Postmortem
Purpose
Section titled “Purpose”This playbook defines how Forward Deployment teams learn from incidents without turning postmortems into blame or paperwork.
When Required
Section titled “When Required”A postmortem is required for:
- SEV1 incidents.
- SEV2 incidents with client impact.
- Repeated SEV3 incidents.
- Any incident involving data integrity, auth, security, or significant AI output risk.
The Incident Commander owns the postmortem unless another owner is assigned.
Deadline
Section titled “Deadline”Draft within 3 business days of incident resolution.
Required Sections
Section titled “Required Sections”Summary
Section titled “Summary”What happened in 3-5 sentences.
Impact
Section titled “Impact”- Affected users or workflows.
- Duration.
- Business impact.
- Client impact.
Timeline
Section titled “Timeline”List key timestamps and actions.
Root Cause
Section titled “Root Cause”Describe the technical and process causes.
Do not stop at “human error.” If a human mistake caused impact, explain what system allowed the mistake to reach production.
What Went Well
Section titled “What Went Well”Capture useful behaviors or tooling.
What Went Poorly
Section titled “What Went Poorly”Capture gaps in readiness, monitoring, testing, communication, or ownership.
Follow-Up Actions
Section titled “Follow-Up Actions”Every action needs:
- Owner.
- Due date.
- Priority.
- Link to Notion task.
Standard
Section titled “Standard”A postmortem is complete only when follow-up actions exist in Notion.
Do not let postmortems become long essays. Keep them useful and action-oriented.