question 7

incident identification

Answer 7

come from:
1. users: walk-ups, self-service, emails, etc
2. alerts: application monitoring software

decide if issue is an incident OR request

Question 8

incident logging

Answer 8

include:
- user’s name and contact information
- incident description
- date and time of incident
- date and time of incident report

Question 9

incident categorisation
- purpose?

Answer 9

• assigning a category + at least 1 subcategory
• purpose: allows sorting and model incidents, automatic prioritisation; accurate incident tracking and see patterns emerge

Question 10

incident prioritisation

Answer 10

determined by:
1. impact on users and the business: measure extent of potential damage
2. urgency: how quickly a resolution is required to reduce business impact

Question 11

incident tracking status (6)

Answer 11

1. New
2. Assigned
3. In progress
4. On hold
5. Resolved
6. Closed

Question 12

post incident review

Answer 12

• check users’ perception
• check business process and infrastructure metrics
• decide if an underlying problem exists and raise a ticket if necessary (problem management)

Question 13

incident communication

Answer 13

• find out what happen
• escalation
• updates
• reporting incident impact and resolution
• confirming the resolution with the users

Question 14

user satisfaction surveys
- why?
- success?

Answer 14

• good method of monitoring user perception and expectations
• key points for success: scope, define, conduct, understand, publish, translate, follow through

Question 15

incident report

Answer 15

• basic summary: ticker number, description, impact, resolution time
• causes found: technical analysis
• actions taken: short-term workarounds, improvements to avoid similar occurrences
• post-incident follow up: measurements taken after the fix, eliminate root cause/problem tickets raised, user surveys

Question 16

summary report
- purpose?
- includes?

Answer 16

• ensure incident management effective

includes:
- number of incidents
- average resolution time
- type of incident reported
- % of incidents handled within the agreed response time
- % closed by service desk without escalation
- summarise in non-technical language and show where improvements could be made

Question 17

security concerns

Answer 17

• incident may occur due to security event (unauthorised access, virus, cyber attack)
• elevated system access may need to be granted to resolve incident
• data may be lost/leaked

Question 18

support team’s role in IM

Answer 18

• Receive and communicate all incidents
• Filter out service/change requests
• Resolve or escalate incidents as appropriate
• Confirm and close tickets
• Analyse incident logs
• Report on incident trends and suggest improvements

Question 19

types of root causes

Answer 19

1. (special cause) random root cause:
   - hard to track down and fix
   - log but no action unless occurs again
2. (random cause) root cause will produce more incidents if not fixed:
   - problems
   - find and fix

Question 20

risks

Answer 20

potential incidents that have no manifested yet

Question 21

risk management
- purpose?
- how?

Answer 21

• any potential incident is a risk and should be considered as early as possible
• ensure reliable enterprise solutions
• avoid/mitigate/transfer/accept

Question 22

risk classification

Answer 22

1. severity (business impact)
2. likelihood (probability of the event to happen)

Question 23

RTO

Answer 23

recovery time objectives
- maximum agreed acceptable period of time following a service disruption that can elapse before business functions are severely impacted
- how long to recover?

Question 24

RPO

Answer 24

recovery point objectives
- the point to which information used by a business activity must be restored to enable the activity to operate on resumption of the service
- how far back last point where data is in usable format?

Question 25

phases of problem management

Answer 25

1. problem identification
2. problem control
3. error control

Question 26

problem identification

Answer 26

• detect duplicate and recurring issues
• during major incident, identify risk that an incident could recur
• analyse information received that may cause problems like security risks, vendor reports, quality assurance teams

Question 27

problem control

Answer 27

• problem analysis (RCA) / troubleshooting
• documenting workarounds
• documenting known errors

Question 28

troubleshooting process

Answer 28

1. define problem statement
2. gather information, data, etc
3. determine - root cause analysis
4. recommend solutions for eliminating or mitigating the problem

Question 29

RCA

Answer 29

root cause analysis
- systematic process for identifying ‘root causes’ of problems/incidents and an approach for responding to them
- prevent problems
- pinpoint contributing factors to a problem
- creates RCI & RCR

Question 30

RCA - time analysis

Answer 30

• understand what happened and ensure all information is available
• get data, sort by date and time, list in time order == look for patterns

Question 31

RCA - fishbone diagram

Answer 31

• helps to understand and visualise relationships between causes
• helps with troubleshooting documentation
• progressively break down potential causes of a problem
  1. causes are grouped into categories
  2. create possible causes under each category

Question 32

problem response: troubleshoot recommendation

Answer 32

1. design solution based on analysis
2. decide & plan implementation
3. follow change process

Question 33

what is a workaround

Answer 33

• solution that reduces/eliminated the impact of an incident/problem for which a full resolution is not yet available

Question 34

error control

Answer 34

• manage known errors
• identify potential permanent solution
• regularly reassess the status of known errors not yet resolved

Question 35

disaster recovery

Answer 35

• aims to protect an org from effects of significantly negative events
• allows org to maintain or quickly resume mission-critical functions following a disaster

Question 36

ESM role in disaster recovery

Answer 36

• Escalating if a situation looks like a potential disaster
• Help test DR plans
• Check critical business processes
• Triage incidents
• Check if back to normal