ITSM Event Management

One important consideration when setting up Monitoring & Event Management is the creation of a physical command centre. Depending on the size of the IT operations and the agreed SLAs, it could be a simple setup of a monitor displaying the alerts, occasionally monitored by the operations manager himself or an entire command centre with a dedicated MEM manager, shift leads and appropriately staffed shifts. 

Two of the biggest challenges in Event Management are preventing the purchase of unnecessary additional system management tool whenever a new product or service gets introduced and making sense of the millions of alerts generated by the amalgamation of system management tools introduced into the environment thereafter. 

Some useful strategies to reduce these challenges:

• make it a policy that existing system tools must be considered before the purchase of new system tools. This can be done by involving the MEM manager in all new products or services system management tool selection process
• create a metric showing the number of alerts generated versus those with actual incident tickets created. A healthy ratio differs for each service so it is important the MEM manager work this number out with the respective service owners. This should be done by agreeing on a periodic review date and after the stabilization of a newly introduced product or asset into the production environment (normally a few months).
• to ensure knowledge continuity for new products or services, ensure that shift leads are project members in release management projects. 
•  make it part of the standard new product or asset management release management project template for engineering staff to work in the command centre the first few months after the introduction of a new product or asset.

Here is a Monitoring and Event Management SOP and the relevant supporting documents (prefix IT.MEM)

Updated: July 2012