top of page

Major Incident Process

Updated: Apr 21

Editable process for when you have a high-impact situation that requires managerial oversight and organisation-wide communication.

Major Incident Process
Download PPTX • 182KB

This digital summary outlines the Major Incident Process, a structured approach for responding to and managing major IT incidents within an organisation.

Major Incident Process Example

Purpose of the Major Incident Process

The Major Incident Process serves as a guideline for IT teams and stakeholders to coordinate their efforts in restoring disrupted services as swiftly as possible. It provides a set of defined activities, roles, and responsibilities to ensure effective communication and action during a crisis situation.

Where and When to Use the Major Incident Process

The Major Incident Process is activated when a significant incident occurs that affects critical systems and services. It is applicable across various departments within the organisation, including the Helpdesk, technical teams, and upper management.

Major Incident Process Steps

  1. Investigate: Initial 1-hour investigation period by the receiving team to potentially resolve the issue.

  2. Contact Major Incident Manager: Engage MI Manager if the service is not restored within 1 hour.

  3. Assess Criteria for Major Incident: MI Manager evaluates if the situation qualifies as a major incident.

  4. Investigate & Escalate: Continued investigation and escalation by the technical team.

  5. Manage Recovery & Comms: MI Manager oversees recovery and communications.

  6. Investigation Review Meetings: Crisis meetings may be convened by the MI Manager.

  7. Update Stakeholders: MI Manager communicates updates to stakeholders.

  8. Communicate Resolution: Final communication once the service is restored.

  9. Produce an MI Report: A detailed report is produced and circulated within 24 hours.

  10. Close Incident: Formal closure of the major incident record.

Roles & Responsibilities

  • Helpdesk Staff: Responsible for initial identification, logging, and escalation.

  • Investigating Technical Teams: Implement fixes and update the incident management system.

  • Major Incident Manager: Coordinates overall response and communication, and produces the Major Incident Report.

Why Use the Major Incident Process?

  1. Streamlined Response: Ensures a standardised, swift, and effective response to major incidents.

  2. Accountability: Clearly defined roles and responsibilities make it easier to hold parties accountable.

  3. Risk Mitigation: The systematic approach aids in reducing the impact of the incident.

  4. Transparency: Helps in maintaining open and consistent communication with all stakeholders.

  5. Continuous Improvement: Facilitates post-incident reviews to identify areas for improvement.

Additional Information

The Major Incident Process acts as a blueprint for organisations aiming to achieve a coordinated and effective response to severe incidents. It is instrumental for governance and compliance, making it a critical component of a robust IT management strategy.


About the author

Hi, I'm Alan, and have been working within the IT sector for over 30 years.

For the last 15 years, I've focused on IT Governance, Information Security, Projects and Service Management across various styles of organisations and markets.

I hold a degree in Information Systems, ITIL Expert certificate, PRINCE2 Practitioner and CISMP (Information Security Management).


bottom of page