Incident response/Lightweight report template

From Wikitech
The lightweight report has been deprecated, please use a full report instead

document status: draft

Summary

Incident metadata (see Incident Scorecard)
Incident ID Lightweight report template Start YYYY-MM-DD hh:mm:ss
Task End YYYY-MM-DD hh:mm:ss
People paged Responder count
Coordinators Affected metrics/SLOs
Impact Who was affected and how? For user-facing outages: Estimate how many queries were lost, which regions were affected, or which types of clients (editors? readers? bots?), etc. Do not assume the reader knows what your service is or who uses it.

Summary of what happened, in one or two paragraphs. Avoid assuming deep knowledge of the systems here, and try to differentiate between proximate causes and root causes.

Documentation:

Link to relevant source code, graphs, or logs

Actionables

Create a list of action items that will help prevent this from happening again as much as possible. Link to or create a Phabricator task for every step.

Add the #Sustainability (Incident Followup) and the #SRE-OnFIRE (Pending Review & Scorecard) Phabricator tag to these tasks.

Scorecard

Incident Engagement ScoreCard
Question Answer

(yes/no)

Notes
People Were the people responding to this incident sufficiently different than the previous five incidents?
Were the people who responded prepared enough to respond effectively
Were fewer than five people paged?
Were pages routed to the correct sub-team(s)?
Were pages routed to online (business hours) engineers? Answer “no” if engineers were paged after business hours.
Process Was the incident status section actively updated during the incident?
Was the public status page updated?
Is there a phabricator task for the incident?
Are the documented action items assigned?
Is this incident sufficiently different from earlier incidents so as not to be a repeat occurrence?
Tooling To the best of your knowledge was the open task queue free of any tasks that would have prevented this incident? Answer “no” if there are

open tasks that would prevent this incident or make mitigation easier if implemented.

Were the people responding able to communicate effectively during the incident with the existing tooling?
Did existing monitoring notify the initial responders?
Were the engineering tools that were to be used during the incident, available and in service?
Were the steps taken to mitigate guided by an existing runbook?
Total score (count of all “yes” answers above)