Search for Well Architected Advice
< All Topics
Print

Use a process for event, incident, and problem management

Using Processes for Event, Incident, and Problem Management
To maintain reliable operations, it is essential to have well-defined processes for managing events, incidents, and problems. Each of these scenarios requires a tailored approach to effectively mitigate impact and ensure appropriate responses. By differentiating between events, incidents, and problems, and having a structured process to manage each, organizations can reduce downtime, address root causes, and enhance workload reliability.

Differentiate Between Events, Incidents, and Problems

  • Events: Events are occurrences in your workload that may not require any intervention. Examples include routine log entries or performance metrics exceeding a threshold but without immediate impact on the workload.
  • Incidents: Incidents are events that require immediate intervention. These may include outages, performance degradation, or security breaches that impact workload health or customer experience.
  • Problems: Problems are recurring incidents or events that cannot be fully resolved and require further analysis to identify the underlying cause. Problems often indicate systemic issues that need addressing to prevent further incidents.

Establish Event Management Processes

Develop processes to handle events and determine when an event should trigger a response. Events may include monitoring alerts, scheduled backups, or non-critical performance issues. Automated monitoring and classification help categorize events and decide whether they require escalation or further analysis. By establishing event management processes, teams can reduce false alarms and focus on events that need attention.

Handle Incidents Through Incident Management

Implement incident management processes to address events that escalate into incidents. The process should include clear steps for identifying, categorizing, responding to, and resolving incidents. Teams should follow predefined incident response procedures to mitigate the impact of incidents and restore normal operations as quickly as possible. Effective incident management reduces downtime and ensures incidents are addressed in a structured and consistent manner.

Resolve Problems Using Problem Management

For recurring incidents or unresolved events, use problem management processes to find and address root causes. Problem management involves identifying and analyzing the underlying cause of incidents to prevent recurrence. Root cause analysis (RCA) is a key part of problem management, helping teams implement corrective actions that eliminate the source of ongoing problems. This approach ensures long-term stability and reduces the likelihood of similar incidents.

Automate Responses to Events and Incidents

Automate responses to common or predictable events to reduce response time and minimize manual intervention. Automation can include scaling resources when metrics indicate increased load, automatically applying patches, or triggering failovers during incidents. Automation helps ensure a consistent response, reduces human error, and enables teams to focus on complex problems requiring manual intervention.

Escalate and Communicate During Incidents

Ensure that escalation paths are defined and communicated clearly. When incidents cannot be resolved at an initial level, they should be escalated to the appropriate personnel. Communication is also key during incidents—ensure that relevant stakeholders, internal teams, and users are kept informed about the incident status, impact, and resolution timeline. Clear communication helps manage expectations and reduce confusion.

Conduct Post-Incident Reviews

After resolving incidents and problems, conduct post-incident reviews to assess what went well and what could have been improved. Use the insights gained from these reviews to refine response procedures, update runbooks, and improve the effectiveness of problem management processes. This continuous improvement approach ensures teams learn from every incident and enhance their readiness for future events.

Supporting Questions

  • How do you differentiate between events, incidents, and problems in your workload?
  • What processes are in place to manage each type of event, incident, or problem?
  • How do you ensure effective communication and escalation during incidents?

Roles and Responsibilities

Incident Responder
Responsibilities:

  • Follow incident management procedures to respond to and resolve incidents quickly and minimize impact.
  • Escalate incidents to appropriate teams if they cannot be resolved at an initial level.

Problem Manager
Responsibilities:

  • Lead the problem management process to identify the root cause of recurring incidents.
  • Conduct root cause analysis (RCA) and work with relevant teams to implement corrective actions that prevent recurrence.

Operations Manager
Responsibilities:

  • Oversee event, incident, and problem management processes, ensuring that response procedures are effective and that all types of events are managed appropriately.
  • Conduct post-incident reviews and use lessons learned to enhance future response efforts.

Artifacts

  • Overview of Events, Incident and Problems: An overview of the meaning of Events, Incidents and Problems, their differences and when each apply.
  • Event Management Policy: A document detailing how events are classified, monitored, and managed, including when events escalate to incidents.
  • Incident Management Policy: A document detailing how incidents are classified, monitored, and managed, including when events escalate to incidents.
  • Problem Management Policy: A document detailing how problems are classified, monitored, and managed, including when events escalate to incidents.
  • Incident Response Playbook: A playbook outlining the steps to take during incidents, including identification, categorization, response, resolution, and escalation paths.
  • Root Cause Analysis Report: A report documenting the findings of root cause analysis for recurring incidents, along with corrective actions taken to prevent recurrence.

Relevant AWS Tools

Monitoring and Event Management Tools

  • Amazon CloudWatch: Monitors workload events and creates alarms based on thresholds, helping teams identify when events escalate to incidents.
  • AWS Systems Manager OpsCenter: Aggregates operational issues and helps classify events, incidents, and problems, providing a central location for managing operational activities.

Incident and Problem Management Tools

  • AWS Systems Manager Incident Manager: Helps organize and manage incidents, providing runbooks and workflows that guide teams through resolution.
  • AWS Config: Tracks resource configuration changes and helps identify issues that may lead to incidents, supporting problem management efforts.

Automation and Escalation Tools

  • AWS Lambda: Automates responses to certain types of events, such as scaling resources or triggering remediation steps, reducing manual intervention.
  • Amazon SNS (Simple Notification Service): Automates alerts and escalation, ensuring that incidents are escalated to the appropriate teams when needed.

Post-Incident Review Tools

  • AWS Systems Manager Automation: Automates the collection of information during incidents, making it easier to conduct post-incident reviews and identify areas for improvement.
  • AWS QuickSight: Visualizes metrics and post-incident analysis data, helping teams understand trends and identify areas where response processes can be refined.
Table of Contents