WIXLIB

Event ManagementProcess Asset LibraryOffice of Information and Technology

Table of ContentsEvent Management Process Map . 1Process: Event Management . 3Event Management Description and Goals . 4Description. 4Goals. 4Event Management RACI Information. 5Event Management Associated Artifacts Information . 8Event Management Tools and Web Sites Information . 8Event Management Standards Information . 8Event Management Process. 9Process Activity Name: EVM-01 Event Occurs . 9Process Activity Name: EVM-02 Detect Event . 10Process Activity Name: EVM-03 Notification of Event . 11Process Activity Name: EVM-04 Log Event . 12Process Activity Name: EVM-05 Complete First Level Event Correlation andFiltering . 13Process Activity Name: EVM-06 Determine Significance of Event . 14Process Activity Name: EVM-07 Complete Second Level Event Correlation. 15Process Activity Name: EVM-08 Is Further Action Required? . 16Process Activity Name: EVM-09 Response Selected . 17Process Activity Name: EVM-10 Review Actions . 18Process Activity Name: EVM-11 Information Only? . 19Process Activity Name: EVM-12 Close Event . 20Process Activity Name: EVM-13 Incident Management . 21Event Managementii

Event Management Process MapThe links in this process map are inactive. Please scroll to view activity data.1

The links in this process map are inactive. Please scroll to view activity data.2

Process: Event ManagementOverview: The process map for Event Management cycles through the following process andreview activities:EVM-01 Event OccursEVM-02 Detect EventEVM-03 Notification of EventEVM-04 Log EventEVM-05 Complete First Level Event Correlation and FilteringEVM-06 Determine Significance of EventEVM-07 Complete Second Level Event CorrelationEVM-08 Is Further Action Required?EVM-09 Response SelectedEVM-10 Review ActionsEVM-11 Information Only?EVM-12 Close EventEVM-13 Incident ManagementEvent Management3

Event Management Description and GoalsDescriptionEvent Management is the process that monitors, identifies and prioritizes infrastructure, service,business and security events and filters events to be responded to according to event status,especially focusing on conditions that could lead to potential faults or Service Level exceptions.Event Management is therefore the basis for Operational Management Monitoring, Control, andNotification and is ITIL conformant. The process is made up of interrelated activities, includingactivities that measure the effectiveness of the process, as well as provide for continued processimprovement.GoalsThe goals of Event Management are to:- Provide the ability to detect events, make sense of them and determine the appropriate controlaction is provided.- Automate many routine Operations Management activities like executing scripts on remotedevices, submitting jobs for processing, or even dynamically balancing the demand for a serviceacross multiple devices to enhance performance.- Provide a way of comparing actual performance and behavior against design standards andService Level Agreements (SLAs).- Provide a basis for Service Assurance and Reporting; and Service Improvement.- Provide a standard and filtered view of all events including those from other event managementsystems and from enterprise applications.- Associate one or more events with a single cause in determining root cause analysis.- Automatically inform the appropriate stakeholders of events that require action to drive timelyresponse.- Attach descriptive information to events to facilitate incident resolution and root cause analysis.- Provide up-to-date roles and responsibilities charts to support event management.- Ensure there is vendor involvement during event investigation and resolution, as required.- Provide post analysis of event handling procedures that were conducted and applied.- Ensure interaction with other Service Management processes.Event Management4

Event Management RACI InformationThe following describes the RACI information for this process:EVM-01 Event OccursResponsible Role: CustomerAccountable Role: Enterprise Command Center Monitoring TeamConsulted Role: None ListedInformed Role: None ListedEVM-02 Detect EventResponsible Role: Enterprise Command Center Monitoring TeamAccountable Role: None ListedConsulted Role: Event Management Staff; CustomerInformed Role: Event Management Process Owner; StakeholdersEVM-03 Notification of EventResponsible Role: Enterprise Command Center Monitoring TeamAccountable Role: None ListedConsulted Role: Event Management StaffInformed Role: Event Management Process Owner; StakeholdersEVM-04 Log EventResponsible Role: Enterprise Command Center Monitoring TeamAccountable Role: None ListedConsulted Role: Event Management Staff; StakeholdersInformed Role: Event Management Process Owner; StakeholdersEVM-05 Complete First Level Event Correlation and FilteringResponsible Role: Enterprise Command Center Monitoring TeamEvent Management5

Accountable Role: None ListedConsulted Role: CustomerInformed Role: None ListedEVM-06 Determine Significance of EventResponsible Role: Subject Matter Expert(s)Accountable Role: Enterprise Command Center Monitoring TeamConsulted Role: Event Management StaffInformed Role: Event Management Process Owner; StakeholdersEVM-07 Complete Second Level Event CorrelationResponsible Role: Subject Matter Expert(s)Accountable Role: Enterprise Command Center Monitoring TeamConsulted Role: None ListedInformed Role: None ListedEVM-08 Is Further Action Required?Responsible Role: Subject Matter Expert(s)Accountable Role: Enterprise Command Center Monitoring TeamConsulted Role: None ListedInformed Role: None ListedEVM-09 Response SelectedResponsible Role: Enterprise Command Center Monitoring TeamAccountable Role: Subject Matter Expert(s)Consulted Role: None ListedInformed Role: CustomerEVM-10 Review ActionsEvent Management6

Responsible Role: Enterprise Command Center Monitoring TeamAccountable Role: Subject Matter Expert(s)Consulted Role: Event Manager; StakeholdersInformed Role: Event Management Process Owner; CustomerEVM-11 Information Only?Responsible Role: Enterprise Command Center Monitoring TeamAccountable Role: None ListedConsulted Role: None ListedInformed Role: None ListedEVM-12 Close EventResponsible Role: Enterprise Command Center Monitoring TeamAccountable Role: Subject Matter Expert(s)Consulted Role: None ListedInformed Role: Event Management Staff; Event Management Process Owner; StakeholdersEVM-13 Incident ManagementResponsible Role: Enterprise Command Center Monitoring TeamAccountable Role: None ListedConsulted Role: None ListedInformed Role: None ListedEvent Management7

Event Management Associated Artifacts InformationThere are no artifacts associated with this process.Event Management Tools and Web Sites InformationThe Tools and Web Sites associated with this process (including hyperlinks) include:Enterprise Operations (EO) Monitoring Team websiteService Operations Insight (SOI) WebEvent Management Standards InformationStandards associated with this process (including hyperlinks) include:Framework for Improving Critical Infrastructure Cybersecurity Draft Version 1.1OI&T Event Management Process DocumentEvent Management8

Event Management ProcessProcess Activity Name: EVM-01 Event OccursPrevious ActivitiesProcess BeginsNext ActivitiesEVM-02 Detect EventDescriptionThe Customer, or an Auto Generated device, notifies the Enterprise Command CenterMonitoring Team that an event is about to occur, or has occurred. There are multiple ways forcustomers to notify the Enterprise Command Center Monitoring Team. (Auto generated at theVA Command Center, Emails, phone calls, VA Pulse, and other sources).InputEmailPhone CallVA Command Center NotificationVA PulseOutputEvent IdentifiedAssociated ArtifactsNone ListedResponsible RoleCustomerAccountable RoleEnterprise Command Center Monitoring TeamConsulted RoleNone ListedInformed RoleNone ListedTools and WebsitesEnterprise Operations (EO) Monitoring Team websiteService Operations Insight (SOI) WebStandardsNone ListedEvent Management9

More InfoThe Service Operations Insight (SOI) Web is accessed in the Operation Tools Links of the EOMonitoring Team Web Page. Access to the Service Operations Insight (SOI) event managementtool requires the user to obtain access to the site. The user can gain access to the SOI Web bycontacting Enterprise Operations SharePoint Site Collection Administrator.Process Activity Name: EVM-02 Detect EventPrevious ActivitiesEVM-01 Event OccursNext ActivitiesEVM-03 Notification of EventDescriptionThe Enterprise Command Center Monitoring Team monitors data from various system resourcesin the VA infrastructure, service, business and security to detect events. This includes varioussystem resources in the VA infrastructure, service, business and security. The Configuration Itemor Service being monitored goes into an abnormal state which causes an Event to be generatedby a monitoring tool.InputEvent IdentifiedOutputDetected EventAssociated ArtifactsNone ListedResponsible RoleEnterprise Command Center Monitoring TeamAccountable RoleNone ListedConsulted RoleEvent Management Staff; CustomerInformed RoleEvent Management Process Owner; StakeholdersTools and WebsitesEnterprise Operations (EO) Monitoring Team websiteService Operations Insight (SOI) WebStandardsNone ListedEvent Management10

More InfoThe Enterprise Command Center Monitoring Team configures the Service Operations Insight(SOI) Web event management tool for the design and thresholds of the data element fields. TheService Operations Insight (SOI) Web is accessed in the Operation Tools Links of the EOMonitoring Team Web Page. Access to the Service Operations Insight (SOI) event managementtool requires the user to obtain access to the site. The user can gain access to the SOI Web bycontacting Enterprise Operations SharePoint Site Collection Administrator.Process Activity Name: EVM-03 Notification of EventPrevious ActivitiesEVM-02 Detect EventNext ActivitiesEVM-04 Log EventDescriptionThe Enterprise Command Center Monitoring Team configures the Service Operations Insight,the event management tool to filter events and determines whether to communicate the event to amanagement tool.A general principle of event notification is that the more meaningful the data it contains and themore targeted the audience, the easier it is to make decisions about the event. Meaningfulnotification data and clearly defined roles and responsibilities need to be articulated anddocumented.InputDetected EventOutputEvent NotificationFiltered EventAssociated ArtifactsNone ListedResponsible RoleEnterprise Command Center Monitoring TeamAccountable RoleNone ListedConsulted RoleEvent Management StaffEvent Management11

Informed RoleEvent Management Process Owner; StakeholdersTools and WebsitesEnterprise Operations (EO) Monitoring Team websiteService Operations Insight (SOI) WebStandardsNone ListedMore InfoSee Event Management Process Document for additional information regarding significance ofthe event.The Service Operations Insight (SOI) Web is accessed in the Operation Tools Links of the EOMonitoring Team Web Page. Access to the Service Operations Insight (SOI) event managementtool requires the user to obtain access to the site. The user can gain access to the SOI Web bycontacting Enterprise Operations SharePoint Site Collection Administrator.Process Activity Name: EVM-04 Log EventPrevious ActivitiesEVM-03 Notification of EventNext ActivitiesEVM-05 Complete First Level Event Correlation and FilteringDescriptionThe Enterprise Command Center Monitoring Team reviews and logs the event by category typefrom the Service Operations Insight tool.InputFiltered EventOutputEvent NotificationLog EventAssociated ArtifactsNone ListedResponsible RoleEnterprise Command Center Monitoring TeamAccountable RoleNone ListedEvent Management12