Incident Communication Templates (Copy & Paste)
Use these templates during incidents. Replace placeholders like [service], [impact], and [time].
Quick copy (TL;DR)
We are investigating an issue affecting [service]. Customers may see [impact]. Next update by [time].
We have identified the issue affecting [service] and are applying a fix. Next update by [time].
π΄ Investigating (Outage)
We are investigating an issue affecting [service or component]. Customers may see [customer impact]. We are actively reviewing the cause and will share another update by [time].
π‘ Identified
We have identified the cause of the issue affecting [service]. The problem is related to [brief cause or affected system]. We are applying mitigation steps and will share another update by [time].
π΅ Monitoring
We have applied a fix for the issue affecting [service]. Error rates are returning to normal and we are monitoring recovery closely. We will confirm full resolution by [time] unless conditions change.
π’ Resolved
This incident has been resolved. [Service] has been stable since [time]. We will continue to review the cause internally and publish further detail if needed.
Additional Templates
Partial Outage
We are investigating a partial outage affecting [service]. Some customers may be unable to [task], while other parts of the service remain available. Next update by [time].
Degraded Performance
We are investigating degraded performance affecting [service]. Customers may see slower responses or intermittent delays, but the service remains available for most requests. Next update by [time].
Third-Party Dependency Issue
We are investigating issues affecting [service] caused by an upstream provider problem. We are tracking the provider incident and applying mitigation where possible. Next update by [time].
Example Timeline
| Time | Update |
|---|---|
| 09:04 UTC | Investigating API errors affecting EU traffic |
| 09:14 UTC | Identified failed deploy, rollback started |
| 09:24 UTC | Rollback complete, monitoring recovery |
| 09:39 UTC | Incident resolved |
How to Write Good Incident Updates
- lead with customer impact
- avoid filler like βplease bear with usβ
- do not speculate on root cause early
- include a next update time
- keep each update short enough to scan quickly
For severity-driven cadence, see Incident severity levels.
FAQ
What should every incident update include?
Customer impact, current team action, and the next expected update time.
Should incident updates mention root cause immediately?
Only if the cause is reasonably confirmed. Early updates should focus on impact and response, not speculation.
How long should an incident update be?
Usually one short paragraph is enough. Customers need clarity, not a long internal narrative during the active incident.