Incident postmortem generator

New postmortem

Incident summary

Capture the essential facts. The title should describe what happened, not who caused it.

Incident title *

Date *

Severity *

What happened *

Possible blame language detected. Focus on systems and processes, not individuals. Describe conditions that allowed the outcome.

Service or system affected

Postmortem author

1 / 6

Incident timeline

Add events in chronological order. Use UTC timestamps. Include detection, escalation, mitigation, and resolution.

2 / 6

Impact

Quantify the impact. Specific numbers are more useful than approximate descriptions. Give ranges if exact figures are unavailable.

Duration

Users or requests affected

Peak error rate

Regions or segments affected

Customer-facing impact

Financial or SLA impact (if applicable)

3 / 6

Root cause analysis

Work through five levels of "why". Each answer should name a system, process, or design condition, not a person. Stop when you reach a cause you can address.

Blameless framing: instead of "the engineer deployed bad code", write "a deployment went out without passing the regression suite". Describe the conditions that allowed the outcome, not who was involved.

Root cause statement

4 / 6

Contributing factors

Select all gap types that contributed. This helps pattern-match across postmortems over time.

Additional context

5 / 6

Action items

Each action item should be specific, owned, and time-bound. Address the root cause and contributing factors. Good action items prevent recurrence.

6 / 6