Skip to main content

Postmortem

A postmortem is a blameless written review after an incident that documents what happened, its impact, root causes, and concrete actions to prevent recurrence.

A postmortem, also called a post-incident review, is a written analysis produced after a significant incident. It records what happened, the impact on users, the contributing causes, and the concrete actions that will reduce the chance of recurrence.

How It Works

After service is restored, the responders assemble a factual timeline of events: when the problem began, how it was detected, what actions were taken, and when it was resolved. They then analyze contributing factors, looking beyond a single cause to the conditions that allowed the failure, such as gaps in testing, monitoring, or process. The most important output is a list of follow-up actions with owners and deadlines. A defining principle is that postmortems are blameless: they focus on systems and processes rather than punishing individuals, because people act reasonably given the information they had.

Why It Matters

Incidents are expensive lessons; a postmortem ensures the organization actually learns from them. Blamelessness is essential, because fear of blame leads people to hide information, which prevents understanding the true causes. By converting failures into systemic improvements, postmortems make the service progressively more reliable. Sharing them widely also spreads knowledge and builds a culture where reliability is everyone's concern.

Related Terms

A postmortem is the closing step of incident management and feeds improvements that lower mean time to recovery. It draws on data from observability and the experience of on-call responders.