A guide to IT post-mortem reporting

Published on
331 Points
Last Modified:
Postmortem reporting allow us to examine mistakes in a way that focuses on the situational aspects of a failure’s mechanism and the decision-making process of individuals proximate to the failure. Read our guide on how to handle IT post-mortem reporting.

Blameless post-mortems allow us to examine mistakes in a way that focuses on the situational aspects of a failure’s mechanism and the decision-making process of individuals proximate to the failure. - The DevOps Handbook

The engineers at Google describe post mortem reporting as a “written record of an incident, its impact, the actions taken to mitigate or resolve it, the root cause(s), and the follow-up actions to prevent the incident from recurring.”

While the definition of a post mortem makes it sound like a straight forward process, the simplicity can belie some important technical and managerial. The goal of this blog is to provide suggestions on the types of tools and frameworks that need to be introduced in order for IT, Ops or ITSM to institute an effective post mortem culture. To this end, we will loop at the following points:

  • Why are post mortems necessary
  • What do post mortems allow us to achieve
  • How can we implement an effective post mortem

Post mortems are necessary as they give us insight into why an incident happened. They allow us to deconstruct a particular incident and see what transpired after the critical event and how that can be improved  in the future. Was the problem due to a scheduled or unscheduled incident? When the Sev1 incident  occurred, was the right team notified? If the team was notified, did they actually hear the alert or did the alert just go off as a ping on their smartphone?


Post mortems, when carried out correctly, can achieve a whole lot that advances the team in the direction of further progress and IT knowledge. The post mortems are designed to break down sacred cows and reveal points of truth that might not have been previously recognized. For example, when a service interruption was identified by the monitoring tool, was the incident only sent to one team member who then in turn needed to identify a number of other team members which slowed down the time until team members could respond?


Post mortems are both necessary and important to effective incident management as they bring to the surface how effective your team is at managing critical events.  Effective post mortems are not meant to be blame games or cheap talk.  Instead, they are meant as effective management tools to improve the effectiveness of the team.

Hack 1: Enable post mortems as soon after the event as possible

Memories are shaky.  So it is best to enable the post mortem as soon after the event as possible. Team leaders need to be rigorous about recording details and sharing information

Hack 2: Create a timeline

If you don’t have things written down, it can be hard to follow up on action items.

The first point of action of the post mortem meeting should be to look at the timeline of events. As you were smart and invested in an incident alert management system, a communications management, a ticket management platform and a reporting platform, you have all the relevant data you need to view the order in which the events unfolded.  The first three tools allow you to see what happened in a step by step manner. With the reporting capabilities, you will be able to see aggregate data that provides context to the timeline.

Hack 3: Create a final digital record

Important to share this information and make it easily available. Need to publish post mortems as widely as possible. Google drive is a good place to post this information. You need to educate other members of the team as to why the event occurred and commit to changes that will prevent the event from happening again in the future.

Post mortem reporting is an important component of effective DevOps teams. To read 3 more post mortem reporting hacks, download our whitepaper


Featured Post

Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

Join & Write a Comment

This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …
Send secure, cloud-based, encrypted alerts and maintain HIPAA compliant messaging. Integrates priority & secure messaging into one application. Ensures IT, emergency respondents and healthcare professionals that their critical messages are never mis…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month