Incident Management Process Post-Mortem
Once an incident has concluded the manager(s) must put together a post-mortem of the incident. This document should be emailed to all of the participants and observers. A meeting should be called to discuss the post-mortem with the necessary parties once everyone has had a chance to catch their breath.
The discussion of the post-mortem should (in most cases) result in changes to existing processes so as to prevent future occurrences of this type of incident and / or improve the handling of future incidents. This means, that whenever possible the Post-Mortem should result in changes to the Incident Management Process and / or the Incident Prevention Processes.
The post-mortem must include the following sections:
- A description of what the problem was, and when the incident began and ended.
- Who actively participated in addressing this issue.
- Specifically call out who the Manager was and who was acting as a SME.
- What actions, or failures resulted in this incident coming to pass?
- What steps were taking during the handling of this incident?
- What did each of the participants do?
- Call out anything notable that an individual did / discovered (positive or negative).
- Note how the source of the problem was ultimately discovered.
- How was the problem ultimately resolved?
- What can we do to prevent this incident from happening again, or to minimize the possibility of its reoccurrence?
- Handling Lessons
- What could we have done better in the handling of this incident?
- What mistakes were made in the management of this incident?
- What steps can be taken to address the shortcomings of the handling of this incident?
- What steps can be taken to prevent the mistakes that were made, or minimize the possibility of their reoccurrence?