What Controls The Priority Of An Incident?
Most people don’t realize how important the Priority of an incident is, or what it truly means.
The priority of an incident is controlled by it’s impact and urgency. A combination of these two field values is calculated to return the priority value. The priority is typically read only and dictates important metrics related to Response and Resolution SLA’s.
The Impact measures how “impactful” and how many teams the specific incident has reached. Is it an incident that only impacts the use of a small team, or is the entire company being affected?
The Urgency measures how quickly action needs to be taken by the IT team that is resolving the issue. Is this something that can wait a couple of days, or do we need to escalate this to the engineers because an important system is completely down.
The Priority Matrix is just a combination of impact and urgency equalling a priority. If both are low, we have a low priority (P4 or P5). If both are high, then we have a high priority (P1 or P2). If they’re a mix or somewhere in between, then we’ll have a medium priority (P3 or so). The Priority Matrix is also known as Priority Data Lookups.
Typically, when experiencing a true outage or a degredation of any service – that would classify as a Priority 1 or a P1.
P1’s in ServiceNow are treated a bit differently than other teams, and many companies have IT Alerting tools that specifically monitor for P1 Incidents. Some tools like PagerDuty or Splunk On-Call (formerly VictorOps) are used to properly triage and alert teams for P1 Incidents.
What Are Impact And Urgency?
Impact and Urgency are two fields on every incident form.
When an incident is created, typically in the Service Portal, these are two questions that we ask the end user.
We want to know how many users are being impacted (Impact).
And how quickly the case needs to be addressed (Urgency).
Based on how the end user answers these 2 questions, along with some other information – we create the incident and start measuring our SLA’s.
So the priority field is always read only, and the value is only updated by updating the impact and urgency fields.
When an incident comes in and it’s deemed to be created incorrectly by the user, then we as IT professionals can update the impact and/or urgency and this will readjust our SLA’s that are running.
It is highly debated whether or not we should allow end users to report P1 Incidents. We’re going to leave that decision up to you. But consider that there are a high number of P1 incidents that aren’t real incidents. A lot of our end users might think that something is a P1 to them – but in the eyes of IT – it most certainly is not.
You could consider creating a process where P1’s are vetted by a team before they’re escalated and we start waking people up in the middle of the night with phone calls and text messages.
Run a post incident review process and see how many P1’s that are generated by the end user, are true P1’s.
We have done this quite successfully and have realized that over 50% of the P1’s that are created are “false alarms”. As a result, we’ve put an on-call team into place, which is essentially just whoever is managing the service desk at the time. The team members will double check to see if the systems are truly down before confirming the P1 and having alerts sent out.
Consider coming up with a Post Mortem process for your P1’s and reviewing how they were handled.
To control your Priority Matrix, view the Priority Data Lookup module.
Go to: System Policy > Rules > Priority Data Lookups
Here you will see your out of box configurations of the priority matrix.
Each combination of an impact and urgency equals a priority.
We can have duplicate values for the Priority, meaning that multiple different combinations can equal the same priority. But there’s no reason to have a record with duplicate values for an Impact and Urgency.
How To Change The Priority Matrix
This is not something to just go in and modify without consulting the rest of your IT teams.
The out of box configuration of priority data lookups should work for most IT Orgs, but if you’re certain you’d like to change the way the system automatically works – go ahead and provide an update here. As long as it’s been well though through and you have buy in from the rest of the org, you are all set.
To change the priority matrix, simply go into any of the records and modify the values as needed.
Keep in mind that the SLA’s that you have configured on Incident are likely tied to Priority values.
So if you start playing around and updating the Priority matrix, some of your SLA’s might not look the same when you start reporting on them.
As ServiceNow Admins, it’s one thing to properly understand the software. But we also need to understand how to consult with other teams before making changes to baseline configurations.
Let us know below of any changes you have made and if you think the out of box configuration is good enough for your team.