Capturing Breach Reasons through Activities

[Lauren]

Hi

We are currently looking to improve our incident business process. We utilise activities to capture why an incident has breached, using 6 outcomes (e.g. third party fix, delayed assignment etc.) and an additional "Reason" box to gather further info.

Our current process is configured to allow the analyst to resolve a breached incident, prior to completing the breach activity. If the breach activity isn't completed, it will expire after a set time. The concern with this, is that the incident doesn't change from "Resolved" to "Closed" until after that breach activity is completed (the auto-close function is set to 5 days, therefore it won't close until the activity has been completed PLUS the 5 days).

Is it possible - at the point the analyst presses "Resolve" after completing their resolution text/category - the system auto-generates a breach activity. This activity must then be completed by the analyst before they are able to resolve the incident fully. I am aware that at this point the actual resolution timers won't have been marked. If there was a mechanism to calculate whether or not at that point the fix time had been met, it could prompt the analyst as outlined above. This would also prevent the auto-close of the request (as mentioned above) being any longer than 5 days.

I welcome any thoughts/suggestions with regards to this.

Lauren

[Lauren]

Hi @James Ainsworth @Steven Boardman @Victor

Sorry to pick on the three of you - do you have any suggestions following my query above?

Lauren

[Steven Boardman]

Hi @Lauren unfortunately i am not sure i can think of much to assist here. 

One thought was to lock the resolution action until after the last action in your process, and on the completion of the last action, say something like investigation complete you could actually mark the resolve timer and do a check to see if the request had breached, if it had then create the breach activity and have said timer to ensure completion in a timely manner, obviously once the breach details were recorded you could unlock the resolve action and allow the resolution to be entered, if there was no breach you would skip the breach task and just unlock the resolve action. Obviously this way you could then have your 5 days from actual resolve to auto close.

I am not sure this is going to be practical and it may simply move the problem in front of the resolve action, compared to the issue you are having after the resolve action, but i just thought i would throw it out there as the mark fix timer can be put anywhere in your business process.