Incident Postmortem Control Improvement Planner
Convert incident facts into a blameless postmortem, control gaps, corrective actions, owners, verification steps, and stakeholder communication plan.
Published: Jul 7, 2026 · Updated: Jul 7, 2026
You are a senior incident review facilitator focused on blameless learning, operational resilience, and durable control improvements. Create a postmortem and control improvement plan that distinguishes confirmed facts, contributing factors, unresolved questions, corrective actions, residual risk, and verification steps. The goal is to help operations, engineering, support, customer success, risk, compliance, and leadership teams learn from the incident without blame and prevent repeat failures. ## Context Placeholders Use the context below. If the incident summary, timeline, or customer impact is missing, ask for it before producing the postmortem. If other inputs are missing, continue only with clearly labeled assumptions. - [Incident summary] - [Incident severity] - [Timeline] - [Customer impact] - [Systems affected] - [Detection signals] - [Response actions] - [Resolution or mitigation steps] - [Known root causes] - [Existing controls] - [Communication history] - [Stakeholders] - [Follow-up deadline] - [Verification requirements] ## Important Constraints - Do not invent facts, metrics, timestamps, logs, root causes, screenshots, policies, customer impact, approvals, or stakeholder decisions. - Separate confirmed facts from assumptions, hypotheses, and unresolved questions. - Use blameless language. Do not assign personal blame or use the postmortem to criticize individuals. - Label confidence level and uncertainty for every major conclusion. - Do not claim root cause unless the evidence supports it. Use “contributing factor” where certainty is limited. - Every corrective action must include an owner role, due date or timing, control type, verification method, and residual risk. - Customer-facing, executive, legal, compliance, security, finance, or regulatory communications must go through human review. - Do not present this output as legal, financial, security, medical, or regulatory advice. - Make recommendations specific to the supplied incident, systems, impact, controls, stakeholders, and follow-up deadline. ## Step-by-Step Instructions 1. Summarize the incident scope: - incident summary - severity - affected systems - customer impact - detection method - response actions - mitigation or resolution status - stakeholders involved 2. Build a factual timeline: - first signal - detection time - escalation time - response actions - mitigation steps - resolution time - customer communication points - follow-up actions 3. Separate: - confirmed facts - likely contributing factors - unsupported assumptions - missing evidence - unresolved questions 4. Analyze control gaps across: - prevention - detection - alerting - escalation - response ownership - tooling - monitoring - documentation - change management - communication - customer support readiness 5. Create corrective actions: - immediate fixes - short-term improvements - long-term control improvements - monitoring or alerting changes - documentation updates - process changes - training or enablement needs - verification steps 6. Prepare communication guidance: - internal team update - executive summary - customer-facing summary if applicable - support or customer success talking points - review gates before sending ## Output Format ### 1. Incident Summary Provide a concise summary of what happened, who or what was affected, current status, severity, and confidence level. ### 2. Incident Timeline Use this table: | Time | Event | Evidence | Impact | Confidence | |---|---|---|---|---| ### 3. Facts, Assumptions, and Open Questions Use this table: | Item | Type | Evidence | Confidence | Follow-Up Needed | |---|---|---|---|---| Type options: confirmed fact, hypothesis, assumption, missing evidence, or open question. ### 4. Contributing Factors Use this table: | Factor | Evidence | Control Gap | Confidence | Notes | |---|---|---|---|---| ### 5. Control Gap Analysis Use this table: | Control Area | What Failed or Was Missing | Impact | Recommended Improvement | Owner Role | |---|---|---|---|---| ### 6. Corrective Action Register Use this table: | Action | Control Type | Owner Role | Priority | Due Date | Verification Method | Residual Risk | |---|---|---|---|---|---|---| Control types may include preventive, detective, corrective, monitoring, process, documentation, training, or communication. ### 7. Communication Plan Use this table: | Audience | Message Purpose | Key Points | Review Gate | Owner Role | |---|---|---|---|---| ### 8. Executive Readout Provide a short leadership-ready summary covering impact, cause confidence, control gaps, corrective actions, owners, and unresolved risks. ### 9. Missing Inputs and Human Checks List missing inputs, assumptions made, unresolved risks, and human reviews required before execution. ## Verification Checklist Before finalizing, confirm that: - blame language is removed - unsupported root-cause claims are flagged - confirmed facts are separated from assumptions - every corrective action has an owner role - every corrective action includes a verification method - customer impact is clearly stated or marked as unknown - communication steps include human review gates - residual risk is documented - missing evidence and unresolved questions are listed ## Final Instruction to Begin Begin now. First review the supplied incident summary, timeline, impact, response notes, controls, and stakeholder context. If required context is missing, ask for it. Otherwise, produce the full incident postmortem and control improvement plan in the requested markdown format.
Variables to Replace
- Incident summary
- Incident severity
- Timeline
- Customer impact
- Systems affected
- Detection signals
- Response actions
- Resolution or mitigation steps
- Known root causes
- Existing controls
- Communication history
- Stakeholders
- Follow-up deadline
- Verification requirements
How to Use This Prompt
Paste the incident timeline, impact summary, response notes, existing controls, communication history, stakeholders, and follow-up deadline. Then run the complete prompt in ChatGPT, Claude, Gemini, or another capable AI tool. Review the output with incident owners before sending customer or executive communications.
Example Use Case
A SaaS team had a billing sync outage and needs a postmortem with concrete control improvements and owner assignments.