In large enterprise environments, IT departments almost always utilize a Ticketing System to view, share, and manage IT/Cybersecurity tasks. A ticketing system is a digital platform that allows employees to submit messages describing an issue they have encountered with company technology, appearing as a literal “ticket”. The tickets are then sent to the IT department, which can view the tickets and address the needs outlined in them. Enterprise ticketing systems usually employ a system known as Triage. A system of triage allows the IT department to rearrange and prioritize tickets based on their importance, urgency, and other factors. Different levels of IT support can triage advanced requests to more senior IT staff, while addressing the tickets that fall under their scope of work. This system allows the organization to be efficient with IT support.

If your small business makes heavy use of digital technology and systems for workflows, it may be beneficial to implement a ticketing system to better manage technology issues. This has added benefits if your business does not have a designated IT manager whose sole responsibility is to provide tech support. By storing tickets in writing in an organized system with triage capabilities, you can prevent yourself or the employees performing technical support from becoming overwhelmed.

If you implement a ticketing system, employees should be trained in how to write and submit tickets. Once a ticket is received in the digital system, the designated employees in charge of IT support should follow the process outlined below:

  1. Assessment: The IT tech views the ticket and determines the validity of the request/issue. This may involve consulting data such as log entries in cases involving potential cybersecurity incidents.
  2. Categorization: After assessing the ticket, the tech will assign it categories specifying the type of issue and its severity. For example, a ticket indicating a potential ransomware infection would get a more urgent categorization than a ticket complaining about the placement of a power strip.
  3. Prioritization: The categorization of the ticket will determine its priority for remediation. Obviously, more concerning tickets, indicating security issues, would receive higher prioritization than system personalization requests.
  4. Assignment: Oftentimes, the tech who manages the ticketing system is not the one with the full capabilities to address the ticket. At this point, they will need to triage the ticket to the appropriate employee. For example, a ransomware attack would be assigned to the Incident Response role, and an issue with domain connectivity would be assigned to the Network Engineer.
  5. Closure: After the issue on the ticket has been resolved, the ticket can be closed. Almost all ticketing systems require that a report be submitted on the actions taken to address the issue. For smaller issues like application fixes or user instructions, the ticket can be resolved with a few sentence description. However, more severe issues involving security events will need a more detailed report that may spill over into a separate, official incident report.

As stated, it is up to you as the business owner to decide whether to implement a ticketing system. It is a good idea to consult with your cybersecurity team to see if they have identified any internal issues with managing employee technical requests. Since we are talking about a small business here, it is also up to you to decide how advanced you want to go with a ticketing platform. Many high-end platforms require significant licensing fees in return for more comprehensive management and triage features. However, there also exist open source ticketing platforms with more basic capabilities and interfaces that may be better suited for a small business environment.

External Links