- Schedule an After Action Review (AAR) meeting within {{AAR_SLA}} and invite the attendees listed at {{AAR_ATTENDEES}}. Always include the following:
- The incident commander.
- Service owners involved in the incident.
- Key engineer(s)/responders involved in the incident.
- Designate an AAR owner who will investigate the incident in advance of the meeting to prepare, looking into the incident process itself including reviewing notes and reports.
Document answers to the following key questions:
- What happened? Create a timeline, supported with data or other artifacts. Avoid blame. Find facts.
- What was supposed to happen?
- Detail deviations from process, procedure, or best practice, including SME assessments.
- Identify ways the incident could have been detected sooner, or responded to more effectively
- What were the root causes? Find root cause to things that happened and to things that should have happened.
- How can we improve? Capture action items with assignees and due dates. Consider:
- Stop: what should we stop doing?
- Start: what should we start doing?
- Continue: what should we keep doing?
The AAR owner, in coordination with the Internal Liaison, will communicate the status of the AAR (see below)
| Status | Description |
|---|---|
| Draft | AAR investigation is still ongoing |
| In Review | AAR investigation has been completed, and is ready to be reviewed during the AAR meeting. |
| Reviewed | AAR meeting is over and the content has been reviewed and agreed upon. If there are additional "External Messages", the communications team will take action to prepare. |
| Closed | No further actions are needed on the AAR (outstanding issues are tracked in tickets). If no "External Messages", skip straight to this once the meeting is over. If there are additional "External Messages", communications team will update AAR Closed once sent. |
Communicate the results of the AAR internally and finalize the AAR documentation.