The Six Questions to Ask Yourself about ITIL Event Management

Six-Questions-ITIL-Event-Mgt472017418BlogWhen setting up an event management process, it is very important that a service provider is able to answer the following six questions. Failure to effectively answer these questions often results in an event management process that does more harm than good.

Question One — What Needs to be Monitored?
In order to conduct event management effectively, the service provider must be able to answer exactly what is to be monitored. Different technologies are often monitored in different ways, using different tools. Having worked for part of my career in a team that configured various aspects of monitoring in an IT environment, I can tell you that many times people throughout the organization would come to us with a request for monitoring, but as we dug into the request we’d find that they truly had no idea what they were trying to monitor. Without knowing what you want to monitor, it’s impossible to do event management.

Question Two — What Type of Monitoring is Required?
Once a service provider knows what needs to be monitored, then the different types of monitoring can be investigated. For example, is active or passive monitoring required? While active monitoring might notify a service provider of a fault before a user experiences it, it also causes a load to be generated on a configuration item. Passive monitoring, on the other hand, might minimize the load on a configuration item, but generally only makes a service provider aware of a fault after it has impacted a user. Without making a decision about what type of monitoring is required while considering the situation holistically, the service provider risks making a decision that could have a downstream impact on the quality of its services.

Question Three — When Should an Event be Generated?
Once the type of monitoring is determined, then the service provider can decide when an event is generated. To understand the importance of this, consider a car alarm an event management mechanism. I’ve always felt that car alarms are an ineffective form of event management, because when they trigger events they do it repeatedly and in such a way that people develop a tolerance and eventually ignore them. Event management in an IT environment suffers from similar constraints, as when an event is generated can have a significant impact on how that event is handled and how it helps the organization deliver its services. Without deciding when events are generated, the service provider risks creating events at inappropriate times that are ultimately ignored.

Question Four — What Information Needs to be Communicated with the Event?
Once a service provider knows when it will generate events, what then must be decided is what information is communicated when the event occurs. Everyone has an experience using a PC operating system that occasionally generates error messages that contain meaningless information that does not help the user resolve whatever issue might have occurred. This is why a service provider must think through what information is communicated with an event, so that those who receive the event know what type of action, if any, must be taken in response to the event.

Question Five — Who Will the Message be Delivered to?
Events should only be sent to those who are responsible for action. Again, using the example of a car alarm as ineffective event management, consider when a car alarm sounds. Usually those who hear it do nothing. The reason is because those people are not responsible for the event. Responsibility, in order to work effectively in an organization, must be clearly defined. When it’s not clearly defined, diffusion of responsibility occurs and no one takes action on an event because everyone assumes that someone else is taking action. If a service provider can’t define who will take action on an event when it occurs, then it is very difficult to determine who the appropriate party will be to receive the event.

Question Six — Who Will be Responsible for Communicating and Taking the Necessary Follow-up Actions?
Once a service provider defines to whom the message is delivered, then who takes the necessary follow-up actions can be identified. While an event might be sent to one person or group, that person or group might perform additional activities that trigger action from another person or group. Therefore, defining the follow-up actions associated with an event, and who communicates and takes them, is of paramount importance. In the absence of doing this, an event is likely to sit without action and become stale.

In this post we discussed six relevant questions associated with event management that are detailed in the “ITIL Service Operation” book. In order to establish effective event management, an organization must be able to answer all six questions for every event that it generates.

Related Courses
ITIL Foundation
ITIL Awareness

In this article

Join the Conversation