Incidents
Manage, triage, and resolve incidents with your team. Track everything from detection to resolution.
What are Incidents?
Incidents are created when something goes wrong - whether detected automatically by a monitor or heartbeat, or created manually by your team. They provide a central place to track the issue, coordinate response, and document resolution.
Note: Incident management is available for organization accounts. Personal accounts can use monitors and heartbeats, but incidents require a team.
Incident Lifecycle
Triggered
Initial state when an incident is created. Notifications are sent to on-call team members.
Acknowledged
Someone is aware of the incident and looking into it. Escalation is paused.
Investigating
Active investigation is underway. Use this to indicate progress.
Monitoring
A fix has been deployed. Watching to confirm the issue is resolved.
Resolved
The incident is closed. Time to resolution (TTR) is calculated.
Severity Levels
Incidents are created without a severity level. Your team triages and assigns severity based on actual impact:
| Level | Description | Response |
|---|---|---|
| SEV1 | Critical - Complete outage or major functionality broken | All hands on deck, immediate response |
| SEV2 | Major - Significant impact but partial functionality available | Immediate attention required |
| SEV3 | Minor - Limited impact, workaround available | Address during business hours |
| SEV4 | Low - Minimal impact, cosmetic issues | Address when capacity allows |
Activity Timeline
Every incident has an activity timeline that automatically logs:
- When the incident was triggered and by what (monitor, heartbeat, or manual)
- Status changes with who made them and when
- Severity changes with before/after values
- Assignee changes
- Comments and updates from team members
- Resolution details and time-to-resolve (TTR)
This timeline serves as an audit log and is invaluable during post-mortems.
Team Assignment
Assign incidents to team members to clearly indicate who is responsible:
- Click "Assign" on an incident to assign to a team member
- Use "Assign to me" for quick self-assignment
- Assignee is shown in the incident list and details
- Assignment changes are logged in the activity timeline
Post-Mortems
After resolving an incident, create a post-mortem to document what happened and prevent recurrence. Encompass provides templates to help structure your post-mortem:
- Standard Template - Summary, timeline, root cause, action items
- 5 Whys - Iterative root cause analysis
- Blameless - Focuses on systems and processes, not individuals
- Quick Retrospective - Lightweight format for minor incidents
Post-mortems include action items that can be assigned to team members with due dates.
MTTR Analytics
The Analytics tab provides insights into your incident response performance:
- Mean Time to Acknowledge (MTTA) - Average time from trigger to acknowledgment
- Mean Time to Resolve (MTTR) - Average time from trigger to resolution
- Incident volume over time - Track incident frequency trends
- Breakdown by severity - See distribution across SEV levels