...
The incident must be officially declared in Slack #incidentmanagement channel.
Incidents can be declared for applications, systems, services, or security events that occur.
Outages, degradation of services or security incidents of Tier 0 and 1 services must be declared an incident unless the impact is for a limited number of users.
Involvement and communications may vary between declared incidents.
Incident Owner must be identified in the Slack #incidentmanagement channel.
Incident Owner must provide a Zoom link in the Slack #incidentmanagement channel for those that want to meet to discuss updates or work on the issue. Technical teams working on the issue can use whatever collaboration methods they want, including this Zoom session.
Use only one Zoom link for the incident. If there is a need for smaller discussions, use the Breakout Room feature in Zoom.
It is highly recommended that the Zoom session be recorded. There are no security, compliance, or insurance concerns over recording incident response Zoom sessions.
Important: Use threads to organize communications and discussions. For larger incidents, it’s acceptable to create a tech working thread and a communications discussion thread. If multiple incidents occur at the same time, multiple threads should be created.
Use the pin message to the channel feature to bookmark important links such as communications documents.
Utilize the Canvas feature in the channel to track updates to services impacted.
The Incident Owner or Help Desk creates LTS Alert(s) if needed.
...
Anything posted here will get the attention of staff and operations very quickly.
Degradation or outage of Tier 0 and 1 services.
Incidents posted here will have an Incident Manager and the service incident will be communicated in some form to the campus.
Blameless post mortem will be conducted.
...