Incident is a negative event or an event with negative outcomes.

In general, Incident, Problem, are terms which are used interchangeably and in some places, to top up the confusion, another term – “issue”. While dealing with service management or designing process & procedures for it, it is important to understand the difference.

ITIL (for service management) has definitions that distinguish these two words, we will go through it once we have understood the terms.

Identify a problem or an incident ?

Let’s start with a simple example. An employee calls up IT Desk reporting that he is unable to access employee HR portal. There is no scheduled maintenance / outage at the moment.

IT Executive checks the server, understands the web server is running but not responding to requests. He restarts the web server (service) and it starts working. The service runs fine for sometime and stops responding again, more incident tickets are raised.

He restarts it as a temporary fix. & then he then troubleshoots, investigates logs and events, understands that a recent windows patch(update) is released for similar issue and it is pending install. He installs it to resolve & prevent recurrence of this issue.

The issue reported is an incident because it is affecting business and outage is unplanned. IT Executive initially raises an incident as soon as he understands the employee concern, resolves the issue by restarting the web server (service) and closes the incident. This is completed in Incident Management

As this incident repeats.

The IT Executive understands that there is some underlying issue / bug that is causing this service to stop responding often. He needs to investigate and find the root cause of the incident to prevent recurrence. On investigation, he understands that a Windows software bug is causing this issue & a corresponding patch is released, awaiting install.

He installs the patch and solves the root cause of this incident. This is done in problem management.

How is it related  & key points?

• Problems may not be Incidents.
• 1 or more Incident(s) can lead to problem, if there is a possibility of recurrence and has a related underlying issue.
• A Problem is more serious than an Incident requiring deeper investigation & understanding.
• Any outage / negative even that is “unplanned” and “affects normal business operations” is an Incident. Any planned outage like maintenance or notified outage, doesnot qualify to be an incident.
• A problem may arise / may be triggered without an incident.
• The problem may be left alone,
  • if it doesn’t affect the normal business operations
  • if it doesn’t affect a service during its required working hours
  • if the cost of fixing the problem is more than the benefit from it (develop a work-around in this case).
• It may take multiple incidents to know that there is a problem and to identify the root cause.

While problems may not always be mapped to an incident,but incidents can raise problems, especially if they may or do happen repeatedly.

According to ITIL,

“an incident is an unplanned interruption to a service, or the failure of a component of a service that hasn’t yet impacted service”.

“a problem is a cause of one or more incidents”.

Incident Management & Problem Management

• Incident management aims to ensure agreed user service level by restoring service / business operations as quickly as possible.
• Problem management aims at finding permanent solutions to problems / incidents, investigating the root cause and resolve the underlying cause of issues OR 1 or more incidents.