135 lines
7.5 KiB
Markdown
135 lines
7.5 KiB
Markdown
There are several roles for our incident response teams at Spearhead Systems. Certain roles only have one person per incident (e.g. support engineer), whereas other roles can have multiple people (e.g.System/Solution Architects, juniors, etc.). It's all about coming together as a team, working the problem, and getting a solution quickly.
|
|
|
|
Here is a rough outline of our role hierarchy, with each role discussed in more detail on the rest of this page.
|
|
|
|
![Incident Response Structure](../assets/img/misc/incident_response_roles.png)
|
|
|
|
---
|
|
|
|
## Team Leader (IC)
|
|
|
|
### What is it?
|
|
A Team Leader acts as the single source of truth of what is currently happening and what is going to happen during an major incident. They come in all shapes, sizes, and colors. TL's are also the key elements in a project (boards in DoIT).
|
|
|
|
### Why have one?
|
|
As any system grows in size and complexity, things break and cause incidents. The TL is needed to help drive major incidents to resolution by organizing his team towards a common goal.
|
|
|
|
### What are the responsibilities?
|
|
1. Help prepare for projects and incidents,
|
|
* Setup communications channels.
|
|
* Create the DoIT board(s) and other project planning related materials.
|
|
* Funnel people to these communications channels.
|
|
* Train team members on how to communicate and train other TL's.
|
|
1. Drive incidents and projects to resolution,
|
|
* Get everyone on the same communication channel.
|
|
* Collect information from team members for their services/area of ownership status.
|
|
* Collect proposed repair actions, then recommend repair actions to be taken.
|
|
* Delegate all repair actions, the TL is NOT a resolver.
|
|
* Be the single authority on system status
|
|
* Communicate directly with the customers and end-users
|
|
- not the engineers themselves!
|
|
1. Post Mortem,
|
|
* Creating the initial template right after the incident so people can put in their thoughts while fresh.
|
|
* Assigning the post-mortem after the event is over, this can be done after the call.
|
|
* Work with Managers/Support on scheduling preventive actions.
|
|
|
|
### Who are they?
|
|
Anyone on the TL on-call schedule. Trainees are typically on the TL Shadow schedule.
|
|
|
|
### How can I become one?
|
|
Take a look at our [Team Leader training guide](/training/incident_commander.md).
|
|
|
|
---
|
|
|
|
## Deputy
|
|
|
|
### What is it?
|
|
A Deputy is a direct support role for the Incident Commander. This is not a shadow where the person just observes, the Deputy is expected to perform important tasks during an incident.
|
|
|
|
### Why have one?
|
|
It's important for the IC to focus on the problem at hand, rather than worrying about documenting the steps or monitoring timers. The deputy helps to support the IC and keep them focussed on the incident.
|
|
|
|
### What are the responsibilities?
|
|
The Deputy is expected to:
|
|
|
|
1. Bring up issues to the Incident Commander that may otherwise not be addressed (keeping an eye on timers that have been started, circling back around to missed items from a roll call, etc).
|
|
1. Be a "hot standby" Incident Commander, should the primary need to either transition to a SME, or otherwise have to step away from the IC role.
|
|
1. Page SME's or other on-call engineers as instructed by the Incident Commander.
|
|
1. Manage the incident call, and be prepared to remove people from the call if instructed by the Incident Commander.
|
|
1. Liaise with stakeholders and provide status updates on Slack as necessary.
|
|
|
|
### Who are they?
|
|
Any Incident Commander can act as a deputy. Deputies need to be trained as an Incident Commander as they may be required to take over command.
|
|
|
|
### How can I become one?
|
|
Take a look at our [Deputy training guide](/training/deputy.md). Deputies also need to be [trained as an Incident Commander](/training/incident_commander.md).
|
|
|
|
---
|
|
|
|
## Scribe
|
|
|
|
### What is it?
|
|
A Scribe documents the timeline of an incident as it progresses, and makes sure all important decisions and data are captured for later review.
|
|
|
|
### Why have one?
|
|
The incident commander will need to focus on the problem at hand, and the subject matter experts will need to focus on resolving the incident. It is important to capture a timeline of events as they happen so that they can be reviewed during the post-mortem to determine how well we performed, and so we can accurate determine any additional impact that we might not have noticed at the time.
|
|
|
|
### What are the responsibilities?
|
|
The Scribe is expected to:
|
|
|
|
1. Ensure the incident call is being recorded.
|
|
1. Note in Slack important data, events, and actions, as they happen. Specifically:
|
|
* Key actions as they are taken (Example: "prod-server-387723 is being restarted to attempt to remove the stuck lock")
|
|
* Status reports when one is provided by the IC (Example: "We are in SEV-1, service A is currently not processing events due to a stuck lock, X is restarting the app stack, next checkin in 3 minutes")
|
|
* Any key callouts either during the call or at the ending review (Example: "Note: (Bob B) We should have a better way to determine stuck locks.")
|
|
|
|
### Who are they?
|
|
Anyone can act as a scribe during an incident, and are chosen by the Incident Commander at the start of the call. Typically the Deputy will act as the Scribe, but that doesn't necessarily need to happen, and for larger incidents may not be possible.
|
|
|
|
### How can I become one?
|
|
Follow our [Scribe training guide](/training/scribe.md), and then notify the Incident Commanders that you would like to be considered for scribing for the next incident.
|
|
|
|
---
|
|
|
|
## Subject Matter Expert
|
|
|
|
### What is it?
|
|
A Subject Matter Expert (SME), sometimes called a "Resolver", is a domain expert or designated owner of a component or service that is part of the PagerDuty software stack.
|
|
|
|
### Why have one?
|
|
The IC and deputy are not all-knowing super beings. When there is a problem with a service, an expert in that service is needed to be able to quickly help identify and fix issues.
|
|
|
|
### What are the responsibilities?
|
|
1. Being able to diagnose common problems with the service.
|
|
1. Being able to rapidly fix issues found during an incident.
|
|
1. Concise communication skills, specifically for CAN reports:
|
|
* Condition: What is the current state of the service? Is it healthy or not?
|
|
* Actions: What actions need to be taken if the service is not in a healthy state?
|
|
* Needs: What support does the resolver need to perform an action?
|
|
|
|
### Who are they?
|
|
Anyone who is considered a "domain expert" can act as a resolver for an incident. Typically the service's primary on-call will act as the SME for that service.
|
|
|
|
### How can I become one?
|
|
Take a look at our [Subject Matter Expert training guide](/training/subject_matter_expert.md). You should also discuss with your team and service owner to determine what the requirements are for your particular service.
|
|
|
|
---
|
|
|
|
## Customer Liaison
|
|
|
|
### What is it?
|
|
A person responsible for interacting with customers, either directly, or via our public communication channels. Typically a member of the Customer Support team.
|
|
|
|
### Why have one?
|
|
All of the other roles will be actively working on identifying the cause and resolving the issue, we need a role which is focused purely on the customer interaction side of things so that it can be done properly, with the due care and attention it needs.
|
|
|
|
### What are the responsibilities?
|
|
1. Post any publicly facing messages regarding the incident (Twitter, StatusPage, etc).
|
|
1. Notify the IC of any customers reporting that they are affected by the incident.
|
|
|
|
### Who are they?
|
|
Any member of the Support Team can act as a customer liaison.
|
|
|
|
### How can I become one?
|
|
Discuss with the Support Team about becoming our next customer liaison.
|