Should every major incident produce a problem record?
The auditor pinged us for not creating a problem record every time we have a major incident. I've been through ITIL V3 and ISO20000 and I can't find anything that says we should. What do you think?
Dear P***ed Off
I can understand your frustration. It is the same frustration experienced by retarded children trying to come to grips with their own cognitive limitations.
You simple folk in the field really must learn that ITIL is a subtle and immensely complex body of knowledge. It takes years of experience and study to even begin to develop the higher intelligence required to apply it to everyday life. And this is an intelligence you cannot possibly attain working for years or even decades in a steady job at the IT production coalface. That sort of environment only stifles your development.
To reach our levels of awareness you must learn by teaching theory, gaining many certifications, travelling, wearing a suit, using wireless in airports, and attending many conferences. Until you have your own blog and people pay you to recommend things you cannot possibly begin to understand.
So please leave it to the auditors and consultants OK? You will only upset yourself flailing about in your ignorance.
To help you out with your specific question, ITIL may not say so in as many words but to those of us with higher insight into its nuances the message is clear. If you fail to recognize the value of documentation, even after the fact, you are doomed to repeat your mistakes all over again. That's why there is so much emphasis on DIKW and the knowledgebase approach with the SKMS. Are you beginning to get a glimmer of understanding? Because if not then going further will be an exercise in futility and I have better things to do.
I shall give you the benefit of a great deal of doubt and explain a little more: the consistency of the application of best practice and processes/roles is precisely what truly helps orgs to dig out of major incidents and problems in an effective and efficient manner. ITIL clearly says (SO 22.214.171.124) "A problem is the underlying cause of one or more incidents and remains a separate entity always!" One day you will understand that when ITIL ends a sentence in an exclamation mark that means it is something really important we call a "best practice", OK? ITIL goes on to say "some major incidents may not need to be handled in this way ... provided the impact remains low!" Also a best practice because of the "!" see? But you cannot begin to comprehend the depth of understanding required to come up with major incidents whose impact is low, now can you? Name one. I bet you can't.
Finally SO 126.96.36.199 says "If the cause of the incident needs to be investigated at the same time" which is pretty often "then the Problem Manager would be involved as well". Now ITIL doesn't say anything else about problems in major incidents, but for those of us truly attuned to its brilliant insights it doesn't need to say any more. To us it is as clear as words on a page that problem records will be created in all major incidents. Of course that is what this passage means, and if you study hard and travel hard maybe one day you will see it too.
That auditor was a wise man, probably even an ITIL Expert.
Good luck seeking enlightenment!
The ITIL Wizard
P.S. there are lots of good comments below and our host the IT Skeptic has discussed this further here