Severity Levels
Incident Severity Levels / SEV Levels
Severity levels are a classification system for prioritizing incidents based on their impact. They determine response urgency, escalation paths, and communication requirements.
Common Severity Scale
SEV1 / Critical: - Complete service outage - All or most users affected - Revenue/reputation impact - Response: All hands on deck, executive notification
SEV2 / High: - Major functionality impaired - Large subset of users affected - Response: Immediate, primary on-call team
SEV3 / Medium: - Partial functionality impaired - Limited user impact - Response: Same day, during business hours OK
SEV4 / Low: - Minor issue, workaround exists - Minimal user impact - Response: Addressed in normal sprint work
Why Severity Levels Matter
Without classification: - Everything feels equally urgent - Teams can't prioritize - Response processes don't scale - Communication is inconsistent
Defining Your Severity Levels
Consider these factors: - User impact: How many? How severely? - Revenue impact: Direct financial loss? - Reputation impact: Public-facing issue? - Data impact: Security or data loss? - Duration: How long until it's critical?
Severity Best Practices
1. Define clearly - Written criteria, not gut feeling 2. Empower responders - On-call can declare severity 3. Allow re-classification - Severity can change during incident 4. Match response to severity - SEV1 ≠ same response as SEV4 5. Review classifications - Postmortems should validate severity