incidentoperationsreliability

Incident Postmortem (Blameless, Action-Oriented)

This prompt creates effective incident postmortems that focus on system improvements rather than individual fault. It establishes clear timelines, identifies root causes through 5-whys analysis, and generates concrete action items with owners and deadlines.

GPT / Claude / Gemini4 variables
Prompt
Write a blameless postmortem for {INCIDENT}.

Input:
- Incident: {INCIDENT}
- Date/time: {DATETIME}
- Duration: {DURATION}
- Impact: {IMPACT}

Rules:
- Use blameless language (no individual blame)
- Include precise timeline with UTC timestamps
- Use 5-whys to find root cause
- Make action items specific with owners
- Focus on system and process improvements

Output format:

INCIDENT SUMMARY
What happened: [1-2 sentences]
Severity: [SEV-1/2/3]
Duration: [detection to resolution]
Impact: [users/revenue/data affected]

TIMELINE (all times UTC)
HH:MM - [event]
HH:MM - [event]
HH:MM - [resolution]

ROOT CAUSE ANALYSIS
Immediate cause: [what broke]
Why? [first why]
Why? [second why]
Why? [continue to root]
Root cause: [systemic issue]

CONTRIBUTING FACTORS
- Factor 1: [what made it worse]
- Factor 2: [what delayed detection]

WHAT WENT WELL
- [positive aspects of response]

WHAT WENT POORLY
- [areas needing improvement]

ACTION ITEMS
1. [Specific action] - Owner: [name] - Due: [date]
2. [Specific action] - Owner: [name] - Due: [date]
3. [Specific action] - Owner: [name] - Due: [date]

LESSONS LEARNED
- [Broader takeaway for organization]
- [Process or system insight]

Incident: {INCIDENT}
Date/time: {DATETIME}
Duration: {DURATION}
Impact: {IMPACT}
Quick brief
Purpose

Document incidents in a way that improves systems without blaming people.

Expected output

A complete postmortem containing: incident summary with severity and impact, detailed timeline of detection and response, root cause analysis with contributing factors, what went well and what went poorly, 3-7 specific action items with owners and deadlines, and lessons learned for broader application.

Customize before copying

Replace these placeholders with your own context before you run the prompt.

{INCIDENT}{DATETIME}{DURATION}{IMPACT}
Works well with
GPT
Claude
Gemini
Variations
Add customer communication section.
Include metrics and monitoring graphs.
Make it security-incident focused (threat analysis).
Add cost analysis section for financial impact.
What this prompt helps you do
This prompt creates effective incident postmortems that focus on system improvements rather than individual fault. It establishes clear timelines, identifies root causes through 5-whys analysis, and generates concrete action items with owners and deadlines.
When to use it
Use after production incidents, security breaches, customer-impacting outages, or any significant operational failure. Essential for building organizational learning and preventing recurrence.
How it works
The prompt structures postmortems with: incident summary and impact, detailed timeline of events, root cause analysis, contributing factors, action items with owners, and lessons learned. It maintains blameless language and focuses on process and system improvements.
Best practices
Write postmortems within 48 hours while details are fresh. Include timeline in UTC with precise timestamps. Use 5-whys to find root causes, not just symptoms. Assign specific owners to action items. Set realistic deadlines. Share widely for organizational learning.
Common mistakes
Blaming individuals instead of examining systems. Stopping at surface-level causes. Writing vague action items without owners. Making postmortems feel like punishment. Not following up on action items. Treating postmortems as administrative burden instead of learning opportunity.
What you should expect back
A complete postmortem containing: incident summary with severity and impact, detailed timeline of detection and response, root cause analysis with contributing factors, what went well and what went poorly, 3-7 specific action items with owners and deadlines, and lessons learned for broader application.
Limitations
Can't prevent all future incidents. Requires psychological safety to be effective. Works best with accurate incident data. May need technical expertise to identify true root causes. Can't replace real-time incident response processes.
Model notes
Compatible with all major models. Claude maintains appropriate blameless tone. GPT creates clear timeline structures. Gemini sometimes suggests preventive measures. Works for technical and non-technical incidents.
Real-world applications
Engineering teams use this for production outages. Security teams use it for breach analysis. Operations teams use it for process failures. Customer support teams use it for major customer issues. Healthcare teams use it for patient safety events.
How to tell if it worked
Successful postmortems mean action items get completed, similar incidents decrease over time, team feels psychologically safe reporting issues, and organizational learning occurs. If incidents repeat without improvement, postmortems aren't working.
Where to go next
Use Root Cause Analysis for deeper investigation. Pair with Project Retrospective for longer-term learnings. Follow with Process Documentation for updated runbooks.
Related prompts
Crisis Response Plan (Prepared, Not Panicked)
Prepare for potential crises so teams can respond quickly and effectively when they happen.
Explore more
Browse all promptsBrowse tagsMore in incidentMore in operationsMore in reliability