Skip to main content

Postmortem Template

Purpose

Use this template after SEV-1 and SEV-2 incidents, and for any incident involving payments, wallet integrity, student data, RBAC, tenant isolation, or prolonged outage.

Incident Summary

FieldValue
Incident IDTBD
TitleTBD
SeverityTBD
Start timeTBD
End timeTBD
DurationTBD
Incident commanderTBD
Services affectedTBD
User impactTBD
Financial impactTBD
Data exposure riskTBD

Timeline

TimeEventOwner
TBDIncident detectedTBD
TBDTriage startedTBD
TBDMitigation appliedTBD
TBDService recoveredTBD
TBDIncident closedTBD

Root Cause

Document the confirmed root cause. Avoid blame. Focus on system behavior, process gaps, detection gaps, and prevention.

What Went Well

  • TBD

What Did Not Go Well

  • TBD

Corrective Actions

ActionOwnerDue DateStatus
TBDTBDTBDOpen

Evidence

EvidenceLink / Location
LogsTBD
ScreenshotsTBD
Sentry issueTBD
Deployment recordTBD
Support ticketTBD

Closure Rule

The postmortem is not complete until corrective actions have owners and due dates.