In IT Service Management (ITSM), the term “incident” is a key concept. It’s not just a random event or mishap but a well-defined concept with implications for the smooth functioning of an organisation’s technical systems. Sometimes the term “major incident” will be used, this is typically to cover a more severe incident – perhaps a P1 (Priority 1) incident that has a significant impact on the business or its operations.

An incident should also not be confused with routine service requests or planned changes. Unlike service requests, which involve standard, pre-approved actions like password resets or access permissions, incidents are unexpected and disruptive events that require immediate attention. Incidents are also not part of planned changes or scheduled maintenance activities. They are unscheduled, unplanned, and often occur abruptly, leading to disruptions in IT services.

While planned changes may often follow a structured process with approvals, incidents demand a rapid response and effective resolution to minimise impact. It’s therefore essential to distinguish between incidents and service requests to ensure that each receives the appropriate attention and treatment in alignment with ITSM principles.

Let’s dive deeper into what constitutes an incident, why it matters, and how it is managed to ensure uninterrupted business operations.

Defining an incident in ITSM

Within ITSM, an incident is usually defined as any unplanned interruption or disruption to an IT service that affects the normal course of business. These interruptions can be caused by a variety of factors, including:

  • Service Outages: When a critical IT service, such as email or a website, becomes unavailable or experiences unexpected downtime.
  • Software Failures: Malfunctions or crashes of software applications used in day-to-day operations, perhaps caused by dependency changes, code regressions or scenarios without QA test coverage.
  • Hardware Issues: Problems with hardware components like servers, routers, or workstations that prevent normal functioning. Even when an organisation outsources to cloud hosting providers, this issue is just pushed upstream and can still occur if architectural decisions do not build in redundancy –as the industry meme goes “The cloud is just someone else’s computer”.
  • Security Breaches: Unauthorised access, data breaches, malware incursions or cyberattacks that compromise the confidentiality, integrity, or availability of IT resources, customer or operational data.
  • User Errors: Mistakes made by users that result in issues, such as accidental deletion of data or misconfigurations, perhaps where existing guardrails were not sufficient to protect against this outcome.

Further to this, in ITSM the concept of a “problem” is used to discuss the root cause of one or more incidents. Another way to think about the difference between incidents and problems is that incidents are symptoms, while problems are the underlying causes. Incident management is focused on treating the symptoms (i.e., restoring IT service as quickly as possible), while problem management is focused on curing the root cause.

In many organisations, Problem Management is often expanded into a full-time function, with its team members performing trend analysis to identify recurring issues needing attention, or managing long-term, chronic issues where the permanent fix is not straightforward or to ensure sufficient resources are allocated to solving the problem.

colleagues making business plan meeting

The significance of incidents

Understanding what qualifies as an incident is fundamental for several reasons:

  1. Swift Resolution for Minimal Disruption: At the core of incident management lies the principle of rapid response and resolution. In organisations where even a few minutes of downtime can translate to substantial losses, the ability to identify and address incidents swiftly is of utmost importance. Swift resolution ensures that the interruption to IT services and business operations is kept to an absolute minimum.
  2. Customer Satisfaction and Trust: In today’s age of heightened customer expectations, where digital services are integral to daily life, ensuring uninterrupted access to these services is critical. An organisation’s ability to manage incidents effectively directly affects customer satisfaction and trust. When customers experience minimal disruption and quick issue resolution, their trust in the reliability of the services grows. This is especially important for many operations where trust forms the cornerstone of long-term customer relationships, loyalty, and positive word-of-mouth.
  3. Operational Continuity: For many organisations, especially those in sectors heavily reliant on technology, operational continuity is non-negotiable. The ability to supply uninterrupted services to customers and stakeholders ensures that critical business functions continue to run without major disruptions. Incident management is essential for preserving this continuity, contributing to the organisation’s resilience in the face of technological challenges.
  4. Data-Driven Decision-Making: Incidents and their resolutions are not just about firefighting; they serve as a valuable source of data and insights. By thoroughly documenting incidents and analysing their patterns, organisations gain a deeper understanding of their IT infrastructure, vulnerabilities, and potential areas for improvement. This data-driven approach empowers organisations to make informed decisions about their IT environment, helping them identify and rectify recurring issues, enhance resource allocation, and plan for future investments strategically.
  5. Compliance and Accountability: With ever-evolving regulations and compliance standards, organisations may be required to document and report incidents to show their compliance to industry-specific requirements. Incident management can ensure that incidents are tracked, reported, and documented in a manner that supports compliance efforts. This not only helps organisations avoid regulatory fines and penalties but also showcases their commitment to maintaining the highest operational standards.


Understanding the concept of incidents and their management is fundamental. Incidents are more than just technological hiccups; they are often severe disruptions that demand swift and efficient responses. By grasping the essence of what qualifies as an incident, organisations can take the first step toward ensuring uninterrupted service delivery and customer satisfaction.

In my next post, I will be looking more closely at the incident management process, from identification through to resolution, as this is a cornerstone of a well-oiled IT operation providing the foundation for reliability and service continuity.

Stay connected with Lean Tree as we continue to provide you with practical guidance, industry knowledge, and expertise to make the most of your ITSM endeavours. If you have specific themes or topics you’d like to explore further in subsequent blog posts or would like to discuss how we can support your technology transformation, please feel free to get in touch!

How can we help you?

Let's have a chat.

Latest news & insights

employee itsm review meeting

Navigating the Aftermath: The Importance of Post Incident Reviews

three happy business people using gadgets office

ITSM Major Incident Communications

supplier management conference meeting

The Challenge of Composable Architecture and Multiple Vendors