Description

ServiceNow Incident Management Configuration

ServiceNow Incident Management helps restore normal service operations as quickly as possible after disruptions. Configuration focuses on the Incident table (incident), workflows, assignment logic, notifications, SLAs, forms, automation, and integrations.

1. Incident Form & Fields Configuration

The Incident form is the primary interface for logging and resolving incidents.

Key Fields (default)

1. Number
2. Caller
3. Category / Subcategory
4. Service / CI
5. Impact / Urgency → Priority
6. Assignment Group / Assigned To
7. State (New → In Progress → Resolved → Closed)
8. Short Description / Description
9. Work Notes / Additional Comments
10. Resolution Code / Resolution Notes

Configurable Elements

1. Adding custom fields (UI > Form Designer)
2. Mandatory/optional field configuration
3. Form layouts & sections
4. UI policies (show/hide/mandatory logic)
5. Client scripts (front-end logic)

2. Priority Matrix (Impact × Urgency)

ServiceNow uses a priority calculation matrix.

Admins configure:

1. Impact (1–3)
2. Urgency (1–3)
3. Priority lookup rules (based on standard ITIL matrix)

Example:

1. High Impact + High Urgency = P1 Critical

This is configured in:

System Policy → Rules → Priority Lookup Records

3. Incident States & Lifecycle Configuration

Admins configure state values and transitions.

Incident Lifecycle

1. New
2. In Progress
3. On Hold (with hold reasons)
4. Resolved
5. Closed
6. Canceled

Configurations include:

1. State transition rules
2. Mandatory resolution notes on resolve/close
3. Auto-close rules (e.g., auto-close 3 days after resolution)

4. Assignment Rules & Auto Routing

Automation that assigns incidents to the right groups.

Methods for Routing

1. Assignment Rules
2. Based on:
3. Category/Subcategory
4. CI/Service
5. Caller department
6. Keywords
7. Case/Incident Classifiers (ML)
8. (If Predictive Intelligence is enabled.)
9. Workload-based Assignment
10. (Agent Workspace > Dynamic assignment)
11. Scripted routing
12. Using business rules.

5. SLAs (Service Level Agreements)

SLAs measure response and resolution performance.

Common SLAs

1. Response SLA (e.g., first response within 1 hour)
2. Resolution SLA (e.g., P1 resolved in 4 hours)

SLA Configuration Includes:

1. SLA definitions
2. Conditions (priority-based)
3. Schedule (business hours, holidays)
4. Pause conditions (e.g., On Hold)

6. Notifications & Templates

ServiceNow sends automated notifications to users and support teams.

Typical Notifications

1. Incident Created
2. Assignment Group Updated
3. Incident Resolved / Closed
4. Comments Added (Work Notes / Additional Comments)

Admins configure:

1. Email templates
2. Notification triggers
3. Escalation emails
4. Digest notifications

7. Incident Workflow / Flow Designer Automation

Workflow automation controls the lifecycle.

Examples:

1. Auto-fill fields upon creation
2. Auto-escalation for breached SLAs
3. Auto-close resolved incidents
4. Approval flow (optional)

Tools:

1. Flow Designer
2. Business rules
3. Script includes
4. Workflow Editor (legacy)

8. Categorization & ServiceMapping (Optional Enhancements)

Categories/Subcategories

Customize lists based on business services:

1. Hardware → Laptop, Server
2. Software → Email, ERP
3. Network → WiFi, VPN

Service Catalog & CMDB Link

Link incidents to:

1. Business services
2. CIs (Configuration Items)
3. This enables:
4. Impact analysis
5. Outage detection
6. Problem correlation

9. Integrations (Optional)

Incident Management integrates with:

1. Email → inbound actions (Auto-create incidents from emails)
2. Monitoring tools (SNMP traps, event management)
3. Chat/Teams/Slack (virtual agent)
4. ITOM Event Management (auto-create/auto-close incidents)
5. Third-party ticketing (Jira, Remedy, Zendesk)

10. Reporting & Dashboards

Admins configure:

Common Reports

1. Incidents by priority
2. Incidents by assignment group
3. SLA compliance
4. Mean Time to Resolve (MTTR)
5. Incident backlog

Dashboards

1. Service Desk dashboard
2. Executive summary reports
3. KPI scorecards

Admins can also configure real-time:

1. Performance Analytics
2. Trend reports

11. Roles and Permissions

Access control for Incident Management uses:

Default Roles

1. itil → basic incident management
2. itil_admin → extended privileges
3. incident_manager
4. admin

Access Control Rules (ACLs)

Admins configure who can:

1. Read/write incidents
2. Modify sensitive fields (e.g., Caller, Priority)
3. Reopen closed incidents

Summary Table