Neven Zitek How do you find out that there is an issue with your IT infrastructure and/or services? If your answer exclusively relies on end-users reporting issues to the Service Desk, you may want to learn more about an interesting ITIL Service Operations chapter – Event Management.
Monitoring is not Event Management
An event can be defined as any detectable or discernible occurrence that has significance for the management of the IT Infrastructure (or the delivery of IT service). Event Management is responsible for the evaluation of the impact a deviation might cause to the services. Events are typically notifications created by an IT service, Configuration Item (CI), or monitoring tool.
Figure 1 – From an event to the root cause (problem)
Therefore, simply establishing monitoring capabilities doesn’t mean that you have Event Management, but there is no Event Management without effective monitoring.
There are two types of monitoring systems:
- Active monitoring system – tools that poll CIs in order to determine their status
- Passive monitoring system – tools that detect and correlate alerts or communications already generated by CIs
Event Management objectives
The ability to detect events, make sense of them, and determine the appropriate control action is provided by Event Management. Therefore, Event Management is often referred to as the entry point for the execution of many Service Operation processes and activities. In addition, it provides a way of comparing actual performance and behavior against design standards and Service Level Agreements.
Event Management objectives include:
- Providing the ability to detect, interpret, and initiate appropriate action for events.
- Serving as the basis for operational monitoring and control, and the entry point for many Service Operation activities.
- Providing operational information, as well as warnings and exceptions, to aid automation.
- Supporting continual service improvement activities of service assurance and reporting, and service improvement.
The scope of Event Management
Event Management can be applied to any aspect of service management that needs to be controlled and which can be automated. These include:
- Configuration Items (CIs):
- Some CIs will be included because they need to stay in a constant state.
- Some CIs will be included because their status needs to change frequently, and Event Management can be used to automate this and update the CMS.
- Environmental conditions (e.g., fire and smoke detection).
- Software license monitoring for usage to ensure optimum/legal license utilization and allocation.
- Security (e.g., intrusion detection).
- Normal activity (e.g., tracking the use of an application or the performance of a server).
Event Management’s value to the organization
In some cases, Event Management’s value to the organization is generally indirect, but in most cases it directly:
- provides mechanisms for early detection of incidents. It is possible for the incident to be detected and assigned to the appropriate group for action, before any actual service outage occurs.
- enables some types of automated activity to be monitored by exception, thus removing the need for expensive and resource-intensive real-time monitoring.
- benefits other (than Incident Management) processes. When integrated into other service management processes (e.g., availability or capacity management), Event Management can signal status changes or exceptions that allow the appropriate person or team to perform early response. This will allow the business to benefit from more effective and more efficient service management overall.
- provides a basis for automated operations, by increasing efficiencies and allowing expensive human resources to be used for more innovative work, such as designing new or improved functionality or defining new ways in which the business can exploit technology for increased competitive advantage.
Event Management may literally save lives
Within one of the previous articles: Communication inside IT Service Management team – setup of joint vocabulary and criteria, we looked into the realm of space flight and good service management practices on the Apollo 13 flight. After the catastrophic explosion in one of the oxygen tanks in the Command module, the crew of three astronauts was moved into a lunar lander designed for two. This decision saved their lives, but at the same time it almost led to their doom; three people breathing within the lunar lander generated too much CO2 for the filters to eliminate, and they almost died of CO2 poisoning. Luckily, the rise of CO2 was recorded in time, thanks to the monitoring systems installed, and a workaround was implemented before the worst happened.
Running IT operations with effective Event Management is very similar – you can predict and prevent the worst-case scenario from happening by collecting and interpreting vital information regarding the system or service you’re responsible for.
To implement ISO 20000 easily and efficiently, use our ISO 20000 Documentation Toolkit that provides step-by-step guidance for full ISO 20000 compliance.
