🚨 Incident Management Suite¶
Turn Every Incident Into a Learning Opportunity
Real-time war room coordination • Blameless post-mortems • Corrective action tracking • Trend analysis
The Incident Management Suite brings structure to chaos. Whether you're in the middle of a SEV1 outage or conducting a quarterly incident review, this toolkit guides your team through ICS-style coordination, rigorous root cause analysis, and systematic follow-up — all while maintaining a blameless culture that drives real improvement.
🎯 Why This Toolkit?¶
Without structure, incident response is ad-hoc: roles are unclear, timelines are reconstructed from memory, and action items fall through the cracks.
With this toolkit, your team gets:
| Challenge | Solution |
|---|---|
| Chaotic war rooms | ICS-style role assignments, structured status boards |
| Blame-focused post-mortems | Blameless analysis framework with 5 Whys |
| Lost context | AI-assisted timeline building from live discussion |
| Forgotten action items | Automated extraction with owner assignment |
| Repeated incidents | Pattern detection and trend reporting |
📦 What's Inside¶
Meeting Templates (6)¶
| Template | Purpose | Duration |
|---|---|---|
| 🚨 Incident War Room | Active incident coordination with role assignment and status tracking | 60 min |
| 🎯 Incident Triage | Initial assessment, severity classification, and team mobilization | 30 min |
| 🔬 Incident Post-Mortem | Blameless root cause analysis with 5 Whys and contributing factors | 90 min |
| 📊 Incident Review | Periodic review of trends, action item status, and process improvements | 60 min |
| 🔄 IC Shift Handoff | Structured handoff between Incident Commanders during long-running incidents | 30 min |
| 🔐 Security Incident Response | Security-specific handling with evidence preservation and breach notification | 60 min |
Agentic Shortcuts (9)¶
Real-time AI assistance during meetings:
| Shortcut | What It Does |
|---|---|
| 🚨 Classify Severity | Assesses SEV1-4 based on impact, revenue, and SLA signals |
| ⏱️ Build Timeline | Extracts timestamps from discussion into structured timeline |
| 👥 Assign Roles | Identifies IC, Comms, Tech Lead, Scribe from conversation |
| 📢 Status Update | Generates stakeholder-ready status message |
| 🔍 5 Whys Analysis | Facilitates root cause analysis through causal chain |
| 🔀 Contributing Factors | Multi-factor analysis (Process/Tech/People/Environment) |
| ✅ Blameless Summary | Reframes findings with systems-focused language |
| 📋 Extract Actions | Captures corrective actions with owners and priorities |
| 🔀 Change Correlation | Correlates recent deploys, configs, and feature flags with incident timing |
Secondary Artifacts (6)¶
AI-generated deliverables from meeting transcripts:
| Artifact | Description | Default Delivery |
|---|---|---|
| 📢 Stakeholder Update | Executive-friendly status summary | Slack |
| 📄 Incident Report | Formal record for compliance and archives | |
| 🔬 Blameless Post-Mortem | Full root cause analysis document | |
| ✅ Corrective Actions | Structured action items by category | Jira |
| 📈 Trend Report | Incident patterns and recommendations | |
| 👥 Customer Notification | User-friendly incident update for customers/status page |
Canvas Templates (3)¶
Persistent collaborative documents:
| Canvas | Purpose | Icon |
|---|---|---|
| 📋 Incident Report | Structured record updated throughout incident lifecycle | 📋 |
| 🔬 Blameless Post-Mortem | Collaborative analysis with approval workflow | 🔬 |
| 🚨 War Room Status Board | Live status board for active incidents | 🚨 |
Action Buttons (6)¶
| Button | Mechanism | Use Case |
|---|---|---|
| 📋 Copy to Clipboard | clipboard | Quick sharing |
| ✉️ Email Stakeholders | email | Executive updates |
| 💬 Post to Slack | integration:slack | Incident channel updates |
| 🎫 Create Jira Tickets | integration:jira | Action item tracking |
| 📥 Download PDF | file_download | Compliance records |
| 🔔 Update PagerDuty | webhook | Status synchronization |
Workflows (1)¶
| Workflow | Steps |
|---|---|
| Post-Mortem Review & Distribution | Generate PM → Tech Lead Review → IC Approval → Distribute |
🚀 Extend It Your Way¶
This toolkit is a starting point, not a ceiling. Every component is customizable.
Remix in the UI. Once installed, all components (templates, shortcuts, next steps, canvases, workflows) appear in your workspace settings. Edit them directly, duplicate them, or combine pieces from multiple toolkits — then export your remix as a new portable toolkit.
Ideas for extension:
| Extension | How To |
|---|---|
| Add ServiceNow integration | Create webhook action button for ITSM sync |
| Custom severity levels | Modify Classify Severity shortcut prompt |
| Link to runbooks | Add runbook URLs to meeting template descriptions |
| Auto-create Confluence page | Add workflow step with Confluence webhook |
💡 Ideas for Further Extension¶
These are advanced capabilities identified during toolkit design. Consider these for future customization:
| Category | Extension | Description |
|---|---|---|
| Metrics & SLOs | SLO Impact Tracking | Add error budget references to severity classification; correlate incidents with SLO burn-down |
| Metrics & SLOs | MTTR/MTTD Dashboards | Enrich trend reports with mean-time-to-resolve and mean-time-to-detect metrics |
| Automation | Runbook Feedback Loop | Capture which runbook steps were useful/outdated; generate runbook improvement suggestions |
| Automation | CI/CD Integration | Auto-query deployment pipeline (GitHub Actions, ArgoCD) for recent changes during correlation |
| Vendor Management | Vendor Incident Tracking | Template variant for tracking third-party vendor incidents with SLA timers |
| Vendor Management | Support Ticket Linkage | Auto-link customer support tickets to incident records |
| Compliance | Audit Log Export | Structured export for compliance audits (SOC 2, ISO 27001) |
| AI Enhancement | Incident Similarity | AI shortcut to find similar past incidents based on symptoms |
| AI Enhancement | Suggested Assignees | ML-based recommendation for Tech Lead and IC based on expertise |
Fork, version, share: - Export as JSON for version control - Share across workspaces with consistent incident processes - Merge improvements from updated toolkit releases
📥 Installation¶
Click the button above to install directly into your Contio workspace. If you have the desktop app, it will open automatically. Otherwise, you'll be directed to the web app.
Via Partner API:
curl -X POST https://api.contio.ai/v1/partner/admin/toolkits \
-H "X-API-Key: $API_KEY" \
-d @incident-management-suite.json
Manual installation:
- Download incident-management-suite.json
- Go to Settings → Toolkits → Import
- Select the JSON file and confirm
🔗 Related Resources¶
- Incident Command System (ICS) — Foundation for role assignments
- Google SRE: Postmortem Culture — Blameless post-mortem principles
- Toolkit Manifest Format — Full manifest specification