Posted: Tue Jun 25, 2013 7:49 pm Post subject: ITIL Service Request or Incident: Account Lockouts
Should AD Account Lockouts by logged as an Incident or Request?
This week there has been a divide on the IT Service Desk I work on were some of us think when a customer locks out their account and asks us to unlocked the account “Account Lock Outs” it should be logged as an incident and others think “Account Lock Outs” should be logged as a Service Requests.
I guess the first thing we have to look at are the definitions a “Service Requests” and the definitions of an “Incident”.
Both Incidents and Requests fall into the “Service Operation”.
Incident: An unplanned interruption to an IT Service, reduction in the quality of an IT Service, Failure of a configuration that has not yet impacted a service
Requests: Provides a mechanism for customers to request and pre-define, pre-authorised stand services. Access to a service
Now my argument is:
An "Account lockout" should logged as a Service Request because it is a "planned interruption", it is meant to happen when a customer locks out their account, it is not our fault that the customer has locked out their account
Customers do argue the case:
"I did not enter the password incorrectly 5 times"
What do you all think? Please could you justify your answer if possible?
Joined: Sep 16, 2006 Posts: 3477 Location: London, UK
Posted: Tue Jun 25, 2013 8:50 pm Post subject:
Is not the user's service interrupted when his account is locked out ?
This is one of those - Am I fat in this dress - questions. There is really no good answer as it can be answered bot as an Incident - ie account locked out because user cant type password and a service request - customer/ user asking for the account to be reset so that they can use it
It all depends on how the issue is resolved. If it requires action on your part - over and over and over - make it an incident so that you can track it better - ie against the user
If it is merely a click and it is unlocked - automate _________________ John Hardesty
ITSM Manager's Certificate (Red Badge)
Change Management is POWER & CONTROL. /....evil laughter
Posted: Wed Jun 26, 2013 11:48 am Post subject: I think Incident
Yes, I agree with UKVIKING, its all depends on how you look at it.
Its like chicken first or egg first scenario. But IMO its Incident
I think if we go by sequence of action, it should be Incident first as user is not able to log in to the system. From the user perspective, they are not able to access services and they want this to be corrected ASAP,so they want us to logged in as Incident.
And if the cause behind account lock , it could be any reason not only 5 wrong passwords, it could be like his permission changed at back end due to some other service request and he is not aware of it or like some issue at DB level to get authentication failed error or password expired or somebody stolen his password anything.
Its depends on reason behind account locked i.e. user is trying to logged in after several days and his password got expired(then its SR) or user is confident that his password is correct but still not able to logged in(then Incident)
But the first point is he is not able to log in and hence service is interrupted so its Incident _________________ ITIL® Expert
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum