Configure SLA for Incidents
Service Level Agreement (SLA) enables administrators to configure the time limits to update incidents based on the SLA type. You can configure the following types of SLAs for incidents:
Assignment SLA: The time limit from the incident opened time within which you must assign a user. This SLA refers to the triaging phase of an incident.
Resolution SLA: The time limit from the user assignment time of an incident within which you must close the incident. This SLA refers to the post-triaging phase of an incident.
You can create multiple SLAs based on the type, severity, business unit, and location of the incidents. With incident SLAs, you can:
Define a standard time limit to assign, notify, and respond to an incident.
Set breach limits to alert the incident response teams when an SLA is about to breach.
Monitor the SLA breach status of the incidents in the Incident Dashboard.
Configure multiple levels of escalations when the assignment and resolution SLAs are breached.
Note
The Incident Type and Business Unit parameter names might differ based on the names configured by your administrator.
Create Assignment or Resolution SLA for Incidents
To create an assignment or resolution SLA for incidents, do the following:
Go to Admin Panel > SLA > Incident.
Click Create SLA.
Enter a unique name for the SLA. For example, Critical Malware SLA.
Select an SLA type. For example, Resolution.
Specify the incident details for which this SLA is applicable in Severity, Incident Type, Location, and Business Unit.
Enter the following details to specify the SLA timeline:
SLA Warning Threshold: Enter a duration from the incident creation time to display a warning in the incident that the SLA is about to be breached. This time must be at least five minutes before the SLA time. For example, 55 minutes.
SLA: Enter a duration from the incident creation time after which the SLA breaches if an incident is not assigned or closed. For example, 1 hour.
Breached SLA Threshold 1: Enter a duration from the incident creation time to send a first-level escalation email if an incident is not assigned or closed. This escalation is applicable only if the SLA is breached. For example, 2 hours.
Breached SLA Threshold 2: Enter a duration from the incident creation time to send a second-level escalation email if an incident is not assigned or closed. This escalation is applicable only if the first-level escalation mail is already sent. For example, 3 hours.
Click Save & Next.
For SLA escalation, do one of the following:
Select an escalation to associate with the SLA and click Save & Next.
To associate a new escalation, click Create Escalation. For more information, see Create Escalation Roster for Incidents.
To create an SLA without associating an escalation, click Skip. You can associate an escalation later.
To reorder the SLA priority, drag and drop the SLAs as per their priority.
Click Save.
Create Escalation Roster for Incidents
The escalation roster enables you to configure the recipients of the escalation emails for various stages of the SLA breaches, such as SLA warning, SLA breach, SLA threshold 1 breach, and SLA threshold 2 breach. You can configure CFTR users and non-CFTR users as recipients.
Note
You can use an escalation roster for both assignment and resolution SLAs of incidents and actions. The escalation roster is not applicable for notification SLAs.
To create an escalation roster, do the following:
Go to Admin Panel > SLA > Incident.
Click Escalations and then click Create Escalation.
Enter a title for the escalation.
For each escalation level, select the CFTR users or enter the email IDs of the recipients to whom you want to send the escalation email. For more information, see SLA Matrix for Incidents.
Click Save.
Manage Incident SLAs
You can perform the following activities to manage the incident SLAs:
Search for an SLA.
Filter SLAs based on business units, locations, incident types, locations, created date, and last updated date.
Update SLA details. The updates apply to both existing and new incidents. If the current SLA does not apply to an incident anymore after the update, then the next SLA that is applicable to the incident as per the priority order is automatically applied. If no SLA is applicable, then SLA is removed from the incident.
Activate or deactivate SLAs. If you deactivate the assignment, resolution, or notification SLA, the applied SLAs will be removed from all existing incidents and will not be applied to new incidents.
Delete an SLA. When an SLA is deleted or deactivated, then the next SLA that is applicable to the incident as per the priority order is automatically applied. If no SLA is applicable, then SLA is removed from the incident.
Add or update the escalation for an SLA.
Reorder SLAs based on priority. If more than one SLA is applicable for an incident, then the SLA that is higher as per the priority order applies.
View activity logs to track updates to various SLAs and escalations.
SLA Matrix for Incidents
The following table shows how various stages of assignment and resolution SLAs are connected to the escalation levels and which email template is used to send the escalation email.
Assignment/Resolution SLA | Escalation Roster | Email Template |
---|---|---|
SLA Warning Threshold | First Escalation | Incident Reminder |
SLA | Second Escalation/SLA | Incident Escalated To Level 1 |
Breached SLA Threshold 1 | Third Escalation | Incident Escalated To Level 2 |
Breached SLA Threshold 2 | Fourth Escalation | Incident Escalated To Level 3 |