事件管理 USUP

协调对事故报告做出的反应,尽量减少负面影响,并尽快恢复服务。

指导说明

activities may include, but are not limited to:

  • design and implement different processes and procedures for different categories of events, including but not limited to major, information or cybersecurity incidents, complex incidents, and low-impact events
  • set up an incident response team or a security incident response team
  • arrange the request for help to the appropriate functional department for resolution
  • monitor resolution activity
  • inform users, customers, and key stakeholders of progress in service recovery.

EVENTS CAN IMPACT AREAS SUCH AS, BUT ARE NOT LIMITED TO, BUSINESS OPERATIONS, INFORMATION SECURITY, IT SYSTEMS, SERVICES, EMPLOYEES, CUSTOMERS, OR OTHER IMPORTANT BUSINESS FUNCTIONS.

incidents may be diagnosed and resolved in different roles/teams, such as users, subject matter experts, help desks, support teams, vendors, partners. they play a role in the incident management process, but they do not have to have incident management skills.

事件管理: 级别 2

按照商定的流程识别、登记和分类事故。收集信息以启动故障处理,并根据情况对故障进行分配。

事件管理: 级别 3

提供一线调查并收集信息,以解决和分配事件。就所采取的行动向相关人员提出建议。

事件管理: 级别 4

确保按照约定的程序对事件进行处理。对事件进行优先排序和诊断。调查事故原因并寻求解决。上报遗留问题。促进事件解决后的恢复。对已解决的事件进行文档整理和关闭。协助测试和改进事件管理程序。

事件管理: 级别 5

与服务负责人达成一致,开发、维护和测试事件管理程序。调查升级至负责的服务负责人的影响重大的非常规事件,并寻求解决方案。促使在故障解决后进行恢复。确保对已解决的故障进行妥善记录且已关闭。分析故障的起因,并告知服务负责人,从而最小化再度发生的可能性,并为改善服务提供帮助。分析指标并报告故障管理流程的性能。