In this tutorial, we will discuss the ITIL Event Management Process. In this chapter, you will learn - What is an Event in ITIL? What are the ITIL Event Management Tools? and the Definition, Objective, Scope, Activities, Roles, and Sub-Process of Event Management - ITIL V3 Process.
What is ITIL Event Management Process?
The Event Management is one of the main processes under Service Operation module of IT Service Management (ITSM) framework.
In order to word Properly, ITIL Event Management depends on continuous monitoring of the status of every CI.
It is responsible for generating and detecting notifications, while continuously monitoring the status of components even when no events are occurring. It also helps to categorize events and defines processes for taking appropriate actions when an event occurs.
ITIL Event Management Process has the responsibility to communicate every event details to appropriate functions responsible for the processing of that event. Almost all of the activities of this process are carried out by Service Desk and IT Operations Management (especially IT Operations Control) functions.
What is an Event in ITIL?
According to ITIL v3, an Event is defined as the detectable occurrence of a change of state and has significance for the management of the IT Infrastructure or the delivery of IT service.
Events are typically created by IT Services, Configuration Item (CI), or the monitoring tools. In ITIL events are managed dedicatedly by the Event Management process.
What are the Types of Events in ITIL?
ITIL v3, divides events into three categories, on the basis of the severity of events, those are as follows:
i) Informational (INFO):
These are generated purely for informational purpose and generally, denote successful completion of a task.
These are the type of event that does not require any immediate action and does not represent an exception. These are stored in the log files for a predetermined period of time.
This type of event is used to check the status of a device, service, or to confirm the state of a task. For example, the event of a user login, batch job completed, and completion of a successful backup etc.
ii) Warning (WARN / ALERT):
This type of event is generated when a device or service is reaching a threshold limit.
This type of warning is intended to notify the appropriate team or tool for taking necessary actions to prevent an exception from occurring.
Examples of warnings are: Scheduled backups are not running, or CPU utilization of a server reaching within 10% of threshold limit.
iii) Exception (ERROR):
It signifies that a threshold limit for a service or component performance is breached.
This (Exception/Error) means that the service or component is experiencing a failure, performance degradations or loss of functionality, and impacting the business operation.
Some examples of this event type are Server down or a backup is failed etc.
ITIL Event Management Objective and Purpose:
The primary objective of ITIL Event Management Process is to ensure that the Configuration Items (CIs) and services are constantly monitored.
This process aims to filter and categorize Events so that appropriate actions can be taken if required.
The Purpose and scope of Event Management (ITIL V3) process are listed below:
- Detect & investigate any change of state that has significance for the management of a CI or IT services.
- Provide a means for early detection of incidents
- Decide the appropriate actions for events, and ensure these are communicated to the appropriate functions.
- Provide the trigger, or entry point, for the execution of many service management activities.
- Provide a mechanism to compare actual operating performance against design standards and SLAs.
- Provide a basis for service assurance, reporting and service improvement.
ITIL Event Management Scope:
The scope of Event Management (ITIL V3) covers every aspect of service management that can be automated and requires to be controlled. These include:
- Configuration Items (CIs): Includes CI's that need to be continuously monitored to identify any status change.
- Environmental conditions (e.g., fire, temperature, humidity, smoke detection etc).
- Software license: monitor the usage to ensure optimum/legal license allocation and utilization.
- Security (e.g., intrusion detection).
- Normal activity and informational events (e.g., tracking the performance of a server, Memory utilization, tracking use of an application etc).
To comply with the above scope, ITIL Event Management process bounds itself with the Incident Management, Change Management, and Configuration Management processes of Service Design Stage.
Moreover, the event signal generated by this process is an important input to the Service Assurance and Service Reporting process of ITIL Continual Service Improvement module.
Below are some of the tools and triggers that are used by ITIL Event Management to detect the event occurrence, determine the event priority, and take necessary actions.
ITIL Event Management Tools - Event Monitoring Tools:
As defined by ITIL v3, Event monitoring tools (or Event Management tools) are categorized into two major types:
(i) Active Monitoring Tool: This type of tool, proactively polls key CIs to determine their current status and availability. Any deviation from normal state generates an alert and communicates to the appropriate tool or team for action.
(ii) Passive Monitoring Tool: This type of tool is used to detect and correlate operational alerts or communications generated by CIs. This type of toll does not monitor CIs proactively, instead waits for alert signals that are to be generated by CIs.
ITIL Event Management Triggers and Aspects:
The ITIL Event Management Process can be applied to the following aspects. In another way it can be stated that any deviations in the following items are triggers of Event Management:
- Configuration Items (CIs)
- IT & Infrastructure Security
- Environment Conditions (fire, smoke detections etc)
- Normal activity (tracking the use of a service or utilization of a server)
- Software license monitoring for usage (to ensure legal license utilization and allocation)
Benefits of Event Management:
From organization's perspective, there are lots of advantages or benefits of Event Management process. Some of the top benefits are listed below:
Establish mechanisms for early detection of incidents: With event management in place, It is possible to detect any incident at the early stage; thus reduces the issue response time.
Enables automated real-time monitoring of services, devices, and components.
If integrated properly, it can benefit other processes, such as availability management or capacity management, by reporting any status changes or exceptions that need immediate attention. This can improve the overall service quality throughout the service management lifecycle.
Establishes a solid foundation for automated operations. It helps the organization to utilize the expensive human resources to perform more innovative work, such as designing a new or improved service/functionality.
ITIL Event Management Sub-Process:
As defined, Event Management (ITIL V3) has 4 sub-processes operating under it. The objectives and short descriptions of those sub-processes are given below, followed by a diagram describing the ITIL Event Management Process Flow and activities:
1) Event Monitoring and Notification:
This sub-process is used to set up and maintain the mechanisms for monitoring of events, notifying stakeholders in case an event occurs, and determining rules for event filtering and correlating.
2) Event Filtering and 1st Level Correlation:
Used to filter out Events that are simply informational and can be ignored. It also communicates any Warning and Exception Events to the next level.
3) 2nd Level Correlation and Response Selection:
This is the most vital sub-process of Event Management. It is responsible for interpreting the severity & category of an Event and then selects a suitable response if required. Usually, it involves transferring logged events to other 1st level support teams.
[Check Out: 1st Level Support in Incident Management]
4) Event Review and Closure:
This sub-process is used to check if Events have been handled appropriately and ensures the closure of event. It also makes sure that Event logs are analyzed in order to identify trends or patterns, and then suggests corrective actions if required.
Refer to the below image, which shows the activities & sub-processes of this process:
ITIL Event Management Activities:
As shown in the above event activity flow diagram, the ITIL Event Management Process consists of several activities defined for each individual service/components.
These activities are defined in the Service Design phase while designing the specified service/component but are carried out under the Event Management process of Service Operation.
- Event occurrence:
Events may occur anytime, i.e. - 24 x 7 x 365. In ITIL Event Management, the key is to detect and categorize event according to their significance. - Event Notification:
Notifications are typically sent by event monitoring tools, event management tools, or CIs (configuration items). At this early stage, these are sent as a simple notification that an event has occurred - and have typically not yet been analyzed to understand the meaning or impact. - Event Detection:
In this stage, an automated agent, monitoring system, or systems management solution receives the notification and finds out the meaning and impact of the event. - Event Logging:
A record of the event is created in the service management tool, along with details of any subsequent actions taken. This may be done by your event management tool, or by the individual applications / services / components that triggered the event. - Event Filtering and Correlation:
This step decides whether the event can be ignored, or if it needs to be transferred to the events management system? Often, information event types are ignored, whereas warnings and exceptions event type require additional actions to be performed. So the first step - called the "first-level correlation and filtering", is simply filtering which events should be ignored. The 2nd level correlation is to determine the priority, severity, and category of the event. - Event Response / Further Action:
ITIL recommends that all events (and responses) should be logged. Additionally, based on the event type and severity, the correlation engine has to decide if the event has to be escalated to a team or individual, and if an incident, problem, or change recordneeds to be created. - Closing the Event:
An event can be marked as “closed” in the event management system by ensuring that the event was properly logged, subsequent actions has been taken thereafter, and the issue is resolved by the respective team. If necessary the closure information may include a link to the corresponding incident, problem, or change request that has been generated.
Important Terminologies and Definitions:
Event Categorization Scheme:
- The Categorization Scheme denotes a consistent approach to dealing with specific types of Events by categorizing them as per severity.
Event Filtering and Correlation Rules:
- Rules and criteria used to determine the priority of an event and to decide upon an appropriate response.
- Although the Event Filtering and Correlation Rules are defined at Service Design Phase, it's typically used by Event Monitoring systems as a triggering criterion.
- For Example, an event would be triggered as Alert when the applications memory utilization crosses 75%.
Event Record:
- A record describing a change of state which has an impact on a Configuration Item or service.
- Sometimes it is also called only as an Event.
Event Trends and Patterns:
- Any trends and patterns identified during analysis of Event logs, which suggests that improvements to the infrastructure are needed.
ITIL Event Management Roles and Responsibilities:
IT Operations Manager:
- IT Operations Manager role is the Process Owner of Event Management process.
- The IT Operations Manager takes the overall responsibility for multiple Service Operation processes and functions.
- Within ITIL Event Management process, this role ensures that all day-to-day operational activities are carried out in a timely and reliable way.
IT Operator:
- IT Operators are the staffs who perform the day-to-day operational activities.
- The responsibilities of IT Operators include performing backups, ensuring that scheduled jobs are performed, installing standard equipment in the data center etc.
We hope that you have enjoyed the above article describing what is an event, types of event, and the ITIL Event Management Process. Be with us to explore free training on Leading Technologies and Certifications.
Leave us some comments if you have any question or doubts about Event Management (ITIL V3), we would be happy to help you.
If you like our articles please like our facebook and twitter page to receive notifications on recent and updated contents.
