Skip to content

Postmortem

This playbook defines how Forward Deployment teams learn from incidents without turning postmortems into blame or paperwork.

A postmortem is required for:

  • SEV1 incidents.
  • SEV2 incidents with client impact.
  • Repeated SEV3 incidents.
  • Any incident involving data integrity, auth, security, or significant AI output risk.

The Incident Commander owns the postmortem unless another owner is assigned.

Draft within 3 business days of incident resolution.

What happened in 3-5 sentences.

  • Affected users or workflows.
  • Duration.
  • Business impact.
  • Client impact.

List key timestamps and actions.

Describe the technical and process causes.

Do not stop at “human error.” If a human mistake caused impact, explain what system allowed the mistake to reach production.

Capture useful behaviors or tooling.

Capture gaps in readiness, monitoring, testing, communication, or ownership.

Every action needs:

  • Owner.
  • Due date.
  • Priority.
  • Link to Notion task.

A postmortem is complete only when follow-up actions exist in Notion.

Do not let postmortems become long essays. Keep them useful and action-oriented.