What type of problem management investigates the root cause of major incidents?

Problem Management includes the activities required to diagnose the root cause of incidents identified through the Incident Management process, and to determine the resolution to those problems. It is also responsible for ensuring that the resolution is implemented through the appropriate control procedures, especially Change Management and Release Management.

Problem Management will also maintain information about problems and the appropriate workarounds and resolutions, so that the organization is able to reduce the number and impact of incidents over time. In this respect, Problem Management has a strong interface with Knowledge Management, and tools such as the Known Error Database will be used for both. Although Incident Management and Problem Management are separate processes, they are closely related and will typically use the same tools, and may use similar categorization, impact and priority coding systems. This will ensure effective communication when dealing with related incidents and problems.

Value to business

Problem Management works together with Incident Management and Change Management to ensure that IT service availability and quality are increased. When incidents are resolved, information about the resolution is recorded. Over time, this information is used to speed up the resolution time and identify permanent solutions, reducing the number and resolution time of incidents. This results in less downtime and less disruption to business critical systems.

Process activities, methods and techniques

Problem Management consists of two major processes:

• Reactive Problem Management, which is generally executed as part of Service Operation
• Proactive Problem Management which is initiated in Service Operation, but generally driven as part of Continual service improvement (CSI).

Problem detection

• Suspicion or detection of a cause of one or more incidents by the Service Desk, resulting in a Problem Record being raised – Service Desk may have resolved the incident but has not determined a definitive cause and suspects that it is likely to recur.
• Analysis of an incident by a technical support group which reveals that an underlying problem exists, or is likely to exist.
• Automated detection of an infrastructure or application fault, using event/alert tools automatically to raise an incident which may reveal the need for a Problem Record.
• A notification from a supplier or contractor that a problem exists that has to be resolved.
• Analysis of incidents as part of proactive Problem Management: watch-bulletins, releases, relevant papers

Problem logging

All the relevant details of the problem must be recorded so that a full historic record exists. This must be date and time stamped to allow suitable control and escalation. A cross-reference must be made to the incident(s) which initiated the "Problem Record":

• Service details
• Equipment details
• Date/time initially logged
• Priority and categorization details
• Incident description
• Details for all diagnostic or attempted recovery actions taken.

Problem Prioritization

Problems may be categorized according to their severity and priority in the same way as incidents in order to facilitate their tracking, taking the impact of the associated incidents and their frequency of occurrence into account. From an infrastructure point of view one may ask:

• Can the system be recovered, or does it need to be replaced?
• How much will it cost?
• How many people will be required to fix the problem?
• How long will it take to fix the problem?
• How many additional resources will be involved?
• What is the impact of not resolving the problem?

Problem investigation and diagnosis

The result of an investigation for a problem will be a root cause diagnosis or a RCA report. The resolution should be the sum of the appropriate level of resources and skills used to find it. There are a number of useful problem solving techniques that can be used to help diagnosis and resolved problems.

• The CMS must be used to help determine the level of impact and to assist in pinpointing the point of failure.
• The Known Error Database or KEDB should be accessed and checked in order to find out if the problem has occurred in the past, if so a resolution should be already in place.
• The Chronological analysis, the events that trigged the problem will be checked in chronological order in order to have a timeline of events. The purpose is to see which event trigger the next event and so on, or to rule out some possible events.

The Pain Value Analysis contains a broader view of the impact of an incident or a problem on the business. Rather than analysing the number of incidents/problems of a particular type in a particular time interval, the technique focus on in-depth analysis of what level of pain has been caused to the business by these incidents/problems. A formula to calculate the level of pain should take into account:

• the number of people affected
• the duration of the downtime caused
• the cost to the business

The Kepner and Tregoe method is used to investigate deeper-rooted problems. They defined the following stages:

• defining the problem
• describing the problem in terms of identity, location, time (duration) and size (impact)
• establishing possible causes
• testing the most probable cause
• verifying the true cause

Pareto Analysis or Pareto chart is a technique for separating important potential causes from trivial issues. The following steps should be taken:

1. Form a table listing the causes and their frequency as a percentage
2. Arrange the rows in the decreasing order of importance of the causes (the most important cause first)
3. Add a cumulative percentage column to the table
4. Create a bar chart with the causes, in order of their percentage of total
5. Draw a line at 80% on the Y-axis, then drop the line at the point of intersection with the X-axis. From the chart you can see the primary causes for the network failures. These should be targeted first.

Network failuresCausesPercentage of totalComputation %CumulativeNetwork Controller350+35%35File corruption2635% + 26%61Server OS661%+6%67%Known Error Record

After the investigation is complete and a workaround (or even a permanent solution) has been found, a Known Error Record must be raised and placed in the Known Error Database in order to identify and resolve further similar problems. The main purpose is to restore the affected service as soon as possible with a minimal impact on the business.

A good practice would be to raise a Known Error Record even earlier in the investigation - just for information purposes

Major Problem Review

A good practice is to have a review for all major problems. The review should examine:

• The correct steps taken
• The problems encountered during the implementation of the solution
• The need to improve
• Prevent the recurrence of further similar incidents
• Third-Party/Vendor/Supplier involved in the implementation

The knowledge learned from the review should be incorporated into a service review with the business customer to ensure that the customer is aware of the actions taken and the plans to prevent future similar incidents from occurring.This helps to improve customer satisfaction and assure the business that Service Operations is handling major incidents responsibly and actively working to prevent their future recurrence..

What is root cause analysis in problem management?

What are the different types of problem management?

What are the 3 phases of problem management?

What are major processes in problem management?