Policies represent the governance being applied to the incident management process. A policy describes the rules and boundaries being applied to the process to ensure appropriate controls are in place. This ensures consistency and repeatability but also identifies the level of flexibility a practitioner has when executing the process, procedure, or work instruction. In some instances, a policy could be applied to more than one process, and in the case of policies within incident management, this is true. Some incident management policies include categorization, prioritization, impact, urgency, incident record content, and reporting. Each of these policies will be discussed in more detail with examples ahead.
Categorization is one of those policies that will be used by other processes (i.e., change management, request management, or problem management). Categorization is very important to understand what service is failing, what configuration items make...