The purpose of incident management is to reinstate normal service operations as fast as possible and mitigate the negative impact on business operations, thus making sure that the agreed levels of service quality are maintained. The operational state where CIs and services are performing within their agreed service parameters and operational levels is called ‘Normal service operation’.
There are two main aims of the incident management process:
– To restore services back to normal operation as fast as possible
– To mitigate the adverse effect of critical incidences on business operations.
ITIL Incident Management
According to ITIL terminology, an ‘incident’ is described as an unplanned interruption.
Incident management, as the name suggests, is the process that is used to manage the lifecycle of all incidents. Incidents can be identified by technical staff, reported and detected by event monitoring tools, be conveyed by communications from users (usually through a telephone call to the service desk), or reported by third-party suppliers and partners.
The main objectives of the incident management process are as follows:
– Make sure that standardized procedures and methods are used for prompt and efficient response, documentation, analysis, reporting of incidents, and ongoing management.
– Improve the communication and visibility of incidents
– Improve the business perception of IT with the help of a professional approach, so that incidents will be resolved and reported quickly
– Line up incident management activities and prioritize them accordingly
– Enhance and maintain user satisfaction without losing the quality of IT services
Incident management includes any event which disrupts, or something which is capable of causing a disruption to the service. This includes events which are communicated directly by users – through an interface from event management to incident management tools – or through the service desk.
Value of incident management
– Ability to mitigate the risk of unplanned costs and labor for both business and IT support staff
– Ability to detect and resolve incidents, which in turn results in lower downtime to the business, which means increased availability of the service
– Ability to line up IT activity to real-time business priorities
– Ability to identify the potential areas of improvement
– Incidents and their status must be reported in a timely manner.
– Incidents resolution should be within the timeframes acceptable to business.
– Maintaining Customer satisfaction is very important.
– Incident handling and processing should be in line with overall service levels and objectives
– All incidents should be managed and stored in a single management system
– All incidents should subscribe to a standard classification schema which is consistent across the business enterprise
– All incident records should be audited in regular intervals to ensure that entries are categorized correctly
Principles and Basic concepts
There are some basic things that need to be taken care of when considering incident management.
Timescales should be agreed upon for all incident handling stages, based upon the overall incident response and the resolution targets within SLAs
Many incidents are not new; there are some incidents which happen recurrently. For this reason, many organizations find it very helpful to predefine ‘standard’ incident models, so that they can be referred to when needed and applied to incidents as they occur.
There are many reasons for conducting audits, but following are the four most frequent reasons
Regulatory compliance audits
In market sectors such as Financial, Behavioral Health, Medical, and Pharmaceutical, periodic audits are the norm and the guidelines are clear. In any given year, a Behavioral Health clinic in NY State, for instance may be required to undergo 4 separate audits including Medicaid, HIPAA, OMH (Office of Mental Health), and OASAS (Office of Alcohol and Substance Abuse Services). In many of these cases, the auditors show up unannounced or on very short notice.
Compliance audits aren’t technically management audits, but the scores on such audits are certainly a direct reflection of management’s performance. Would your policies, practices, procedures, and documentation measure up to the scrutiny to which a Behavioral Health clinic is subjected?
Performance audits or ‘What’s wrong with our IT operation?’
Often, members of the IT management and staff think they are doing a spectacular job but the customers and executive management disagree vehemently. In the worst cases, end users are preparing their pitchforks and torches in case the audit doesn’t bring about some positive performance outcomes. These audits are tough; the IT staff is defensive and they all assume that the consultants are there to fire them.
During these audits, employees sometimes resign even before the final report is released. This is unfortunate because poor performance is a reflection of management rather than staff. At other times, excellent employees leave because they have had their fill of ineffective management. Frustrations become bitter tears dripping on the conference room table, even from managers.
Sometimes, incoming executives want an X-Ray of organizational performance and requesting an audit is an intelligent professional move. They want a clear distinction between the previous management’s practices and their own and they use the final report to establish a program of organizational change.
IT is too expensive
Occasionally, IT audits are conducted because executive management considers the IT operation too expensive. They want an independent audit and a strategic plan that shows all the viable options.
4 tips for a lower stress audit
If the auditors are coming next week, there probably isn’t much you can do to improve the outcome, but there is plenty you can do to make the process more comfortable for everyone involved.
Answer binary questions with binary answers
When questions requiring a Yes or No answer are met with lengthy explanations, it is a clear indication of a problem. When I ask if you have documentation of your daily security log validation, just say yes or no! If you don’t have the required documentation, no amount of explanation is going the help. Also, I am not really interested that you are going to begin implementing your security program next month. Good for you, but I only care about what your actual practices are at the time I ask.
Don’t lie, embellish, or bury information
I always walk into audits and assessments taking a neutral, objective stance and I appreciate clients who don’t try to pre-program me. I will selectively ask for evidence or documentation for every statement you make and false statements will certainly damage your credibility. When subjects provide evasive or ambiguous answers, my inner Columbo puts on his trench coat. Equivocation and rationalization drive me to keep searching until I get the answer. Just tell the truth.
Instruct your staff to cooperate politely
I recall one compliance audit where a staff member served up every document request with a plate full of anger and hostility. The odd thing about it was that all her ducks were in a row, which is pretty unusual. So, why the anger? Don’t unleash it on the consultants.
I remember several engagements where the IT staff tried to tell me that their IP addressing schemes and Visio diagrams were secret. Huh? As soon as I retrieved my jaw from the floor, I went over their heads and arranged for delivery of the requested information. These events created suspicion and hostility that weren’t required.
In two organizations I contracted with, staff members claimed their Security Policies were secret! How does that work? These sorts of behaviors are indicators of significant departmental and organizational problems.
Prepare documentation in advance
All documentation including policies, procedures, infrastructure documentation, logs, hardware and software inventories, PSA system reports, etc. should be readily available for the consultants. They will ask to see it. I generally ask for all this information before I go on site for the first time and I am always appalled by the number of organizations that have none of the documents that are generally accepted to be components of a solid Information Technology Governance program. Sometimes these data dumps include reams of irrelevant information in the hope that I won’t find the smoking gun.
Auditing for organizational culture
I include a frank assessment of departmental and organizational culture in my reports and it is sometimes less than flattering. Delivering this information to executives and managers generally creates a tense silence while they try to chew and swallow that particularly tough piece of meat. They rarely argue because they know it’s true, but few have dared to state the obvious out loud. A realistic and objective assessment of company culture is required to address the root causes of problems. Bad management, inefficiency, malfeasance and incompetence have often been enabled for years before an audit is finally initiated. Interdepartmental politics, turf wars, jealousy, meddling and backstabbing all contribute to the problems at hand and managers throughout the organization are responsible.
In many cases, executives and managers have worked in large, bureaucratic organizations for their entire careers and they can’t see the signs of broken company culture. They think bad behavior and dysfunction are the norm.
The final report
If the final report is not a testimonial of glowing praise for your IT operation, I urge you to sit back and reflect carefully before lashing out. The report is a mixture of data, facts, and input from your coworkers and end users. I always base part of my conclusions on both formal and informal interviews with end users and managers from every department in an organization. What ends up in the report is a reflection of what your colleagues really think about your operation. My career started with a four-year stint in army intelligence and I actually do cross examine and interrogate. The natural inclination of some IT Directors is to argue and pick apart every statement and conclusion in the report, but this is definitely the wrong approach.
A nearby local government entity with which I am familiar recently received a failing audit from a state regulatory agency. It wasn’t a first-time fail and the endemic problems have been simmering for decades. Several executives from this entity made statements to the press that the audit “was a gotcha audit. It’s all about paperwork and there is nothing real here. We’re providing excellent services.” Talk about denial! I believe they will come to regret those statements since the infractions were extremely serious and they will likely have to return millions of dollars to Medicaid. They may call a missing signature “a gotcha,” but Medicaid calls it fraud. Their culture is so broken that they really need a turnaround expert and complete replacement of the management, but they haven’t reached rock bottom yet, apparently.
The correct response to a failing audit is to contemplate the report carefully and develop a proactive remediation plan immediately. Humility may save your job, but you can’t step off onto the recovery road until you admit you have a problem.
Ask for help. Operations that have been dysfunctional for years can’t be turned around overnight. Organizational culture may inhibit a turnaround and objective, external assistance may be required.
Listen to what your colleagues and objective auditors had to say and take it seriously. Don’t go swimmin’ in denial.
In Last week’s article we discussed some of the new evolving technologies that could – and are starting to – shape the future of EHS, this week we continue to discuss more technologies that have potential for being part of future EHS /OHS systems and software suites.
Beacons and Sensors
Beacons and sensors are devices that either broadcast data to nearby portable electronic devices, or detect events and changes in their environment and then correspond with the appropriate response
Beacons and sensors are already being widely used in many EHS applications, here is a look at some of the most frequent ones:
Safety Alerts. An example of thi would be a worker entering a hazardous area of where work is being done that releases chemical fumes. The worker can then be equipped with an electronic device that picks up the signal from a beacon. As a result, the worker receives an alert or reminder on the electronic device asking him to make sure he is wearing a specific piece of safety equipment.
Detection of hazardous Chemical Releases. A Sensor can detect that a chemical spill has taken place, and then send an alert in real-time to electronic devices carried by workers, warning them to stay away from that area or to take special safety precautions.
Equipment Performance Statuses. Sensors can monitor the real-time performance of equipment or assets, So if the equipment is not functioning correctly, or is about to malfunction, it can send a real-time alert to warn workers. LNS Research has written a lot about this and the link between Overall Equipment Effectiveness (OEE) and EHS.
Augmented Reality (AR)
Augmented Reality is a real-time direct or indirect view of a real-world environment whose elements are augmented or supplemented by computer-generated sensory input such as sound, video, graphics or GPS data. Games like the world-famous Pokémon Go are good examples of the use of AR. Some of the applications of Augmented Reality in EHS include:
Safety Smart Glasses. A pair of smart glasses can be programmed to view real-time environmental information such as airborne chemical and particulate concentrations, or oxygen levels in a confined space.
Virtual Safety Data Sheets. A worker scans a chemical storage area with a smartphone’s camera and the screen gets populated with virtual Safety Data Sheets (SDSs) above each chemical for convenient access to safety information.
Smart Helmets. A helmet can be equipped with a retractable visor capable of overlaying work instructions, system performance metrics, and temperature readings on the user’s field of view.
Virtual Reality (VR)
Virtual Reality is a technology that uses software to generate realistic images, sounds and other sensations that simulates a real environment, as well as the user’s physical presence in this environment by enabling the user to interact with this space and depicted objects.
Safety Training. Instead of traditional classroom training, pictures and video to educate workers about a hazardous environment, VR allows full immersion into the environment without having to leave the room. According to a study by Verdantix, having “real” experience before being actually exposed to a hazard is invaluable, and could reduce unsafe behaviors, incidents, injuries and fatalities.
As technology evolves everything evolves with it, and we can expect that a few years from now the EHS profession will look very different . Like all industries, Environmental Health & Safety softwares will also be affected by the emerging technologies that are changing fundamentally the way people perform their tasks.
Since technology evolves quickly, this is a good time to look at the other ways in which technology will change EHS. Rather than using buzzwords, or writing yet another article about a specific technology, we will share with you specific applications in EHS that have been talked about. Therefore you will already have a look into the technology-enabled future of EHS. The post is divided by technology area and includes examples of applications and links to articles.
Wearable are miniature computers or electronic devices that are worn by users. With Smartwatches and fitbit being the most known wearable devices. Let’s look at a few applications of wearables in EHS.
Reporting Incidents Using Smartwatches. A smartwatch can enable workers to report a near miss or an incident through speech recognition.
Smart Glasses. Since Smart Glasses came out many developers and software companies started creating applications for them, so of the applications of smart glasses in EHS are:
1) Displaying a list of work instructions to ensure that tasks are performed safely using both hands;
2) Recording or displaying videos of risky conditions that can lead to an incident;
3) Capturing a live video of a near miss or incident as it’s taking place, and using the video during the incident investigation.
Health-Monitoring Wearables. Wearables (belt, wrist band, etc.) monitor a worker’s vital signs (blood rate, temperature, blood pressure, breathing, etc.). If there is something abnormal, an alert is sent to the worker and/or his supervisor indicating that the worker may be under strain, which could increase the risk of incidents. As a result, the worker stops his activity.
Environment-Monitoring Wearables. Another similar application is where the wearable alerts the worker if he has a high exposure to hazardous chemicals, is exposed to toxic gases, or is exposed to unsafe noise levels.
Internet of Things (IoT)
The IoT is the internetworking of physical devices, vehicles, connected devices, smart devices, buildings and other items embedded with electronics, software, sensors and network connectivity that enable these objects to collect and exchange data.
Some scenarios make use of both wearables and the IoT, or beacons/sensors and the IoT. Therefore some items in this post under other sections could also have been placed in this section.
Let’s look at a few applications of the IoT in EHS:
Emissions Monitoring. Sensors monitor air emissions, collect data and send it over the Internet. The data can be used for reports, or to measure the environmental footprint of an enterprise throughout all facilities.
Water Management. According to Metcalfe, smart sensors that capture data will be used more often in water management, as opposed to water meters, because, as water becomes an increasingly scarce resource, there will be a greater need to monitor water in the natural environment.
Grid-Based Data Collection on Chemical Spills. Geographic information systems using grid-based data collections are also seeing progress. Collecting data using grids is less time-consuming than collecting data manually, Metcalfe says. For example, during a chemical spill, the areas where a chemical spill has occurred and that require an immediate cleanup response can be identified visually and more effectively.
Drones are currently being used in everything from food delivery to aerial inspection and monitoring. Let’s look at a couple of applications of drones in EHS.
Inspections. Drones can be used to inspect and identify problems, instead of putting human workers at risk during inspections, some of examples of this are:
Communication industries are increasingly using drones to inspect towers and antennas, instead of risking workers safety.
In the oil and gas industry, drones can inspect flare stack heads, and detect and locate leaks.
Many construction businesses has started using drones to perform roadway inspections.
Drones could be used to identify problems in enclosed areas, for example in sewers, before workers are sent into a potentially hazardous situation.
In addition to the scenarios above, another application would consist of using drones to monitor and inspect vast networks composed of thousands of kilometers of pipelines in the oil and gas industry.
Work at Elevation. The EHS Daily Advisor article also raises the possibility that drones could eventually be designed to perform the same work that robots currently do, but at elevation (e.g. welding, drilling), thus reducing the need to expose workers to fall hazards.