Respond to $ARGUMENTS.

Incident Response Process (5 phases — sequential, do not skip)

The cardinal rule: mitigate first, root-cause second. The goal is to stop the bleeding before you diagnose the disease. Never spend 30 minutes investigating while users are down.

Phase 1: Detect and Classify

Gather the symptoms (2 minutes max):

What is the symptom? (error spike, latency increase, service down, data corruption, security alert)
What alert fired? What is the threshold and current value?
When did it start? (check monitoring dashboards for the exact time)
Is it ongoing or has it resolved?

Classify severity:

Severity	Criteria	Response time	Communication cadence
SEV-1 (Critical)	Service down, data loss, security breach, revenue impact	Immediate

Respond to $ARGUMENTS.

Incident Response Process (5 phases — sequential, do not skip)

The cardinal rule: mitigate first, root-cause second. The goal is to stop the bleeding before you diagnose the disease. Never spend 30 minutes investigating while users are down.

Phase 1: Detect and Classify

Gather the symptoms (2 minutes max):

What is the symptom? (error spike, latency increase, service down, data corruption, security alert)
What alert fired? What is the threshold and current value?
When did it start? (check monitoring dashboards for the exact time)
Is it ongoing or has it resolved?

Classify severity:

Severity	Criteria	Response time	Communication cadence
SEV-1 (Critical)	Service down, data loss, security breach, revenue impact	Immediate

Incident Response

Incident Response Process (5 phases — sequential, do not skip)

Phase 1: Detect and Classify

Incident Response

Incident Response Process (5 phases — sequential, do not skip)

Phase 1: Detect and Classify

Phase 2: Assess Impact

Hr Pro

Mental Health Analyzer

Satori

Claude Ally Health

Wellally Tech

Tcm Constitution Analyzer