Investigation phase

Investigation

Tip

Updates will vary based on where the incident is in its lifecycle. For the purposes of this document, we will focus on the phases during an incident when internal stakeholder communications are generated: Investigation, Identification, Monitoring and Resolution.

The investigation phase is when an issue has been detected, but no conclusions about what may be happening have yet been made. This is the start of a major incident when responders are first mobilized. This first notification to internal stakeholders is to notify them that an issue has been detected and is actively being investigated, although no conclusions have been made at this time. During a major incident, the Internal Liaison should generate an internal stakeholder update as soon as possible.

Elements to include in an update during the Investigation phase are:

  • Time the incident started
  • Description of the issue detected
  • Business service(s) affected
  • Customer impact, if known
  • Next steps for stakeholders (e.g. join a chat channel, incident bridge, standby for updates, etc)
  • Where to find more information (i.e. chat channel, email, status page, etc)
  • When to expect another update

An example of a status update during the Investigation phase is:

"At 7:59PM PDT an error condition was detected in the interdimensional gate to the Upside Down (the Rift). Some customers may be abducted by Demogorons during this time. We are currently investigating. Join the #stakeholder-updates chat channel or join the incident by phone at 1-888-OMG-FUBAR to observe. Expect another update within 30 minutes.”