Incident Postmortem (Blameless, Action-Oriented)
Document incidents in a way that improves systems without blaming people.
Prompt
Write a blameless postmortem for {INCIDENT}.
Input:
- Incident: {INCIDENT}
- Date/time: {DATETIME}
- Duration: {DURATION}
- Impact: {IMPACT}
Rules:
- Use blameless language (no individual blame)
- Include precise timeline with UTC timestamps
- Use 5-whys to find root cause
- Make action items specific with owners
- Focus on system and process improvements
Output format:
INCIDENT SUMMARY
What happened: [1-2 sentences]
Severity: [SEV-1/2/3]
Duration: [detection to resolution]
Impact: [users/revenue/data affected]
TIMELINE (all times UTC)
HH:MM - [event]
HH:MM - [event]
HH:MM - [resolution]
ROOT CAUSE ANALYSIS
Immediate cause: [what broke]
Why? [first why]
Why? [second why]
Why? [continue to root]
Root cause: [systemic issue]
CONTRIBUTING FACTORS
- Factor 1: [what made it worse]
- Factor 2: [what delayed detection]
WHAT WENT WELL
- [positive aspects of response]
WHAT WENT POORLY
- [areas needing improvement]
ACTION ITEMS
1. [Specific action] - Owner: [name] - Due: [date]
2. [Specific action] - Owner: [name] - Due: [date]
3. [Specific action] - Owner: [name] - Due: [date]
LESSONS LEARNED
- [Broader takeaway for organization]
- [Process or system insight]
Incident: {INCIDENT}
Date/time: {DATETIME}
Duration: {DURATION}
Impact: {IMPACT}Variations
• Add customer communication section.
• Include metrics and monitoring graphs.
• Make it security-incident focused (threat analysis).
• Add cost analysis section for financial impact.
Works well with
• GPT
• Claude
• Gemini