What is the definition for Priority 1 (P1) and Priority (P2) incidents?

3.6k viewscircle icon11 Comments
Sort by:
CIOa year ago

What is the classification of Cyber incident vs the levels  PI, P2  ( more classic  ITIL oriented ) in most tools.
Can you have still have P1  P2 incidents,  based on level of attack ,  but classify them  as Cyber ?
We  did service called Cyber and if the incident is for example a DDOS attack , we  get  standard P1 alert , but we manually start a new  P1 linked to "Cyber Service"  so we can track them and have special playbook for the incident . 
Any thought on how to structure Security incidents in std Incidents tools like Pager Duty. ?

1 Reply
no titlea year ago

Hi!<br><br>We recently decided to rework our approach to Incidents:<br>First of all, we have an aggregated definition of incident. Any deviation from normal business is an incident. And every incident needs to follow the same process.<br>The address the right people and involve them in incident handling, we just put flags onto an incident:<br>Physical<br>Security<br>IT<br>Data Breach<br><br>As well es reporting duties for certain regulatory bodies<br>GDPR<br>DORA<br>...<br><br>Let's see how that works<br>

Director of Technology Strategy in Services (non-Government)2 years ago

An impact/urgency matrix can help give a clear view of this, with the weighting on impact as they both may be as urgent as each other.

A P1 incident affects a large number of users, systems, or services and may result in widespread disruption of business operations.
A P2 incident may affect a smaller number of users, systems, or services, and may result in localized disruption of business operations.

In my experience, people can fixate on the number of users and disregard something that only impacts 3 people.

But if those 3 people are the only 3 doing a specific process, and the process is critical, then it might warrant as a p1. 

Board Member in Healthcare and Biotech2 years ago

Beyond the classical definitions that have already been provided, let me add a twist.

CEO/Board member impact due to unavailability of any technology service is P1 in most companies, for the rest of the CXOs it could be P2. 

Smile

VP of Engineering in Banking2 years ago

You can define them pretty much you want based on your context. There is no one-size-fits-all definition.

The classification is usually based on business impact/severity and the urgency of the issue. P1 has higher severity & urgency than P2. In some companies, they can also have P0.

Director IT in Education2 years ago

P1 incidents are the most critical incidents that require immediate action to contain and resolve the issue and prevent further damage or loss.

P2 incidents are significant incidents that require prompt attention to mitigate the risk of data loss or disruption to business operations.

Both P1 and P2 incidents follow established incident management procedures to prioritize resources, coordinate efforts among different teams, and communicate updates to stakeholders until the incident is resolved.

Content you might like

Very Concerned20%

Somewhat Concerned60%

Neutral13%

Not Very Concerned6%

Not Concerned at All1%

View Results

Return on Investment (ROI)44%

Total Cost of Ownership (TCO)41%

Net Present Value (NPV)23%

Internal Rate of Return (IRR)11%

Payback Period22%

Business Process Improvements (e.g., increased efficiency, reduced cycle times, or enhanced productivity)44%

Customer Satisfaction and Retention30%

Competitive Advantage18%

Risk Mitigation27%

Ability to Foster Innovation and Agility14%

Employee Satisfaction19%

Something Else (share in a comment!)3%

View Results