ITSM Workflow Intelligence — Interactive Showcase v25

⚡ v25 · Production Ready · Single HTML file

ITSM Workflow Intelligence Tool

Your operational co-pilot for every stage of an incident. Structured guidance from first alert to service review — incident, problem, change, RCA, retrospective and service review reporting in a single HTML file. Zero dependencies. Works offline. New in v25: a rules-based Pre-flight Review Agent reviews your incident data before outputs are generated, and the War Room Pulse panel keeps every live metric visible at a glance.

📋

8 structured outputs

ServiceNow incident, Jira Bug, Jira Story, Confluence PIR, Problem Record, Change Request, RCA Report and Status Page update. All paste-ready. Generated from data you enter once.

⚡

P1 bridge pack in 90 seconds

Five fields. One click. Bridge pack ready, SLA clock running, comms templates generated. Full incident record pre-populated in the background.

🔍

35-check pattern analysis engine

Enter team data for the service review. 35 checks run automatically. Probable cause, interpretation and recommended action for each finding.

📖

130+ term glossary

ITSM/ITIL 4, incident management, SRE, regulatory (FCA, PRA, DORA, ICO, PCI DSS), ServiceNow field API names, Jira, Grafana, Dynatrace. Add your own terms.

🏛

Regulatory alignment built in

ITIL 4, FCA operational resilience, FCA SUP 15, DORA Articles 9 and 17, ICO 72-hour, GDPR Article 5(1)(c), PCI DSS. Guidance surfaces at the right moment.

🧠

Decision log & audit trail

Timestamped decision log captures every key call during the incident and feeds directly into the PIR and timeline. Auto-checklist progress bar tracks post-incident actions. Sanitise export removes sensitive values before sharing.

🧭 Navigation

Always Visible. Always One Click Away.

A persistent two-tier header means you are never more than one click from anywhere — at Stage 1, Stage 7, or anywhere in between.

📌

Fixed header — always visible

The top strip never scrolls away. Full/Lite mode toggle, autosave status, accessibility settings and the settings panel are always reachable.

🔀

Scrollable nav rail — 12 destinations

Incident, Customer Report, P1 Fast Track, Pick Up Incident, Practice Run, Problem Record, Change Request, Glossary, Retrospective, Reporting, Integration Hub — all one click.

⊟

Lite Mode — two fields, one output

Strips the workflow to: observation + severity → ServiceNow output. For P3/P4 tickets. Switch any time — your data is preserved.

💾

Autosave — always on

Every field saves as you type. Click the save indicator to restore your most recent session. Up to 10 named sessions for parallel incidents.

📋

Regulatory status — always in view

The 📋 Reg button in the nav shows regulatory guidance status at a glance. A blue dot appears when the automated monitor detects a new FCA, DORA or ICO publication — passive when guidance is current, visible only when action is needed. Click to see what changed and verify at authoritative source. Monitored weekly via GitHub Actions with zero manual maintenance.

☰

Table of Contents panel

☰ TOC tab fixed below the nav rail lists all 12 workspaces. One click navigates and closes the panel. Keyboard: Alt+A for accessibility, ? for all shortcuts.

🚨 Starting an Incident

The Tool Meets You Where the Incident Starts

Not every incident starts the same way. Five different entry points route you to the right starting position without re-entering information.

🖊

Start new incident — monitoring alert

You spotted it, monitoring alerted you or a colleague flagged it. Begin at Stage 1 Triage. The tool guides you through all 7 stages to structured outputs.

📞

Customer reported — GDPR-safe capture

A customer called, emailed or raised a portal ticket. Pattern detection fires as you type. Case reference replaces customer name throughout every output.

📥

Pick up existing — queue handoff

Paste the INC reference and description — the tool pre-populates Stages 1 and 2 and creates the first reassignment entry with the previous team's investigation notes.

⚡

P1 Fast Track — bridge pack in 90 seconds

Critical incident, no time for process. Five fields, one click. Bridge pack generated, SLA clock running, full record pre-populated.

💡

Pattern detection — as you type

Payment keywords trigger FCA SUP 15 guidance. Authentication terms suggest IAM routing. Security language flags regulatory obligations. All automatic from the observation field.

🎯

Welcome screen routes first-time users

First-time visitors see five choices: new incident, customer report, P1 major incident, explore and train, or Lite Mode. Never shows again after first use.

⚡ P1 Fast Track

Bridge Pack in 90 Seconds

When a critical incident hits, you do not have time for a 7-stage workflow. Five fields, one click — bridge pack ready, SLA clock running.

📝

Five fields only

What is down, who is MIM, bridge/call details, initial diagnosis, users affected. The tool pre-populates the full incident record from these five entries.

⏱

SLA clock with health bar

The P1 countdown shows mm:ss in the final hour. A visual Green → Amber → Red health bar shows SLA consumption at a glance. Browser notification fires at ≤10 minutes remaining.

📋

Complete bridge pack output

MIM, bridge details, impact summary, initial diagnosis, SLA countdown, next update time. Paste-ready for Slack, Teams or email. Formatted for the people on the bridge.

📢

Comms templates ready instantly

Status page message, stakeholder update and customer-facing communication generated alongside the bridge pack. Each formatted for its audience.

🔄

Transfer to full record — one click

When pressure eases, click Transfer. Everything from Fast Track is already in Stages 1 and 2. Continue without re-entering anything.

🔗

Direct URL — Alt+P keyboard shortcut

Bookmark the Fast Track URL or use Alt+P. Add it to your on-call runbook. One keystroke away regardless of where you are in the tool.

📊 7-Stage Incident Workflow

Full 7-Stage Incident Workflow

Every stage generates structured outputs. Validation ensures nothing is missed. Jump back to any stage — your data persists.

1️⃣

Stage 1 — Triage and Classification

Weighted impact scoring across 6 factors. Severity recommendation with override. Smart routing suggestion from observation keywords. 7 smart suggestion rules fire as you type.

2️⃣

Stage 2 — Incident Record

SLA clock with business hours indicator. Pause/hold with reason logging. Full incident description, CI, assignment group. Reassignment tracker with investigation notes at each handoff. Decision log captures timestamped decisions as they happen.

3️⃣

Stage 3 — Major Incident

Bridge pack, MIM checklist, stakeholder communications, regulatory notification prompts. Cadence timer for update intervals. Escalation matrix. Post-incident checklist.

4️⃣

Stage 4 — Problem Record

Reactive, Proactive or Known Error. ServiceNow problem_state field values correct. KEDB entry structured for immediate use. Accessible as a standalone workspace.

5️⃣

Stage 5 — RCA

Guided 5 Whys with prompts that resist stopping at Why 2 or 3. Or switch to Fishbone (Ishikawa) with 6 categories. Both generate a complete structured RCA report.

6️⃣

Stages 6 and 7 — Change and Outputs

Change request with 6-factor risk scoring and rollback decision framework. Stage 7 generates all 8 outputs simultaneously. Export all as one document. Shift handover pack and sanitise export available.

📥 Pick Up Existing Incident

Built for How Teams Actually Work

Most engineers are not raising incidents from scratch — they are picking up tickets routed to their queue. This mode is built for that handoff.

📎

Paste from ServiceNow — auto-populates

Enter the INC reference and paste the description. The tool pre-populates Stage 1 observation and Stage 2 short description. The reference flows into every output.

🔗

Reassignment chain created automatically

The first tracker entry is created from the Pick Up form — previous team, how it arrived, and their investigation notes as the formal handoff record.

🔍

Pattern detection on pasted description

Smart keyword detection fires on the pasted text. Routing suggestions, classification hints and regulatory flags surface immediately from the existing incident text.

📖

Known issues register checked

The tool checks the pasted description against your known issues register. If a match is found, the known error details and workaround appear as a banner.

📊

SLA position preserved

Enter the time the incident was originally raised. The SLA clock reflects actual elapsed time from first detection — not when it reached your team.

✏️

Previous investigation notes carried forward

What the previous team ruled out flows into the outputs. The ServiceNow record shows a complete investigation chain — not just your team's work.

🔍 Observability and SRE

Observability Context & SRE Features

For engineers, SRE teams and anyone investigating a technical incident. Capture what your monitoring platform shows and keep it with the incident record.

📡

12 monitoring platform buttons

Dynatrace, Datadog, Grafana, New Relic, Prometheus, PagerDuty, Opsgenie, Splunk, CloudWatch, Azure Monitor, GCP Operations and generic monitoring.

📏

Metric capture with threshold tracking

Record the metric name, observed value, baseline and threshold. Trend direction shown. Each entry flows into the observability context of the ServiceNow incident record.

📋

Runbook URL field

Capture the runbook URL in observability context. Flows into all outputs and handoffs — ServiceNow incident, Confluence PIR and the reassignment log.

🛡

CVE tracking — DORA Article 9

CVE ID format validation, CVSS score and automatic severity assignment. Satisfies DORA Article 9 ICT risk management requirements for critical vulnerability tracking.

🔧

Self-healing checklist

Common automated recovery actions — cache flush, service restart, circuit breaker reset — with outcome tracking (Triggered / Success / Failed / N/A).

🤖

DORA Article 17 — human review gate

No automated triage fires without human confirmation. The tool satisfies DORA Article 17 requirements for human oversight of automated operational tooling.

📋 Problem Record · RCA · Change Request

The Most Documentation-Heavy Stages — Fully Guided

Stages 4, 5 and 6 in the incident lifecycle. Each generates a complete paste-ready output. All three are also accessible as standalone workspaces.

🔎

Problem Record — ITIL-accurate field values

Reactive, Proactive or Known Error. ServiceNow problem_state set correctly — the actual API value (1 Open, 2 Known Error, 3 Pending Change). KEDB entry structured for immediate use.

🐟

RCA — 5 Whys and Fishbone

Guided 5 Whys with prompts that resist stopping at Why 2 or 3. Or switch to Fishbone (Ishikawa) with 6 categories. Both generate a complete structured RCA report.

⚖️

Change Request — 6-factor risk scoring

Blast radius, complexity, rollback confidence, test coverage, change history and timing — each scored out of 20. Total determines Low / Medium / High / Critical risk band.

🧱

Step builder — implementation and rollback

Build implementation and rollback plans step by step. Each step numbered, removable. A structured list in the ServiceNow CHG record — not a free-text blob.

🛑

Rollback decision framework

Go/No-Go criteria, named decision authority, DBA sign-off and monitoring window — captured and included in the CHG output. The conversation most CABs have verbally but never record.

❄️

Change freeze window detection

Configure freeze dates in Settings. If the planned date falls inside a freeze window, the workspace flags it and prompts for Emergency CHG approval with ECAB reference.

📊 Service Review Reporting

From Data Entry to Board Narrative

Enter data per team. 35 checks run automatically. Probable causes, interpretations and recommended actions surface instantly. Four narrative styles. Decisions required always leads.

⚡

Quick entry mode per team

Six core fields — P1 count, changes total, rollbacks, overdue problems, P1 SLA% and MTTR. Expand to full entry for the complete data set.

🔍

35-check pattern engine

Incident trends, change quality, problem management, SLA trajectory, systemic patterns and YoY comparison — all checked automatically. Probable cause and recommended action per finding.

⚡

Decisions required — always leads

Every narrative style leads with the decisions required section — naming teams, stating what the board needs to decide and by when.

✂️

Sectioned narrative export

Copy individual sections — Decisions Required, RED analysis, pattern findings, trends, forward look. Or copy as Markdown for slides or a Word document.

🎨

Four narrative styles

Governance Committee, Board/Exec, Ops Team and Quick Briefing. Switch without re-entering data.

📊

Incidents by service / component

The period history tab clusters all saved incidents by service name. Click a service to expand its incident history. Bar charts show relative incident volume — identify repeat offenders immediately.

🔌 Integration Hub

Live Data — No Manual Entry Required

Receive webhook payloads from 9 monitoring platforms. A full JS API lets you pre-populate every field from your own tooling. Engineers review and confirm.

📡

9 webhook platforms

Dynatrace, Datadog, PagerDuty, Grafana, New Relic, Prometheus, Opsgenie, VictorOps and generic JSON. Paste a payload and the tool maps severity, service, description and detection time automatically.

⚙️

JS API — window.ITSMTool

A full public API lets your tooling call directly into the tool. window.ITSMTool.loadWebhookPayload() pre-populates any field. Integrate with your ChatOps bot or automation layer.

🗺

Severity mapping — configurable

Configure how Dynatrace AVAILABILITY or Datadog P1 maps to your P1-P4 scale in Settings. Persists across sessions and applies to every payload received.

🔍

Human review gate — DORA Article 17

Automation populates the fields. The engineer reviews and confirms. No automated triage fires without human oversight. Satisfies DORA Article 17 requirements.

🔗

Runbook URL field

Capture the runbook URL in observability context. Flows into all outputs and handoffs. The on-call engineer always has the runbook immediately.

🛡

CVE tracking — DORA Article 9

CVE ID format validation, CVSS score and automatic severity assignment. Satisfies DORA Article 9 ICT risk management requirements for critical vulnerability tracking.

🔒 Data and Regulatory Guidance

What to Enter. What Not To.

Incident records are operational records, not customer records. GDPR Article 5(1)(c) data minimisation applies at every stage. Regulatory guidance updates automatically from GitHub — guidance text only, no user data ever transmitted.

✅

Use — operational identifiers

Case reference (CRM CAS-99887), customer segment, channel, number affected (~340 customers), service/feature name, internal system identifier. All legally safe for incident records.

❌

Do not enter — personal data

Customer names, email addresses, account numbers, payment card data, dates of birth, NI numbers, home addresses. None of these belong in an incident record.

🔔

ICO 72-hour notification window

Data breach scenarios surface an ICO notification prompt with a countdown. Prompts for DPO and Legal engagement. FCA SUP 15 assessment checklist included.

💳

PCI DSS card data warnings

If the incident involves payment card systems, PCI DSS field warnings appear. The tool prompts truncation and masking at point of entry.

📋

FCA SUP 15 operational resilience

Regulatory notification prompts for significant operational incidents. Impact assessment guidance and escalation chain prompts aligned to FCA requirements.

🏦

DORA and BCBS 239

DORA Articles 9 and 17 referenced throughout. BCBS 239 data governance principles referenced in problem record and root cause sections.

🔄

Self-updating regulatory guidance

Regulatory and ITIL content updates automatically in the background. FCA/DORA/GDPR guidance text, platform field notes and ITIL definitions are maintained in a separate JSON file on GitHub — updated when regulations change without touching the tool. Manual 'Check for updates' button available. Organisations host their own content source for jurisdiction-specific guidance. Full offline fallback always active.

🎓 Training and Practice

7 Scenarios. Every Workflow.

Fictional scenarios pre-fill the form. Work through all stages as normal. Nothing is sent anywhere. Ideal for new practitioners, team training and exploring features.

💳

Payment Gateway P1

45,000 users, card payments down, bridge pack needed in 90 seconds. The classic P1 Fast Track scenario. Full 7-stage workflow including major incident, RCA and change request.

🔐

Authentication P2

Intermittent login failures via Okta SSO. Pattern detection fires. Third-party supplier dependency and workaround documentation. Pick Up Incident handoff scenario.

🔄

Failed Deployment — Irreversible Migration

Rollback blocked by a NOT NULL database migration already applied to production. The scenario most engineers mishandle — rollback is not always available.

🗄

Database Replication Lag

Replication lag making reporting data 4 hours stale. No direct customer impact yet — but regulatory reporting deadline at risk.

🛡

Emergency Security Patch — CVE-2024-44000

CVSS 9.8 remote code execution vulnerability. Emergency Change Request workflow: ECAB approval, rollback decision tree, CVE field and risk scoring.

🔴

Customer PII Exposure

Database backup in a public S3 bucket for 72 hours. 12,000 customer records. ICO 72-hour notification window active. FCA SUP 15 assessment.

📊

Service Review — Pattern Analysis

Navigate to the Reporting workspace. Pre-populated with fictional team data. Explore the 35-check pattern engine and executive narrative.

🧭

10-Step Onboarding Tour

Covers every v25 feature: Change Request, Glossary, dark mode, keyboard shortcuts, pattern analysis, SLA pause, field label overrides, routing suggestions, and new features including decision log, TOC panel, SLA health bar, sanitise export and service cluster view. Step 4 introduces the 📋 Reg button and the weekly regulatory monitor.

🔄 Standalone Change Request

Change Request — Without an Incident

Raise a Change Request independently of the incident workflow. ITIL definitions shown by default. Every field can be overridden to reflect how your organisation actually works.

⚡

Emergency CHG — ECAB workflow

Selecting Emergency surfaces the ECAB panel — approval reference number, justification, named approver and approval timestamp. All flow into the CHG output.

🛑

Rollback decision framework

Go/No-Go criteria, named decision authority, DBA sign-off and monitoring window — captured and included in the ServiceNow CHG output. Formally recorded.

⚖️

Six-factor risk scoring

Blast radius, complexity, rollback confidence, test coverage, change history and timing each scored out of 20. Determines Low / Medium / High / Critical risk band.

🧱

Step builder — implementation and rollback

Add implementation and rollback steps one at a time. Numbered, removable. A structured list in the CHG output — not a free-text field.

📋

PIR — mandatory for Emergency

Post-Implementation Review defaults to mandatory for Emergency changes. PIR scheduled date, owner and status flow into the CHG output.

❄️

Change freeze window detection

If the planned implementation date falls within a freeze window, the workspace flags it immediately and switches to Emergency type.

📖 Glossary and Reference

Glossary and Acronym Reference

130+ terms across multiple tabs. The duplicate acronym problem handled explicitly. Your organisation's own terms added, stored and exportable.

📚

ITSM and ITIL 4 terms

CI, CMDB, SLA, OLA, UC, CAB, ECAB, KE, KEDB, P1-P4, MIM, PIR, RCA, RTO, RPO, MTTR, MTBF, MTTA and more. Definitions written for practitioners, not textbooks.

🏦

Regulatory terms

FCA, PRA, DORA Articles 9 and 17, ICO, GDPR, PCI DSS, BCBS 239, SUP 15, operational resilience — defined with context for financial services technology teams.

🔧

Platform field names

ServiceNow incident and problem field API names. Jira issue types. Grafana, Dynatrace and Datadog terminology aligned to ITIL concepts.

🔄

Duplicate handling

DORA, CI, MTTR, SRE and others have different meanings across disciplines. All definitions shown with context labels — no ambiguity in high-pressure situations.

🏢

Add your organisation's terms

Add bespoke acronyms, internal system names and team-specific terminology. Stored in browser localStorage. Export as JSON or CSV.

🔍

SRE and DevOps terms

SLO, SLI, error budget, toil, blameless postmortem, chaos engineering, canary deployment, blue/green deployment, circuit breaker — defined in the context of incident management.

🧠 Intelligence & Audit Trail

Built for Real Incidents Under Pressure

Every decision logged, every action tracked. Features that reduce cognitive load, improve traceability and make the incident record accurate — without slowing you down.

📝

Decision Log

Stage 2 card captures timestamped decisions as they happen during the incident — who decided, what was decided and why. Feeds directly into the PIR and incident timeline. The conversation that usually only exists in chat history is now formally recorded.

✅

Auto-Checklist Progress

A live progress bar and percentage counter tracks completion of the Post-Incident Action Checklist in real time. At a glance you know what is done, what is outstanding and how far through the close-out process you are.

🟢

SLA Health Bar

A visual Green → Amber → Red bar sits inside the SLA clock widget and updates continuously. Green above 50% remaining, Amber between 20–50%, Red below 20%. Paired with the mm:ss countdown for immediate situational awareness.

🔒

Sanitise Export

Stage 7 toggle that replaces sensitive field values with [REDACTED] before export. Share incident outputs with external parties, auditors or vendors without manually scrubbing each field. Original data remains intact in the session.

⚠️

Backup Nudge

An amber warning banner appears if session data exceeds 200 KB, prompting you to export before the browser session is lost. Prevents data loss on long-running major incidents where localStorage approaches its limit.

📊

Service Cluster View

The Reporting period history tab groups all saved incidents by service name and component. Bar charts show relative incident volume per service. Click any service to expand its full incident history — identify repeat offenders and systemic patterns immediately.

🤖

Pre-flight Review Agent

Before generating outputs, a rules-based AI agent reviews your incident data — blocking issues, regulatory flags, severity mismatches, incomplete fields. Each finding is dismissable. Human in the loop — you confirm before outputs are generated.

🤖 Agentic Intelligence

Human in the Loop — AI That Earns Trust

The tool's intelligence is rules-based and deterministic — not a black box. Every finding can be explained, dismissed or overridden. In FCA/DORA regulated environments, this is more appropriate than generative AI.

🤖

Pre-flight Review Agent

Before output generation, a rules-based agent analyses your incident data and surfaces findings — blocking issues, warnings, information flags and confirmations. A data completeness score (0–100%) shows how much is present. Every finding is dismissable. You confirm before outputs are generated.

📊

Output Confidence Scoring

After generating, each output gets a hover-able readiness chip — for example "82% ServiceNow". Hover to see the specific gaps that reduced the score: missing fields, short descriptions, unresolved flags. Helps prioritise what to complete before pasting.

⬛

War Room Pulse

A fixed live cockpit panel accessible from the ⬛ Pulse button in the nav. Shows in real time: severity, elapsed time, SLA remaining, last comms sent, next update due, open decisions, MIM name and bridge link. Everything visible at once during a major incident.

⚡

After-Action Capture

A 5-question guided modal fires when the resolution timestamp is set. Research shows retention drops 70% after 2 hours — this captures what matters while the incident is still fresh. Answers feed directly into the PIR and handover pack.

🔍

Pattern Detection

As the service name is typed in Stage 1, the tool scans localStorage sessions for matching service names. If previous incidents are found, an inline hint surfaces: "⚠ Pattern detected: 2 previous incidents for this service". Recurring issues are visible before the investigation begins.

🚨

Escalation Sequencer

For P1/P2 incidents with an org profile populated, Stage 2 shows a numbered action card: "Right now — in this order: 1. Engage MIM, 2. Primary escalation, 3. Open bridge call..." Eliminates the cognitive overhead of knowing what to do first under pressure.

📋

Content layer — always current

The 📋 Reg nav button provides instant access to guidance status. A notification dot activates when the weekly monitor detects a regulatory change. Regulatory guidance, ITIL definitions and platform notes live in a separate JSON. Updated on GitHub when FCA, EBA, ICO or AXELOS publish changes. Tool fetches silently on load. No user data transmitted. Manual trigger and org-hosted source both supported.