Photo by Ian Espinosa

Incident Response: Writing a Playbook

Authoring the guides you might use in a future crisis.

An incident response plan should consider the “first time” reader, who may not have ever expected to be responding to an incident.

What playbooks should I build?

In deciding on what playbooks might make sense to build, consider it to be an exercise in prediction. What types of incidents are you likely to have? This is an exercise in understanding your risks.

  • Triage method to divy up customer contacts across a support team.
  • Emergency public FAQ and blog authoring & hosting.
  • Conditions for “top customers” who need an executive phone call, first.

What are some more examples?

These are runbooks that I’ve written or come across, but I’ve also included some which are a wish list that would have been useful in an incident. You can consider authoring these with your own risks in mind, and assess whether authoring your own version for your own environment makes sense.


This describes the “playbook” aspect of an opinionated approach to incident response plans. I believe that incident response plans should be extremely readable and useful, and a few high value playbooks should augment them.

Writing about risk, security, and startups.