Incidents and PostmortemsΒΆ

Record all outages including

  • Which service was disrupted?
  • What else was affected?
  • Who was in charge of the recovery?
  • When was the incident discovered?
  • How and by whom?
  • When has the incident begun?
  • When was the incident mitigated?
  • Who was informed and how?
  • Has this ever happened before?
  • Has sensitive data, such as user data or secrets, been compromised?

Particular importance should be applied to record all steps taken to mitigate the incident. These should include the person, time and specifics of any action taken.

Security breaches and vulnerability exploits may need to be reported to authorities, in particular if sensitive and/or (legally) protected data was (potentially) affected. Users must be informed appropriately, responsibly and quickly.

Finally, decide upon and implement measures to prevent repetitions.