refactor/incident-response: central incident management procedures #16
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
liangyuanruo
changed the title
liangyuanruo
force-pushed
the
refactor/incident-response
branch
from
4da98e7 to
d086893
Compare
timotheeg
reviewed
Feb 24, 2022
Comment on lines
+45
to
+56
| ## Alerts and priority levels | ||
|
|
||
| Incident priority levels are a measurement of urgency. Typically, this depends on the impact an incident has on the user or damage to the organisation. | ||
|
|
||
| | Priority | Description | Examples | | ||
| |---------- |------------------------------------------------------------------------------------ |----------------------------------------------------------------------------------------------------------------- | | ||
| | P1 | A critical incident with great impact. Requires immediate attention by on-call. | A customer-facing service is down for all customers. Confidentiality or privacy is breached. User data loss. | | ||
| | P2 | A major incident with high impact. Requires immediate attention by on-call. | Customer-facing service is unavailable for a subset of customers. Core functionality is significantly impacted. | | ||
| | P3 | An incident with moderate impact. Does not require immediate attention by on-call. | Minor inconvenience to users, with a reasonable workaround available. Usable performance degradation. | | ||
| | P4 | A minor incident with low impact. Does not require immediate attention by on-call. | UI render bug that does not impede user functionality or cause brand damage. | | ||
| | P5 | Non-incidents, informational only. Does not require any action by on-call. | Used for informational purposes only. | | ||
|
|
Contributor
There was a problem hiding this comment.
Slight nitpick for terminology, for incidents I've seen folks refer to severity rather than priority.
Also just for reference, Zendesk made a distinction for "Confidentiality or privacy is breached" to be in a SEV0 category. That typically activated more folks to handle special communication, possibly perform security audit to identify what exploit was used, and to make a plan for remediations.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #15