Postmortem Template Generator

Use the "5 Whys" technique. Don't stop at "the config was wrong." Ask why it was wrong, why it wasn't caught, why there was no safeguard. Get to the systemic issue.

Specific, assignable, and measurable. Bad: "Improve monitoring." Good: "Add alert for error rate > 1% on /api/payments endpoint — owner: @alice, deadline: Jan 30."

Use UTC timestamps. Include: first customer impact, detection, first responder joined, key investigation steps, mitigation applied, full resolution, all-clear declared.

Document what you know and what you investigated. Create an action item to continue the investigation. It's better to publish an incomplete postmortem than none at all.

Include: number of users affected, duration, revenue impact (use the Downtime Cost Calculator), SLA impact, and any data loss or corruption.

It means assuming everyone acted with the best intentions given what they knew at the time. Focus on how the system allowed the error, not who made it.

Show that postmortems reduce repeat incidents. Track metrics: action item completion rate, time between similar incidents, MTTR improvement. Quantify the ROI.

The action items from previous postmortems aren't being completed. Track and prioritize them. Escalate to leadership if reliability work keeps getting deprioritized.

Internal publication is essential. External publication (status page) is great for building trust. Companies like Google, Cloudflare, and GitHub publish detailed public postmortems.

Warden provides precise incident timelines with 30-second granularity. Know exactly when the issue started, when it was detected, and when it was resolved — no guessing.