To ensure the proper CIT employees are aware and engaged in the effort to meet SLAs for critical incidents.

Applies to Service Desk, VITM, VCIO, CSOC, Customer Success.

Responsibility :

Service Desk Analyst: Triages call or email, determines priority level, responds within 1 hour, creates swarm space, may contact SME’s as determined necessary, will stay in touch with user(s) that reported issue, and may need to call POC. Information Security Lead: Takes the lead on security incidents. VITM: Responds to swarm space within 1 hour, may need to assist with incident as the client SME, may need to assist with drafting client communications, assists with communication with POC(s), posts any mass communication info in swarm space.

VCIO: May be contacted to assist with client communication if VITM unavailable, may need to assist with drafting client communications, assists with communication with POC(s), posts any mass communication info in swarm space.

VITM Manager: May be contacted to assist with attempting to reach VITM.

Director of Client Success: Assists with sending out mass communications regarding outages.

Everyone: Opens a problem ticket if they find missing information.

Service Desk: Attaches any tickets that come in related to the first reported issue as a child ticket.

A Critical Incident is defined as follows:

Critical Business Impact: The entire company, large group, department or VIP users affected that is causing a financial impact. A stoppage in major business processes, applications, or critical operations.

Urgency: Needs immediate attention to restore service and prevent or reduce a financial impact to the business. No possible workarounds.

Examples: network down, possible security incident, mission critical systems inoperable, issues affecting payroll deadlines.

1. A call/email is received. It is triaged by the Service Desk and the responsibility of the analyst assigned to determine impact and urgency which determines the priority level.

   a. A Critical Incident is defined as follows:

   Critical Business Impact: The entire company, large group, department or VIP users affected that is causing a financial impact. A stoppage in major business processes, applications, or critical operations.

   Urgency: Needs immediate attention to restore service and prevent or reduce a financial impact to the business. No possible workarounds.

   Examples: network down, possible security incident, mission critical systems inoperable, issues affecting payroll deadlines.

2. Once it has been determined to be a critical incident, during business hours, the analyst assigned to the incident must respond to the client within 1 business hour if the incident was reported via email. The analyst will then immediately create a SWARM space. This space will include themselves, escalation tech, VITM, VCIO, and SD manager. The title of the space will be the client name – ticket number – brief issue summary.

   a. Example – GPW – TK13256 – PBA inaccessible

b. Reference KB00050560 (How to Create a SWARM space)

KB00050560

3. A brief summary of the issue needs to be immediately posted stating summary of the issue, what time the issue was reported, and include any troubleshooting that has already occurred. 4. If critical incident is a security incident the Information Security Lead must be added to the SWARM space immediately.

5. The client VITM needs to acknowledge the space within an hour. This is so our techs are aware the VITM is available to assist and can help mitigate any communication. If the VITM does not acknowledge within 30 minutes, they should be contacted by phone. If VITM does not acknowledge within the hour, the VITM manager is to be added to the SWARM to help facilitate contact with the VITM. If VITM is unavailable, the VCIO will be tagged in the space and has 30 minutes to acknowledge and accept responsibility to handle any additional client communication or will be contacted by phone if unresponsive in the space.

6. Troubleshooting will proceed as normal and may require the VITM stepping in as the client SME to assist in resolving outages (e.g., licensing issues/expirations, applications with lack of documentation, etc.). If an additional SME is needed, they can be added to the space.

7. The expectation of the Service Desk is to remain in contact with the user(s) who reported the issue. If at any point in time, mass communication to the client is necessary, it is the responsibility of the VITM/VCIO to draft up that communication and send it out with assistance from the Director of Client Success. If regular updates to the client points of contact (POCs) is required, that is the responsibility of the VITM/VCIO. All updates sent to the client need to be posted in the SWARM space so analysts or SMEs working the issue are aware of the information being sent to the client.

**If missing information is identified, it is the responsibility of the person who discovered the missing information to create a problem ticket and assign to the VITM for updated documentation. This includes incorrect WI, missing WI, missing CI, missing vendor information, etc. **It is the responsibility of the entire service team to attach any tickets that come in related to the first reported issue as a child ticket.

Critical incident is responded to and resolved within the agreement defined prioritization levels and client is clearly communicated with throughout the entire procedure.

Priority and Response Matrix: KB00002890

Create a Problem from an Incident: KB00001007

How to Create a SWARM space: KB00050560

1. Link to process map.

Note: Please add KB relationships to core process, process. SOPs or other WIs on the right.