Back to docsRecipe

Incident post design

A structured template for communicating security incidents to customers with clarity, accountability, and technical precision.

Anatomy

  • Executive summary — one paragraph a non-technical stakeholder can understand
  • Timeline — UTC timestamps for detection, containment, remediation
  • Root cause — technical detail without blame
  • Impact surface — what data, services, or users were affected
  • Remediation — concrete steps taken and verification method
  • Prevention — long-term controls to prevent recurrence

Tone principles

Write in plain English. Own the failure. Never minimize impact. Avoid passive voice. If you don't know something yet, say so and commit to a follow-up with a specific date.

Distribution

Publish to a dedicated /incidents page. Email affected customers within 4 hours of containment. Post a summary to your status page. Archive every incident permanently — never delete.

← All recipes