How many of us have walked away from a retrospective where “update X playbook” accounted for the bulk of the post-incident learning? As we establish and evolve our incident response programs, playbooks are a useful tool to document information and build consistency. But they also can easily become a dumping ground for rigid process and oversimplified approaches that don’t work in the ambiguous and complex real world incidents we experience.

In this talk, I’ll break down three pillars for building incident response programs that build consistency and alignment while leaving room for judgement and agility.

Pillar 1: Severity Levels (How to establish severity levels that reflect your business priorities) Pillar 2: Heuristics (Mental shortcuts for ambiguous decision-making) Pillar 3: Tooling (Eliminating toil to leave room for the important decisions)