Skip to Content
Incident Management for Operations
book

Incident Management for Operations

by Rob Schnepp, Ron Vidal, Chris Hawley
July 2017
Intermediate to advanced
171 pages
4h 23m
English
O'Reilly Media, Inc.
Content preview from Incident Management for Operations

Chapter 6. After Action Review (AAR)

Simply put, after the incident is resolved, there are two key areas to evaluate: 1) what broke? and 2) how did the people respond to what broke? To that end, instituting a comprehensive incident review process is a critical step in maximizing future uptime. Without doubt, identifying the cause(s) and or contributing factors of a technology failure are important, as the technology failure provides an opportunity to learn about the operating environment, make improvements, and fine-tune the IRT response mechanism to minimize future IT downtime. More importantly, establishing a positive culture around an honest and in-depth evaluation of the human part of the incident response is critical to improving how the people will engage and perform on future incidents.

Note

Don’t let a good crisis go to waste! Learn from it to be better the next time. It’s all about getting better—not finding blame.

The Name Is Important

There are some in the IT industry who refer to the incident review process as a post mortem. This term was associated with incident reviews because just as a post mortem searches for the cause of a person’s death, the incident review searches for the cause of the technology’s failure. In our opinion, post mortem is not the best term to use for evaluating an incident response or trying to determine the cause of an IT problem. For starters, when evaluating the performance of people, let’s avoid using words typically associated with death! ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

AirBnbBlueOriginElectronic ArtsHomeDepotNasdaqRakutenTata Consultancy Services

QuotationMarkO’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.
Julian F.
Head of Cybersecurity
QuotationMarkI wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.
Addison B.
Field Engineer
QuotationMarkI’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.
Amir M.
Data Platform Tech Lead
QuotationMarkI'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Mark W.
Embedded Software Engineer

You might also like

Asset Attack Vectors: Building Effective Vulnerability Management Strategies to Protect Organizations

Asset Attack Vectors: Building Effective Vulnerability Management Strategies to Protect Organizations

Morey J. Haber, Brad Hibbert
Incident Response

Incident Response

Kenneth R. van Wyk, Richard Forno

Publisher Resources

ISBN: 9781491917619Errata Page