Why Incident Triage is a Key Element in Your MTTR
September 20, 2021

Yoram Pollack
BigPanda

Share this

One of the key performance indicators for IT Ops is MTTR (Mean-Time-To-Resolution). MTTR essentially measures the length of your incident management lifecycle: from detection; through assignment, triage and investigation; to remediation and resolution. IT Ops teams strive to shorten their incident management lifecycle and lower their MTTR, to meet their SLAs and maintain healthy infrastructures and services. But that's often easier said than done, with incident triage being a key factor in that challenge.


Why Incident Triage is Critical for Lowering MTTR

One of the main side effects of today's increasingly complex, hybrid and constantly changing IT environments is the proliferation of disparate ops teams, tools, apps and environments. This in turn leads to high volumes of IT incidents that lack full business context.

As a result, it has become increasingly difficult for first incident responders to triage incoming incidents: Without the ability to understand the incidents' severity based on their business priorities and their impact on services or customers, their routing information, and more — IT Ops teams often waste valuable time determining what to do next, and in doing so, lengthen the incident management lifecycle.

In essence, incident triage has grown to play a key role in determining MTTR in modern, hybrid environments.

Manual Incident Triage Can Be Painful

Because different applications and services have different impacts on customers, availability and revenue, when several incidents occur at the same time it is imperative for incident responders in IT Ops and NOC teams to identify the priority in which these incidents need to be dealt with, and how best to deal with each of them. For teams to be able to rapidly perform this triage, they need access to critical business context and business metrics:

■ The business severity of each incident

■ The services each of them impact

■ Whom to route them to

■ In which priority to do so

■ And other context based on the organization's relevant processes and services.

Without easy access to this information, the teams waste precious time tracking down relevant spreadsheets, runbooks, and other sources of tribal knowledge, as well as manually calculating the business metrics needed to help them understand the incidents' implications.

The more time that is spent on these manual steps, the longer the incident triage lasts.

And the longer that takes, the higher the probability that SLAs are violated, MTTR is kept high, and costs associated with high MTTR rapidly increase.

The solution? Automating incident triage.

Automating Incident Triage

Incident triage can be automated by following several key guidelines:

■ The first step is to allow relevant business context information to reside on the incident level, rather than on the alert level. This can be done by creating custom tags for incidents that can hold this information and be acted upon (filtering, sorting etc).

■ The next step is to create simple yet robust formulas that allow operators to automatically calculate the values and metrics held by these tags. For example — calculate the SLA values in an SLA tag, based on the customer and the service to which the incident is referring. By automatically calculating the values and attaching them to the incident by using tags, the need to search for this information manually within tribal knowledge sources is eliminated, as is the need to calculate the values manually when the incident happens.

■ Now — provide filtering and sorting capabilities based on these tag values, and facilitate effective visualization of these tags alongside the incidents, so teams can easily make decisions and act on the incidents based on what they are seeing.

■ Finally — allow routing automation based on the tag values, so large volumes of incidents can be dealt with by relevant teams or automated resolution processes.


The Short and Long Term Advantages of Automating Incident Triage

The first advantage of incident triage automation is self-evident in all that was just discussed, mainly a shorter incident lifecycle — leading to improved performance and availability for apps and services. It's simple — lower MTTR equals better service.

But let's not forget two additional, substantial gains.

First — improved NOC productivity. By providing the above-mentioned capabilities, a substantial part of the incident lifecycle becomes simpler, and teams can collaborate better — lowering stress and effort across the board. Over time, the collected information can also be used for ongoing improvements in tools and processes.

And second — reclaimed FTE hours, an often “hidden” cost-reducer and revenue-generator. By reclaiming thousands of operational “fire-fighting” man-hours and utilizing them to improve and develop new services, enterprises not only reduce costs but also accelerate their business.

At BigPanda, we recently released our Automatic Incident Triage capability for our Event Correlation and Automation platform, which significantly simplifies and shortens incident triage by automatically adding actionable business context to incidents. Visit our website to learn more.

Yoram Pollack is Director of Product Marketing at BigPanda
Share this

The Latest

June 29, 2022

When it comes to AIOps predictions, there's no question of AI's value in predictive intelligence and faster problem resolution for IT teams. In fact, Gartner has reported that there is no future for IT Operations without AIOps. So, where is AIOps headed in five years? Here's what the vendors and thought leaders in the AIOps space had to share ...

June 27, 2022

A new study by OpsRamp on the state of the Managed Service Providers (MSP) market concludes that MSPs face a market of bountiful opportunities but must prepare for this growth by embracing complex technologies like hybrid cloud management, root cause analysis and automation ...

June 27, 2022

Hybrid work adoption and the accelerated pace of digital transformation are driving an increasing need for automation and site reliability engineering (SRE) practices, according to new research. In a new survey almost half of respondents (48.2%) said automation is a way to decrease Mean Time to Resolution/Repair (MTTR) and improve service management ...

June 23, 2022

Digital businesses don't invest in monitoring for monitoring's sake. They do it to make the business run better. Every dollar spent on observability — every hour your team spends using monitoring tools or responding to what they reveal — should tie back directly to business outcomes: conversions, revenues, brand equity. If they don't? You might be missing the forest for the trees ...

June 22, 2022

Every day, companies are missing customer experience (CX) "red flags" because they don't have the tools to observe CX processes or metrics. Even basic errors or defects in automated customer interactions are left undetected for days, weeks or months, leading to widespread customer dissatisfaction. In fact, poor CX and digital technology investments are costing enterprises billions of dollars in lost potential revenue ...

June 21, 2022

Organizations are moving to microservices and cloud native architectures at an increasing pace. The primary incentive for these transformation projects is typically to increase the agility and velocity of software release and product innovation. These dynamic systems, however, are far more complex to manage and monitor, and they generate far higher data volumes ...

June 16, 2022

Global IT teams adapted to remote work in 2021, resolving employee tickets 23% faster than the year before as overall resolution time for IT tickets went down by 7 hours, according to the Freshservice Service Management Benchmark Report from Freshworks ...

June 15, 2022

Once upon a time data lived in the data center. Now data lives everywhere. All this signals the need for a new approach to data management, a next-gen solution ...

June 14, 2022

Findings from the 2022 State of Edge Messaging Report from Ably and Coleman Parkes Research show that most organizations (65%) that have built edge messaging capabilities in house have experienced an outage or significant downtime in the last 12-18 months. Most of the current in-house real-time messaging services aren't cutting it ...

June 13, 2022
Today's users want a complete digital experience when dealing with a software product or system. They are not content with the page load speeds or features alone but want the software to perform optimally in an omnichannel environment comprising multiple platforms, browsers, devices, and networks. This calls into question the role of load testing services to check whether the given software under testing can perform optimally when subjected to peak load ...