Root Cause Analysis

Root Cause Analysis

*** Refrain from using specific names inside an RCA. Refer to roles (ex: PIC) rather than mentioning specific individuals ***

Incident overview

Postmortem owner



Related incidents


Incident date


Approx. Damage Costs


Report Date


 Executive summary

 Incident timeline

Describe (approximate) timelines, cross correlate with telemetry/video recordings/etc if any.


 Postmortem report






List the sequence of events that led to the incident.


Describe what didn't work as expected. If available, include relevant data visualizations.



Report when the team detected the incident and how they knew it was happening. Describe how the team could've improved time to detection.



Report who responded to the incident and describe what they did at what times. Include any delays or obstacles to responding.



Report how the user impact was mitigated and when the incident was deemed resolved. Describe how the team could've improved time to mitigation.


Five whys root cause identification

Run a 5-whys analysis to understand the true causes of the incident.


Related records

Check if any past incidents could've had the same root cause. Note what mitigation was attempted in those incidents and ask why this incident occurred again.


 Lessons learned

Describe what you learned, what went well, and how you can improve.



 Recommendations for future

Actionable Recommendation


Actionable Recommendation
