Overview
Postmortems (Post-Incident Reviews) enable your team to analyze resolved incidents, identify root causes, and create action items to prevent similar incidents in the future. With a blameless approach, rich editing capabilities, and comprehensive tracking, you can build a culture of continuous improvement.Blameless Culture
Focus on processes and systems, not individuals
Timeline Builder
Document key events with precise timestamps
Action Tracking
Create and track action items with assignments
PDF Export
Generate professional reports for stakeholders
Postmortem Workflow
A typical postmortem follows this lifecycle:Viewing Postmortems
The Postmortems page displays all your post-incident reviews:| Column | Description |
|---|---|
| Title | Postmortem name and linked incident count |
| Status | Draft, In Review, or Published |
| Severity | Critical, High, Medium, or Low |
| Owner | Person responsible for the postmortem |
| Created | When the postmortem was created |
| Actions | View, Edit, Delete |
Statistics Cards
The page header shows key metrics:- Total — All postmortems
- Draft — Work in progress
- In Review — Awaiting approval
- Published — Completed and shared
- Open Actions — Pending action items across all postmortems
Creating a Postmortem
Enter Basic Information
- Title — Descriptive name for the postmortem
- Primary Incident — Select the main incident to analyze (optional)
Postmortem Editor
The editor is organized into tabs for different aspects of the postmortem:Overview Tab
Configure basic information and link incidents:- Basic Information
- Impact Period
- Content Sections
Severity — Impact level of the incident
- Critical, High, Medium, Low
- Outage, Degradation, Security, Data Loss
Linked Incidents
Connect EasyAlert incidents to the postmortem:- Click + (Add) in the Linked Incidents card
- Search for incidents by title, number, or description
- Click an incident to link it
- Mark one incident as Primary if multiple are linked
Timeline Tab
Document the sequence of events during the incident:Configure Event
- When — Date and time of the event
- Title — What happened
- Event Type — Detection, Escalation, Mitigation, Resolution, Communication, Decision
- Description — Additional details
- Actor Role — Who was involved (blameless: “On-call Engineer” not “John”)
- Key Moment — Toggle to highlight critical events
Event Types
| Type | Description |
|---|---|
| Detection | When the issue was first noticed |
| Escalation | When additional help was requested |
| Mitigation | Actions taken to reduce impact |
| Resolution | Steps that fixed the issue |
| Communication | Updates sent to stakeholders |
| Decision | Key decisions made during response |
Key moments are highlighted in the timeline and emphasized in PDF exports.
Analysis Tab
Identify and document root causes:Root Cause Categories
| Category | Examples |
|---|---|
| Technical | Bug, configuration error, capacity issue |
| Process | Missing runbook, unclear ownership, deployment issue |
| Human | Miscommunication, oversight, training gap |
| External | Third-party outage, network issues, vendor problem |
Focus on systemic issues rather than individual mistakes. Ask “Why did the system allow this?” not “Who made this mistake?”
Learnings Tab
Document what worked well and what needs improvement:What Went Well
Capture positive aspects of the incident response:- Quick detection
- Effective communication
- Good collaboration
- Useful runbooks
- Title — What went well
- Details — Description (supports longer text)
What Didn’t Go Well
Identify areas for improvement:- Slow detection
- Missing documentation
- Communication gaps
- Tooling issues
- Title — What didn’t go well
- How can we improve? — Suggested improvement (supports longer text)
Lessons Learned
Key takeaways from the incident:- Click Add Lesson to create entries
- Focus on actionable insights
- These appear prominently in the published view
Actions Tab
Create tasks to prevent similar incidents:Configure Details
- Title — What needs to be done
- Description — Additional context
- Priority — Critical, High, Medium, Low
- Category — Process, Tooling, Monitoring, Documentation, Training
- Assignee — Person responsible
- Due Date — Target completion date (with calendar picker)
Action Item Status
| Status | Description |
|---|---|
| Open | Not started |
| In Progress | Currently being worked on |
| Completed | Finished |
| Won’t Fix | Decided not to implement |
Team Tab
Add contributors who participated in the postmortem:Contributor Roles
| Role | Responsibility |
|---|---|
| Owner | Leads the postmortem, ensures completion |
| Facilitator | Guides the postmortem meeting |
| Scribe | Documents discussions and findings |
| Contributor | Provides input and expertise |
| Reviewer | Reviews before publication |
Postmortem Status
Draft
- Initial state when created
- Full editing capabilities
- Not visible to broader team
- Can be saved incrementally
In Review
- Submitted for approval
- Limited editing
- Reviewers can add comments
- Requires approval to publish
- Click Submit for Review
- Confirm the action
- Status changes to “In Review”
Published
- Finalized and shared
- Read-only (no editing)
- Visible to all team members
- Can be exported as PDF
- Ensure status is “In Review”
- Click Publish
- Confirm the action
- Redirected to view page
Viewing Published Postmortems
The view page presents the postmortem in a professional format:- Header — Title, severity, status, owner
- Overview — Summary and key details
- Timeline — Visual timeline of events
- Root Causes — Categorized causes
- Learnings — What went well/didn’t go well
- Action Items — Status and assignments
- Contributors — Team members involved
PDF Export
Generate a professional PDF document for stakeholders:
The PDF includes:
- Professional header with EasyAlert branding
- All sections formatted for print
- Timeline with key moments highlighted
- Action items table
- Contributors list
- Page numbers and footer
PDFs are ideal for sharing with stakeholders who don’t have EasyAlert access or for archival purposes.
Best Practices
Conduct Blameless Reviews
Conduct Blameless Reviews
Focus on systems and processes, not individuals. Ask “How did the system allow this?” rather than “Who caused this?”
Complete Postmortems Promptly
Complete Postmortems Promptly
Aim to complete postmortems within 5-7 days while details are fresh. Set a calendar reminder after resolving major incidents.
Build Comprehensive Timelines
Build Comprehensive Timelines
Include all significant events, not just the obvious ones. Detection, communication, and decision points are often as important as technical actions.
Use Multiple Root Cause Categories
Use Multiple Root Cause Categories
Most incidents have contributing factors across multiple categories. A technical bug might be enabled by a process gap.
Create Specific Action Items
Create Specific Action Items
“Improve monitoring” is too vague. “Add alert for database connection pool exhaustion” is actionable and measurable.
Assign Owners and Due Dates
Assign Owners and Due Dates
Action items without owners don’t get done. Set realistic due dates and follow up regularly.
Share Learnings Broadly
Share Learnings Broadly
Review Historical Postmortems
Review Historical Postmortems
Periodically review past postmortems. Are similar incidents recurring? Are action items being completed?
Common Patterns
Production Outage
Production Outage
Timeline Focus: Detection time, escalation path, mitigation stepsRoot Causes: Often technical + process (e.g., config change without review)Action Items: Improved monitoring, rollback procedures, change management
Performance Degradation
Performance Degradation
Timeline Focus: When degradation started, customer impact, resolutionRoot Causes: Capacity planning, load testing gaps, monitoring blindspotsAction Items: Capacity alerts, load testing, performance baselines
Security Incident
Security Incident
Timeline Focus: Initial compromise, detection, containment, remediationRoot Causes: Vulnerability, access control, detection gapsAction Items: Patching, access review, security monitoring
Data Loss/Corruption
Data Loss/Corruption
Timeline Focus: When issue occurred, detection, data recoveryRoot Causes: Backup gaps, validation missing, process failuresAction Items: Backup verification, data validation, recovery testing
Troubleshooting
Can't find incidents to link
Can't find incidents to link
- Verify you’re searching with at least 2 characters
- Check incident exists and is visible to your tenant
- Try searching by incident number (e.g., “123”)
PDF export shows blank text
PDF export shows blank text
- Clear browser cache and retry
- Try a different browser
- Ensure postmortem has content to export
Can't edit published postmortem
Can't edit published postmortem
Published postmortems are read-only. Contact an admin if corrections are needed.
Action items not saving
Action items not saving
- Ensure required fields (Title) are filled
- Check for validation errors
- Save postmortem before adding action items
Contributors not appearing
Contributors not appearing
- Verify user exists in the tenant
- Check user has appropriate permissions
- Try searching by email if name doesn’t work
Quick Reference
Postmortem Statuses
| Status | Can Edit | Visible To | Next Action |
|---|---|---|---|
| Draft | Yes | Owner only | Submit for Review |
| In Review | Limited | Reviewers | Publish |
| Published | No | All team | Export PDF |
Severity Levels
| Severity | Impact | Example |
|---|---|---|
| Critical | Complete service outage | Production down |
| High | Major functionality impaired | Core feature broken |
| Medium | Limited impact | Non-critical feature affected |
| Low | Minimal impact | Minor issue |
Action Item Priorities
| Priority | Response Time | Example |
|---|---|---|
| Critical | Immediate | Security vulnerability |
| High | This sprint | Major process improvement |
| Medium | This quarter | Documentation update |
| Low | Backlog | Nice-to-have enhancement |