Chapter 10. Templates and Guides

The structure of a post-incident review was described in Chapter 9, but here we’ll look more closely at the output the exercise provides, as well as a procedural guide on how to conduct your own.

Sample Guide

This chapter presents a guide to help get you started. A downloadable version is available at

Begin by reflecting on your goals and noting the key metrics of the incident (time to acknowledge, time to recover, severity level, etc.) and the total time of each individual phase (detection, response, remediation).

Post-Incident Review Guide

Establish and Document the Timeline

Document the details of the following in chronological order, noting their impact on restoring service:

  • Date and time of detection

  • Date and time of service restoration

  • Incident number (optional)

  • Who was alerted first?

  • When was the incident acknowledged?

  • Who else was brought in to help, and at what time?

  • Who was the acting Incident Commander? (optional)

  • What tasks were performed, and at what time?

  • Which tasks made a positive impact to restoring service?

  • Which tasks made a negative impact to restoring service?

  • Which tasks made no impact to restoring service?

  • Who executed specific tasks?

  • What conversations were had?

  • What information was shared?

Plot Tasks and Impacts

Identifying the relationships between tasks, automation, and human interactions ...

Get Post-Incident Reviews now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.