Netspective Communications LLC uses a proper escalation process to identify, manage, and take corrective actions related to issues. The organization assigns escalated issues to staff members with higher technical knowledge or authority than lower-level staff members. Netspective Communications LLC only escalates an issue when all avenues have been exhausted at the lower levels within the organization. [FII-SCF-013-IRO-10]
Before using SL1 to manage event escalation, Netspective Communications LLC follows certain business processes or standard operating procedures, such as:
- Collecting and identifying critical, major, and minor events.
- Customizing events, if necessary, to meet business requirements, such as service level agreements (SLAs).
- Identifying the technical and business units that should be involved in event escalation.
Identifying Critical, Major and Minor events
SL1 categorizes events by severity as follows:
- Critical Events that can seriously impair or curtail service and require immediate attention (such as service or system outages).
- Major Events that impacts service and requires immediate investigation.
- Minor Events that does not currently impair service, but needs to be corrected before it becomes more severe.
- Notice Events that does not affect service but about which users should be aware.
Event Escalation
- Operation staff: Initially handles events.
- Security Engineer: Receives escalated events if the Operations staff does not acknowledge or resolve an event within a predetermined timespan.
- Project Manager: Receives escalated events if the Security Engineer does not acknowledge or resolve an event within a predetermined timespan.
- Senior Project Manager: Receives escalated events if the Project Manager does not acknowledge or resolve an event within a predetermined timespan.
- Devops Manager: Receives escalated events if the Senior Project Manager does not acknowledge or resolve an event within a predetermined timespan.
The Event Escalation process comprises of at least three processes:
- Acknowledgment: A user acknowledges an event by investigating or taking action on the event. Once acknowledged, the user name appears in the Acknowledged column for the event on the Event Console page. The acknowledging user may also suppress the event to prevent it from appearing in the Event Console again, if it occurs on the same device.
- Incident Response: After an event has been acknowledged (and optionally suppressed), ScienceLogic Ticketing or another incident response tool can be used to monitor and document the actions required to resolve the event. For more information on managing incident response in SL1, refer to the Incident Management manual.
- Resolution: When an event has been resolved, the resolving user can un-suppress the event and clear it from the Event Console. Clearing the event removes a single instance of the event from the system. If the event occurs again on the same device, it will reappear in the Event Console. The resolution process ensures that the event will not occur again on the same device.
Escalation Process for Clearing Events [FII-SCF-007-MON-01.2]