Your CTO has asked you to implement a postmortem policy on every incident for internal use. You want to define what a good postmortem is to ensure that the policy is successful at your company. What should you do? (Choose two.)
Your CTO has asked you to implement a postmortem policy on every incident for internal use. You want to define what a good postmortem is to ensure that the policy is successful at your company. What should you do? (Choose two.)
To ensure a successful postmortem policy, it is crucial to include key details that help understand and prevent future incidents. Ensuring that all postmortems include the severity of the incident, how to prevent future occurrences, and what caused the incident without naming internal system components achieves transparency while protecting sensitive information. Additionally, involving all incident participants in the postmortem authoring and sharing postmortems as widely as possible encourages a collaborative and inclusive culture. This comprehensive approach ensures that multiple perspectives are considered, fostering a learning environment that benefits the entire organization.
I think the answers are B & D.
Me too E -> include all incident participants in postmortem authoring, no much sense, the incident commander is the author of the postmortem A -> identify the person or team responsible for causing the incident C -> without naming internal system components, the postmortem has to be focus on the processes/components
Not D, I don't think it's always possible to detail how the incident was resolved, may be too complicated. B and C for me.
Option B is incorrect because it states that the postmortem should include how the incident could have been worse.The focus of the postmortem should be on identifying the root cause of the incident and developing recommendations for preventing future occurrences.
B & D is the answer
A. We don't blame B. I can't imagine a postmortem with information on how the incident could have been worse. C. Correct answer. D. It's nearly the same as C but doesn't include recommendations for the future, so I go with C. E. Correct, include all participants of the incident in authoring postmortem to not miss something important.
Shouldn't mention customer information, it's not useful to spread it widely, might be causing negative impact.
I thing is CE https://sre.google/workbook/postmortem-culture/
Choose C & E Option C emphasizes including the severity of the incident, prevention strategies for future occurrences, and an analysis of what caused the incident without necessarily naming internal system components. This approach ensures a balance between transparency and security, providing valuable insights without exposing sensitive internal details. Option E, which advocates involving all incident participants in postmortem authoring and sharing postmortems widely, promotes a collaborative and inclusive culture. Involving all relevant stakeholders ensures a comprehensive understanding of the incident, and sharing postmortems widely fosters transparency, enabling the organization to learn from incidents collectively. Together, these practices contribute to a successful postmortem policy that promotes continuous improvement and a culture of learning from incidents.
I'll go for C & E
Vote CE
I would go with B & C
C: https://sre.google/workbook/postmortem-culture/#:~:text=away%20from%20us%E2%80%9D).-,Preventative%20action,Disallow%20any%20single%20operation%20from%20affecting%20servers%20spanning%20namespace/class%20boundaries%E2%80%9D).,-Blamelessness E: https://sre.google/workbook/postmortem-culture/#:~:text=Include%20all%20incident%20participants%20in%20postmortem%20authoring https://sre.google/workbook/postmortem-culture/#:~:text=In%20order%20to%20maintain%20a%20healthy%20postmortem%20culture%20within%20an%20organization%2C%20it%E2%80%99s%20important%20to%20share%20postmortems%20as%20widely%20as%20possible
C, E - Don't share internal info and share as wide as possible. Post Mortems and RCAs typically are shared with customers.