Close
Deze pagina in jouw taal bekijken?
Alle talen
Kies je taal
Producten
Voor teams
Ondersteuning
Nu proberen
Nu kopen
Search Toggle menu
Close search

Uitgelicht

Jira Software

Projecten en issues traceren

Confluence

Contentsamenwerking

Jira Service Management

Razendsnel ITSM

Trello

Visueel projectmanagement

Alle producten weergeven

Nieuwe producten van Point A

Innovaties van Atlassian

Alles weergeven

Atlas

Teamworkmap

Compass

Ervaringsplatform voor ontwikkelaars

Marketplace

Koppel duizenden apps voor al je Atlassian-producten

Close dropdown

Per teamomvang

Startende bedrijven

Ideaal voor startende bedrijven; van kinderschoenen tot beursgang

Kleine onderneming

Werk met de juiste tools voor je groeiende bedrijf

Enterprise

Leer hoe we grote teams succesvol maken

Per teamfunctie

Software

Plan, bouw en lever kwaliteitsproducten

Marketing

Creëer een winnende strategie

HR

Stroomlijn people management

Juridische afdeling

Werk veilig en betrouwbaar

Government

Efficient, secure, mission focused

Operations

Beheer je bedrijf op efficiënte wijze

IT

Verleen geweldige service en ondersteuning

Finance

Vereenvoudig alle financiële processen

Incident response

Reageren op incidenten, deze oplossen en hiervan leren

Alle producten weergeven
Close dropdown

Bronnen

Documentatie

Handleidingen voor al onze producten

Atlassian Migration Program

Tools en hulp bij migratie

Cloud-roadmap

Geplande functiereleases

Aanschaf en licenties

Veelgestelde vragen over ons beleid

Supportservices

Bedrijfsservices

Persoonlijke ondersteuning voor grote teams

Partnersupport

Vertrouwde externe consultants

Atlassian-ondersteuning

Een resourcehub voor teams en beheerders

Leren en verbinden

Over ons

Onze missie en geschiedenis

Vacatures

Vacatures, waarden en meer

Atlassian University

Trainingen en certificeringen voor alle niveaus

Atlassian Community

Een forum om contacten te leggen, te delen en te leren

Close dropdown

Neem een duik in Jira Service Management en andere krachtige tools bij Atlassian presenteert: Razendsnel ITSM.

Meld je gratis aan

Incidentmanagement voor razendsnelle teams

Probeer het gratis
Meer informatie
Browse topics

Reageren

Communicatie over incidenten
Back
Overview
Sjablonen
Werkplaats
Incidentresponse
Back
Overview
Aanbevolen werkwijzen
Incidentcommandant
Luchtvaart
Rollen en verantwoordelijkheden
Levenscyclus
Playbook
opafroep
Back
Overview
Op afroep-roosters
Op afroep-betaling
Waarschuwingsmoeheid
Improving on call
IT-waarschuwingen
Escalation policies

Oplossen

tools
KPI's
Back
Overview
Veelvoorkomende statistieken
Severity levels
Cost of downtime
SLA vs. SLO vs. SLI
Foutenbudget
DevOps
Back
Overview
SRE
You built it, you run it
Probleembeheer vs. incidentmanagement
ChatOps
ITSM
Back
Overview
Grootschalig incidentmanagement
IT-incidentmanagement
Modern incidentmanagement voor IT-ops
Plannen voor disaster recovery voor IT-ops en DevOps-professionals
Best practices voor bugtracering

Learn

Postmortem
Back
Overview
Template
Blameless
Reports
Meeting
Timelines
5 whys
Public vs private

More resources

Tutorials
Back
Overview
Incident communication
On call schedule
Automating customer notifications
Handboek
Back
Overview
Incident response
Postmortems
Template generator
WOORDENLIJST
Back
Overview
Status van incidentmanagement 2020
Status van incidentmanagement 2021

Incident Postmortem Template

Clear documentation is key to an effective incident postmortem process. Many teams use a comprehensive template to collect consistent details during each postmortem review.


Below is an example of an incident postmortem template, based on the postmortem outlined in our Incident Handbook. You can cut and paste these for documenting your own postmortems.

Incident summary

Write a summary of the incident in a few sentences. Include what happened, why, the severity of the incident and how long the impact lasted.

EXAMPLE:

Between the hour of

The event was triggered by a at

The contained .

A bug in this code caused .

The event was detected by . The team started working on the event by .

This incident affected of users.

There was further impact as noted by were raised in relation to this incident.

Leadup

Describe the sequence of events that led to the incident, for example, previous changes that introduced bugs that had not yet been detected.

EXAMPLE:

At <16:00> on , (), a change was introduced to in order to < THE CHANGES THAT LED TO THE INCIDENT>.

This change resulted in .

Fault

Describe how the change that was implemented didn't work as expected. If available, attach screenshots of relevant data visualizations that illustrate the fault.

EXAMPLE:

responses were sent in error to of requests. This went on for

Impact

Describe how the incident impacted internal and external users during the incident. Include how many support cases were raised.

EXAMPLE:

For between on ,

our users experienced this incident.

This incident affected customers (X% OF USERS), who experienced .

were submitted.

Detection

When did the team detect the incident? How did they know it was happening? How could we improve time-to-detection? Consider: How would we have cut that time by half?

EXAMPLE:

This incident was detected when the was triggered and were paged.

Next, was paged, because didn't own the service writing to the disk, delaying the response by .

will be set up by so that .

Response

Who responded to the incident? When did they respond, and what did they do? Note any delays or obstacles to responding.

EXAMPLE:

After receiving a page at , came online at in .

This engineer did not have a background in the so a second alert was sent at to into the who came into the room at .

Recovery

Describe how the service was restored and the incident was deemed over. Detail how the service was successfully restored and you knew how what steps you needed to take to recovery.

Depending on the scenario, consider these questions: How could you improve time to mitigation? How could you have cut that time by half?

EXAMPLE:

We used a three-pronged approach to the recovery of the system:

Example: By Increasing the size of the BuildEng EC3 ASG to increase the number of nodes available to support the workload and reduce the likelihood of scheduling on oversubscribed nodes

  • Disabled the Escalator autoscaler to prevent the cluster from aggressively scaling-down
  • Reverting the Build Engineering scheduler to the previous version.

Timeline

Detail the incident timeline. We recommend using UTC to standardize for timezones.

Include any notable lead-up events, any starts of activity, the first known impact, and escalations. Note any decisions or changed made, and when the incident ended, along with any post-impact events of note.

EXAMPLE:

All times are UTC.

11:48 - K8S 1.9 upgrade of control plane is finished

12:46 - Upgrade to V1.9 completed, including cluster-auto scaler and the BuildEng scheduler instance

14:20 - Build Engineering reports a problem to the KITT Disturbed

14:27 - KITT Disturbed starts investigating failures of a specific EC2 instance (ip-203-153-8-204)

14:42 - KITT Disturbed cordons the node

14:49 - BuildEng reports the problem as affecting more than just one node. 86 instances of the problem show failures are more systemic

15:00 - KITT Disturbed suggests switching to the standard scheduler

15:34 - BuildEng reports 200 pods failed

16:00 - BuildEng kills all failed builds with OutOfCpu reports

16:13 - BuildEng reports the failures are consistently recurring with new builds and were not just transient.

16:30 - KITT recognize the failures as an incident and run it as an incident.

16:36 - KITT disable the Escalator autoscaler to prevent the autoscaler from removing compute to alleviate the problem.

16:40 - KITT confirms ASG is stable, cluster load is normal and customer impact resolved.

TEMPLATE:

XX:XX UTC - INCIDENT ACTIVITY; ACTION TAKEN

XX:XX UTC - INCIDENT ACTIVITY; ACTION TAKEN

XX:XX UTC - INCIDENT ACTIVITY; ACTION TAKEN

Root cause identification: The Five Whys

The Five Whys is a root cause identification technique. Here’s how you can use it:

  • Begin with a description of the impact and ask why it occurred.
  • Note the impact that it had.
  • Ask why this happened, and why it had the resulting impact.
  • Then, continue asking “why” until you arrive at a root cause.

List the "whys" in your postmortem documentation.

EXAMPLE:

  1. The application had an outage because the database was locked
  2. The database locked because there were too many writes to the database
  3. Because we pushed a change to the service and didn’t expect the elevated writes
  4. Because we don't have a development process established for load testing changes
  5. Because we never felt load testing was necessary until we reached this level of scale.

Root cause

Note the final root cause of the incident, the thing identified that needs to change in order to prevent this class of incident from happening again.

EXAMPLE:

A bug in connection pool handling led to leaked connections under failure conditions, combined with lack of visibility into connection state.

Backlog check

Review your engineering backlog to find out if there was any unplanned work there that could have prevented this incident, or at least reduced its impact?

A clear-eyed assessment of the backlog can shed light on past decisions around priority and risk.

EXAMPLE:

No specific items in the backlog that could have improved this service. There is a note about improvements to flow typing, and these were ongoing tasks with workflows in place.

There have been tickets submitted for improving integration tests but so far they haven't been successful.

Recurrence

Now that you know the root cause, can you look back and see any other incidents that could have the same root cause? If yes, note what mitigation was attempted in those incidents and ask why this incident occurred again.

EXAMPLE:

This same root cause resulted in incidents HOT-13432, HOT-14932 and HOT-19452.

Lessons learned

Discuss what went well in the incident response, what could have been improved, and where there are opportunities for improvement.

EXAMPLE:

  • Need a unit test to verify the rate-limiter for work has been properly maintained
  • Bulk operation workloads which are atypical of normal operation should be reviewed
  • Bulk ops should start slowly and monitored, increasing when service metrics appear nominal

Corrective actions

Describe the corrective action ordered to prevent this class of incident in the future. Note who is responsible and when they have to complete the work and where that work is being tracked.

EXAMPLE:

  1. Manual auto-scaling rate limit put in place temporarily to limit failures
  2. Unit test and re-introduction of job rate limiting
  3. Introduction of a secondary mechanism to collect distributed rate information across cluster to guide scaling effects
Tutorial

Learn incident communication with Statuspage

In this tutorial, we’ll show you how to use incident templates to communicate effectively during outages. Adaptable to many types of service interruption.

Read this tutorial
Up next

The importance of an incident postmortem process

An incident postmortem, also known as a post-incident review, is the best way to work through what happened during an incident and capture lessons learned.

Read this article
Hierna
Blameless