Prompt chaining for service incident postmortems

Prompt chaining for service incident postmortems involves using a series of well-structured prompts to guide the process of analyzing, documenting, and communicating the outcomes of a service disruption. It’s an iterative approach, where each step builds on the previous one, ensuring that the postmortem is thorough, data-driven, and actionable.

Here’s how you can structure a prompt chain for service incident postmortems:

1. Initial Incident Overview

Prompt: “Provide a brief summary of the incident, including the time it started, the services affected, and the duration of the disruption.”

This prompt should aim to get the basic facts of the incident, without diving into details just yet. Focus on answering the who, what, when, and how long aspects.

2. Root Cause Analysis

Prompt: “What was the root cause of the incident? Describe the underlying factors that contributed to the issue, including any technical, human, or procedural factors.”

This helps identify the core issue rather than just the symptoms, ensuring that the postmortem focuses on solving the problem at its source.

3. Impact Assessment

Prompt: “List the services or features that were directly impacted by the incident. Include the severity of the impact, the affected user base, and any business consequences.”

This helps measure the extent of the disruption. It’s important to consider not just the technical aspects but also the business or customer impact.

4. Timeline of Events

Prompt: “Provide a detailed timeline of the incident, including key events, actions taken by the team, and any notable findings or decisions made throughout the incident resolution.”

This section ensures you have a comprehensive account of the incident’s progression, allowing teams to spot inefficiencies or areas for improvement in their response.

5. Incident Response Evaluation

Prompt: “Evaluate the effectiveness of the incident response. What went well in the resolution process? What could have been done better or faster?”

By reflecting on the incident response, you can identify strengths and weaknesses in your procedures, helping to enhance future response efforts.

6. Preventative Measures

Prompt: “What changes or improvements will be implemented to prevent a similar incident in the future? Include both technical and procedural recommendations.”

This prompt focuses on actions to avoid recurrence, aiming to turn the postmortem into an opportunity for improvement rather than just documentation.

7. Follow-up Actions and Ownership

Prompt: “List the follow-up actions that will be taken based on the postmortem findings. Assign ownership and set deadlines for each action item.”

This ensures accountability and clear next steps after the postmortem. It also ensures the changes discussed are actually implemented.

8. Postmortem Review and Communication

Prompt: “How will the findings of this postmortem be shared with the broader organization? Who will communicate the outcome, and what format will be used?”

It’s important to communicate the learnings from the postmortem to all relevant stakeholders, ensuring transparency and fostering a culture of continuous improvement.

9. Postmortem Summary and Reflection

Prompt: “Summarize the key takeaways from this postmortem. What are the biggest lessons learned, and how will this influence future incidents?”

This prompt gives teams a chance to reflect on the overall incident and learn from it for continuous improvement.

Example of How This Would Flow Together:

1. Incident Overview: “On April 14, 2025, the user authentication service went down from 2:30 PM to 4:00 PM, affecting 60% of users in the U.S. region.”

2. Root Cause: “The root cause was a database misconfiguration that caused a 50% increase in read requests, leading to a failure in the primary database instance.”

3. Impact Assessment: “Authentication failures resulted in customers being unable to log in, directly impacting sales for two hours. An estimated $500,000 in potential revenue was lost.”

4. Timeline of Events:

   • 2:30 PM: User authentication fails.

   • 2:35 PM: Incident detection and escalation.

   • 2:45 PM: Database team identifies misconfiguration.

   • 3:30 PM: Configuration is corrected, service begins recovery.

   • 4:00 PM: Service fully restored.

5. Incident Response Evaluation: “The response time was generally good, but the misconfiguration was not detected immediately, and communication with customers could have been more proactive.”

6. Preventative Measures: “Automated configuration checks will be implemented to prevent similar issues. An improved monitoring system will alert the team to abnormal traffic patterns more quickly.”

7. Follow-up Actions: “The database configuration validation system will be reviewed and improved by May 30, 2025, assigned to Database Team. The customer communication protocol will be reviewed by June 15, 2025, assigned to the Support Team.”

8. Postmortem Review: “The findings will be shared with the engineering team via an internal document and discussed in the monthly all-hands meeting.”

9. Reflection: “The most important lesson learned is the need for more proactive monitoring, especially during periods of traffic spikes. This will be incorporated into our incident response protocol moving forward.”

By chaining these prompts together, you ensure that your service incident postmortems are thorough, actionable, and valuable for improving future incident management processes.