9 Steps to Better Incident Classification

Incident classification is one of the most important and most difficult aspects of ITIL to implement. The benefits far outweigh the managerial challenges involved.

Through Incident Classification and Initial Support, Service Desk staff aims to determine the reason for an Incident, and how to route it for resolution.

The IT Infrastructure Library (ITIL®) spends considerable time discussing classification. There are many free forms and checklists available, and most automated systems offer built-in assistance with classification.

Yet many IT organizations struggle with classification, and "unknown" or "other" is often the most common classification -- indicating the classification process has failed.

Such Incidents tend to bounce from group to group and suffer many escalations and transfers. These "bouncing" Incidents consume significant organizational resources and inflict poor service on Users and Customers.

Luckily, there are several quick-and-easy fixes for this problem. Following I describe 9 simple steps to improving Incident Classification and offer a simple classification scheme.

About Classification

All classification boils down to trying to understand and identify what systems are impacted and to what degree. In this article, I focus on classification and leave the topic of assigning a priority to a later date.

Effective Incident classification aids in routing the Incident to the correct team on the first try. Why is classification often done incorrectly, even with all the resources, tools and time dedicated to the subject?

Incident classification starts to go wrong when diagnostic scripts (scripts) become too complex. While extremely valuable, scripts require diligent management effort. However, trying to collect massive amounts of data through dozens of questions slows the process down, complicates the workflow, and results in incomplete classification. A simple observation is to keep your diagnostic scripts as simple and purposeful as possible.

Checklist for Improving Incident Classification

To simply the classification process, improve its efficiency and begin to reign in those "unknown bouncing Incident" consider the following:

Simple Classification Scheme

Configuration Items (CI) form the basis of all classification. The question is one of depth. Often classification takes one of two tacks:

  1. Classifying based on the physical CI (e.g., Workstation, Software application, etc.)
  2. Classification based on IT service CI (e.g., Order Entry, Internet, etc.)

At a minimum, your classification should operate on physical CI. As you mature (that is, have more defined Service Level Management) you can expand into affected IT service as well. An effective and simple classification scheme:

  1. Type
  2. Category
  3. Sub-category

The Type field is to concentrate the required support by the kind of Incident. [Often this is where prioritization begins as well.] There are three basic kinds of Service Desk interactions described in the ITIL:

1) Fault/failure, 2) Service Request (ITIL's Request Fulfillment Process), 3) Assistance/Inquiry

The Category field is to select a technology domain of expertise. Try to keep the Category field down to as few major areas as possible. Since we are going to base of system on physical CIs (to start), then a simple list of ITIL CI types like the following is good:

The Sub-category drives the specific group within the technology expertise domain identified by the Category. Entries here are quite specific to your organization. Here again it is best to keep the list as small as possible while still routing effectively. Some examples here might be

The output of such a system might look like this:

Note how the user reported symptom is included in the notes, but that the diagnosis is based on CI. Such a system is easy to develop, easy to script, and easy to implement. It is also going to be quite effective at routing Incidents properly.

Benefits of Effective Classification

Successful Categorization helps in many ways, here are a few of them:

  1. Quickly find solutions (workarounds and/or fixes) to Incidents
  2. Properly route Incidents to the correct support group
  3. Gather sufficient data to speed diagnoses by nth level support
  4. Aids Problem Management in building and maintaining a knowledge base
  5. Improves efficiency of technical/functional groups
  6. Enhances Customer satisfactions
  7. Increases User productivity
  8. Builds maturity toward more proactive operations


Incident classification is one of the most important and most difficult aspects of ITIL to implement. The benefits far outweigh the managerial challenges involved.

Related programs

Related articles