Skip to content

Incident Management

Definition

Incident Management

Severity Levels

Severity Levels

Incident Response

// Incident Response Process

// 1. DETECTION & ALERTING
// Automated monitoring detects issue
// Alert fires → PagerDuty/OpsGenie → On-call paged

// 2. ACKNOWLEDGE
// On-call acknowledges within 5 minutes
// Creates incident channel: #incident-2024-01-15-auth-down
// Posts initial status

// 3. TRIAGE & ASSESS
class IncidentTriage {
    void assess() {
        // What is the impact?
        // - How many users affected?
        // - Which features broken?
        // - Is it getting worse?

        // Assign severity (can upgrade/downgrade later)

        // If SEV1/SEV2: page additional help
    }
}

// 4. ROLES (for SEV1/SEV2)
// Incident Commander (IC): Coordinates response
// Communications Lead: Updates stakeholders
// Subject Matter Experts: Debug and fix

// 5. MITIGATE FIRST, ROOT CAUSE LATER
// Priority: Restore service
// Options:
// - Rollback recent deployment
// - Scale up resources
// - Failover to backup
// - Feature flag off
// - Rate limit / shed load

// 6. COMMUNICATE
// Internal: Status updates every 15-30 min
// External: Status page, support notification
// Template: What, Impact, Status, ETA, Next update

Communication Templates

# Internal Update (Slack/Teams)

## Incident: Auth Service Degraded
**Severity:** SEV2
**Status:** Investigating
**IC:** @jane-smith

**Impact:**
- Login failures for ~30% of users
- API returning 503 errors

**Current Actions:**
- Investigating database connection pool exhaustion
- DBA scaling up connection limits

**Next Update:** 15 minutes

---

# Status Page Update

**[Investigating] Authentication Issues**

We are currently investigating reports of login failures.
Some users may experience difficulty signing in.

Our team is actively working on resolving this issue.
We will provide updates as we learn more.

Posted: 2024-01-15 14:30 UTC

---

# Resolution Update

**[Resolved] Authentication Issues**

The authentication issues have been resolved.
Root cause was database connection exhaustion due to
increased traffic. We've increased connection pool limits
and added additional caching.

All systems are operating normally.

Duration: 45 minutes
Affected: ~30% of login attempts

Postmortem Process

Postmortem Process

On-Call Best Practices

On-Call Best Practices

Tips & Tricks

Incident Management Tips