Getting the incident escalation process right - A guide to an effective escalation process

Understanding the incident escalation process correctly

For many, incident management falls into the category of "has to be done, but I'd much rather be working on something else". However, a good understanding of how to escalate incidents appropriately is not insignificant. Reduces obstacles in the incident management process and counteracts confusion.

The first step in incident handling is a critical self-assessment: "Can I resolve the incident directly?" If the answer is "no", the incident should be forwarded to someone who has the necessary expertise or decision-making power to help. There are also tools and methods that increase the likelihood that the answer to this question will be "yes" more often. For example, a well-maintained knowledge database is a valuable aid. It provides tried and tested answers that make it possible to solve even unknown problems. The use of the shift-left approach can also promote the exchange of knowledge and increase efficiency.

Another important aspect is correctly assessing to whom the incident should be escalated. There are basically two main forms of incident escalation: hierarchical and functional escalation.

• Hierarchical escalation means passing the incident on to someone with decision-making authority. This is particularly useful when major efforts or approvals are required.
• Functional escalation forwards the incident to a person or team with specific expertise. This can be done either by email or via service management software. Specialised tools even make it possible to escalate parts of an incident to other agent groups.

It is essential to determine both the impact and the urgency of the incident. If the problem is urgent and there is no solution in the knowledge base, the incident should be escalated to a subject matter expert as quickly as possible. An incident priority matrix, as taught in ITIL training courses, helps to set the right priorities and avoid misunderstandings during escalation. It is important to state precisely who the incident affects (the entire company, a location, a department or just one reporter) and how serious the work disruption is (can those affected work, work with restrictions or not work at all?).

Finally, when escalating or passing on the incident, care should be taken to provide as many supporting and detailed records as possible. It makes the most sense to provide a handover log summarising the measures already taken or a kind of checklist. This makes the handover process much easier and ensures that the incident can be processed quickly and efficiently.

The role of detailed records - incident record

An important part of incident management is the conscientious documentation of all work steps. When an incident is escalated, the records are of great importance. They ensure that all relevant information is available to facilitate the handover process and to continue processing the incident without loss.

Firstly, as many details of the incident as possible should be documented. This includes the circumstances under which the incident occurred, the affected systems or applications (CIs) and the initial measures taken. Detailed and precise documentation helps the subsequent processor to familiarise themselves with the incident more quickly.

Communication with the requester and other parties involved should also be included in the complete documentation (emails, chat history and telephone calls) of an incident. References and links to knowledge database articles used, previous incidents or similar problems should also be related to the incident.

In addition to immediate problem solving, long-term analysis and improvement is also possible through detailed documentation. By analysing patterns and recurring problems, proactive measures can be developed to prevent future incidents.  Regular employee training ensures that the quality of the records remains high. A standardised approach facilitates collaboration and contributes to consistency and transparency within the teams.

Swarming approach to problem solving

The swarming approach is a collaborative approach to solving problems. In contrast to the usual approach, where an incident is handled by one person, the swarming approach builds on the advantage of collaboration. The incident is forwarded directly to a team of experts. Teamwork leads to a solution more quickly, as different expertise and perspectives are brought in at the same time.

An important component of swarming is communication. Open and regular communication within the team is encouraged to ensure that all members have the same level of information. Tools such as instant messaging, video conferencing and special collaboration platforms can support this process and facilitate collaboration.

This approach has several advantages:

• Faster problem solving: simultaneous processing by several experts can significantly reduce the time required to solve problems.
• More effective use of resources: The expertise and specialist knowledge of team members is better utilised, which increases the quality of the solutions.
• Promoting knowledge sharing: The swarming approach enables knowledge and experience to be shared and disseminated within the team, which contributes to continuous improvement and learning.
• Reduction of escalations: As the incident is immediately escalated to a team of experts, frequent escalations to other levels are not necessary.
• To successfully implement the swarming approach, clear guidelines and processes should be defined. This includes determining the criteria for when an incident is resolved through swarming, as well as the roles and responsibilities of team members during the swarming process.

By using modern communication tools and clear processes, this collaborative approach can be smoothly integrated into existing incident management structures.