Postmortem
Incident Postmortem / Post-Incident Review
A postmortem (or post-incident review) is a structured analysis conducted after an incident is resolved, aimed at understanding what happened and preventing recurrence.
Postmortem vs RCA
These terms are often used interchangeably, but there's a subtle difference: - RCA focuses on finding root causes - Postmortem is the broader process including communication, action items, and organizational learning
Blameless Postmortems
The most effective postmortems are blameless: - No finger-pointing at individuals - Focus on systems, processes, and contributing factors - Create psychological safety for honest discussion - Assume everyone acted with best intentions given available information
Postmortem Structure
1. Summary - What happened? Impact? Duration?
2. Timeline - Chronological sequence of events
3. Root Cause Analysis - Why did this happen? (Five Whys, etc.)
4. What Went Well - What worked during response?
5. What Could Be Improved - Where did we struggle?
6. Action Items - Specific, assigned, deadlined improvements
7. Lessons Learned - Key takeaways for the organization
Common Postmortem Mistakes
- Skipping them when "too busy" → guaranteed repeat incidents - Blame and punishment → people hide information - No action items → same issues recur - Not sharing → other teams don't learn