Skip to main content

Incident Management Best Practices

Incident management gives outages a structured response with clear roles, severity levels, and communication so service is restored quickly and consistently. It is essential discipline for high-risk events like migration cutovers.

Organization
PagerDuty
Published
Jan 1, 2021

Best Practice: Incident Management Best Practices

Incident management is the structured process a team uses to respond to outages and degradations: detecting the issue, declaring an incident, assigning clear roles, coordinating the fix, communicating with stakeholders, and resolving and reviewing it. A defined process turns a chaotic outage into an orchestrated response, shortening time to recovery and reducing the chance of mistakes under pressure.

It matters because the cost of an incident is dominated by how long it lasts and how well it is communicated. Clear roles (incident commander, communications lead, subject-matter experts) and predefined severity levels let teams act decisively. This discipline is critical during migrations, where cutovers concentrate risk.

The incident commander coordinates the response and makes decisions, but does not fix the problem personally; that separation keeps a clear head on the overall picture while experts work the technical issue. The communications lead shields responders from stakeholder questions and provides regular, honest updates, even when the update is "no change yet." Severity levels matter because they set expectations: a Sev-1 might require an immediate page, an incident bridge, and executive notification, while a Sev-3 is handled in business hours. Two metrics commonly track the process: mean time to detect (MTTD) and mean time to resolve (MTTR). Reducing both is the practical goal, and a defined process is what makes them improve rather than depending on who happens to be on call.

Step-by-Step Implementation Guidance

  1. Define severity levels with concrete impact criteria and the response each requires.
  2. Establish roles: incident commander to coordinate, communications lead for stakeholders, and responders for the fix.
  3. Create a clear way to declare an incident and a single coordination channel (chat plus bridge).
  4. Use an alerting and on-call tool to page the right people fast.
  5. Keep a running timeline of actions and decisions during the incident.
  6. Communicate status to stakeholders on a regular cadence, even when there is no update.
  7. Declare resolution against clear criteria and schedule a blameless postmortem.

Common Mistakes Teams Make When Ignoring This Practice

  • No incident commander, so responders work at cross purposes.
  • Mixing fixing and communicating in one overloaded person.
  • Undefined severities, so everything is either ignored or treated as a crisis.
  • No timeline, making the postmortem guesswork.
  • Silent responders, leaving stakeholders to speculate.

Tools and Techniques That Support This Practice

  • PagerDuty and Opsgenie for paging and escalation.
  • Incident chatops bots (e.g. incident.io, FireHydrant, Slack workflows).
  • Status pages (Statuspage, Cachet) for external communication.
  • Shared incident docs and timeline templates.

How This Practice Applies to Different Migration Types

  • Cloud Migration: Run cutovers as planned change events with an incident commander and rollback criteria ready.
  • Database Migration: Predefine severity and rollback triggers for replication or data-integrity failures.
  • SaaS Migration: Establish vendor escalation paths before go-live so incidents are not stalled.
  • Codebase Migration: Treat a failed deploy as a declarable incident with clear roles and rollback.

Checklist

  • Severity levels with impact criteria defined
  • Incident commander and comms lead roles set
  • Clear declaration path and coordination channel
  • On-call paging tool integrated
  • Running incident timeline maintained
  • Regular stakeholder updates sent
  • Resolution criteria and postmortem scheduled