We all know that not being aware of technology issues or receiving late
and unclear alerts could create a number of challenges in managing IT operations and the
business continuity. Efficient incident management is key to continuity
operational of your company.
These challenges and issues include:
- Prolonged downtime: Disruptions in business operations, which can result in lost productivity and revenue.
- Data loss: Serious consequences on regulatory compliance and customer reliability.
- High recovery costs: When detection is not timely, more resources and time are needed to solve problems.
- Damaged reputation and stress: Failures can affect customer satisfaction and increase pressure on IT staff.
- Non-compliance with SLA: Legal or financial consequences.
Before addressing how to calculate the time you spend on IT incident management, it is
It is crucial to understand the stages involved from the time a technological problem occurs to the time when it
- Incident detection, using monitoring tool.
- Alert prioritization and who resolves that type of alert.
- A notification is triggered by sending an e-mail, message or call.
- Gathering of information, scaling up with resolution teams.
- Actions of the resolution team and creation of tickets.
- Solution to the problem.
We are going to the times that determine the overall incident management time, the
which you should have calculated and if you don’t have them now you will learn how to do it.
- Detection time.
- Notification time.
- Solution time.
This is the period from the time the technological failure arises until it is detected. This information is
you can get from your monitoring tool in the alert detail.
It is the time that elapses from the time a first notification is issued to the time the decision maker
really takes it for granted to solve. This data can be obtained from your NOC or tool.
of notification. Helps you to validate the effectiveness of the notification so that the resolver actually
pay attention to the alert and do not go unnoticed as just another email.
Period of time between the time the resolver is notified to settle until
really solves the problem.
Example How to measure these times.
1. Using a monitoring tool, in this case we will use Nagios as an example. We are looking for
the time at which the incident was detected that we will use throughout this example.
2. For the notification, check the time of the first notification in your
IT incidents or in the NOC. If you only have a monitoring tool, check from there when you
executed some mail.
3. To continue with our example, we will see in a simpler way the notification time in
our 24Cevent IT incident management platform.
4. With these two data you can calculate your detection time:
(Time of detection) = (Time IT incident starts) – (Time of first notification).
5. In order to calculate the notification time, we consider that the resolver receives an initial
notification by mail, but actually pays attention by call and confirms that it is going to
6. As in our example we are using 24Cevent, we go to the history of the incident and
we will see the time at which the resolutor confirmed the notification.
7. With this data we can obtain the notification time.
(Notification time) = (Time of confirmation) – (Time of first notification).
8. Finally, the solution time is calculated by subtracting the solution time from the time of
confirmation of notification.
9. With this data, we can use the following formula:
(Time of resolution) = (Time the incident is considered resolved) – (Time the incident is confirmed as resolved) – (Time the incident is confirmed as resolved)
10. Note that it is essential to average these times from at least 10 alerts.
different to obtain a more representative picture of the overall resolution time.
We also leave you other ways to calculate IT incident management indicators:
- Time from failure to repair
MTTR = Total time spent on repairs ÷ number of repairs.
- Measures responsiveness.
MTTA = Total time elapsed between alert and acknowledgement / total number of incidents.
How would the times be rated?
There is no universal average time, but 10 years of experience in the field
we could say that:
Detection time: if you have a well-managed monitoring system, the detection time will be reduced to a minimum.
should be 0 minutes, since the solution should instantly detect technological problems, and if
are indirect should create logics to maintain instant detection.
Notification time: notification time should be less than 1 minute for alerts.
and for minor alerts, the alert confirmation period may increase the time required to confirm the alert.
notification time in hours, we recommend no more than 12 hours.
Solution time: the solution time is variable within the technological processes and
organizational structure of each company. If the resolver is notified, the resolver should address a solution.
instantly taking 1 hour app, but if the solution is complex, it involves more people the time
could increase hours or 3 days.
If you want to have a notifier that does these calculations for you, talking with your tool
monitoring. We invite you to try an online demo of 24Cevent solution, you will find out for yourself
how to manage IT incidents in a simple and fast way.