Skip to content
Docsie Logo

Free Process Template

Free Incident Response Runbook

Response procedures for [incident type]

Incident Classification Detection Immediate Response Investigation Mitigation Communication Post-Incident
Download Word Download PDF Download Markdown
Generate from Video Browse Templates

Incident Response Runbook

Use this template to response procedures for [incident type].

Template Metadata

Field Details
Category Process
Owner [Team or owner]
Version [Version number]
Effective Date [Date]
Review Cycle [Monthly / Quarterly / Annual / Event-based]
Status [Draft / In Review / Approved]

Incident Classification

Severity levels and criteria for this incident type.

Item Details Owner Status
[Item or requirement] [Describe the relevant detail, evidence, or decision] [Owner] [Open / Complete]
[Item or requirement] [Describe the relevant detail, evidence, or decision] [Owner] [Open / Complete]

Notes

[Add context, assumptions, exceptions, evidence links, screenshots, calculations, or reviewer comments.]

Detection

How the incident is detected (alerts, monitoring, user reports).

Item Details Owner Status
[Item or requirement] [Describe the relevant detail, evidence, or decision] [Owner] [Open / Complete]
[Item or requirement] [Describe the relevant detail, evidence, or decision] [Owner] [Open / Complete]

Notes

[Add context, assumptions, exceptions, evidence links, screenshots, calculations, or reviewer comments.]

Immediate Response

First 15 minutes: triage steps, who to page, initial containment.

Item Details Owner Status
[Item or requirement] [Describe the relevant detail, evidence, or decision] [Owner] [Open / Complete]
[Item or requirement] [Describe the relevant detail, evidence, or decision] [Owner] [Open / Complete]

Notes

[Add context, assumptions, exceptions, evidence links, screenshots, calculations, or reviewer comments.]

Investigation

Diagnostic commands, log locations, and what to look for.

Item Details Owner Status
[Item or requirement] [Describe the relevant detail, evidence, or decision] [Owner] [Open / Complete]
[Item or requirement] [Describe the relevant detail, evidence, or decision] [Owner] [Open / Complete]

Notes

[Add context, assumptions, exceptions, evidence links, screenshots, calculations, or reviewer comments.]

Mitigation

Steps to restore service with rollback procedures.

Item Details Owner Status
[Item or requirement] [Describe the relevant detail, evidence, or decision] [Owner] [Open / Complete]
[Item or requirement] [Describe the relevant detail, evidence, or decision] [Owner] [Open / Complete]

Notes

[Add context, assumptions, exceptions, evidence links, screenshots, calculations, or reviewer comments.]

Communication

Stakeholder notification templates and escalation paths.

Item Details Owner Status
[Item or requirement] [Describe the relevant detail, evidence, or decision] [Owner] [Open / Complete]
[Item or requirement] [Describe the relevant detail, evidence, or decision] [Owner] [Open / Complete]

Notes

[Add context, assumptions, exceptions, evidence links, screenshots, calculations, or reviewer comments.]

Post-Incident

Post-mortem process and follow-up tasks. Use Markdown with code blocks. Write for an on-call engineer under pressure.

Item Details Owner Status
[Item or requirement] [Describe the relevant detail, evidence, or decision] [Owner] [Open / Complete]
[Item or requirement] [Describe the relevant detail, evidence, or decision] [Owner] [Open / Complete]

Notes

[Add context, assumptions, exceptions, evidence links, screenshots, calculations, or reviewer comments.]

Review and Signoff

Document review conclusions, approvals, unresolved items, and next review date.

Role Name Date Notes
Preparer [Name] [Date] [Notes]
Reviewer [Name] [Date] [Notes]
Approver [Name] [Date] [Notes]

Template Structure

What the Incident Response Runbook Includes

Use this process template as a starting point, then customize each section to match your internal workflow, evidence, and signoff needs.

1

Incident Classification

Severity levels and criteria for this incident type.

2

Detection

How the incident is detected (alerts, monitoring, user reports).

3

Immediate Response

First 15 minutes: triage steps, who to page, initial containment.

4

Investigation

Diagnostic commands, log locations, and what to look for.

5

Mitigation

Steps to restore service with rollback procedures.

6

Communication

Stakeholder notification templates and escalation paths.

7

Post-Incident

Post-mortem process and follow-up tasks. Use Markdown with code blocks. Write for an on-call engineer under pressure.

Recommended Structure

Write an Incident Response Runbook for a specific incident type. Structure with:

Incident Classification

Severity levels and criteria for this incident type.

Detection

How the incident is detected (alerts, monitoring, user reports).

Immediate Response

First 15 minutes: triage steps, who to page, initial containment.

Investigation

Diagnostic commands, log locations, and what to look for.

Mitigation

Steps to restore service with rollback procedures.

Communication

Stakeholder notification templates and escalation paths.

Post-Incident

Post-mortem process and follow-up tasks.

Use Markdown with code blocks. Write for an on-call engineer under pressure.

Example Filled Template

Incident Response: API Latency Spike (>2s p99)

Incident Classification

Severity Criteria
SEV-1 p99 > 10s, error rate > 5%
SEV-2 p99 > 5s or error rate > 2%
SEV-3 p99 > 2s, no errors

Detection

  • Primary alert: Datadog monitor "API p99 Latency > 2s" (PagerDuty)
  • Dashboard: https://app.datadoghq.com/dashboard/api-health

Immediate Response (First 15 Minutes)

  1. Acknowledge the PagerDuty alert
  2. Check the API health dashboard for affected endpoints
  3. Verify database connection pool status:
kubectl exec -it deploy/api-server -- curl localhost:8080/healthz
  1. If SEV-1: page the Platform Lead via /pd trigger platform-lead

Investigation

# Check slow query log
kubectl logs deploy/api-server --since=15m | grep "SLOW_QUERY"

# Check database connections
psql -c "SELECT count(*), state FROM pg_stat_activity GROUP BY state;"

# Check pod resource usage
kubectl top pods -l app=api-server

Mitigation

  • If DB connection pool exhausted: Restart API pods: kubectl rollout restart deploy/api-server
  • If slow query identified: Kill the query: SELECT pg_cancel_backend(PID);
  • If high traffic: Scale up: kubectl scale deploy/api-server --replicas=8
Skip Manual Drafting

Generate a Incident Response Runbook from a Video

Record a walkthrough, training session, or process demonstration. Docsie AI turns it into structured documentation using this template as the starting framework.

Generate from Video See Video-to-Docs

Use the template manually, or let Docsie generate the first draft from source footage.

DOCX, PDF, and Markdown downloads
Works with process and training videos

More Process Templates

Change Management Document

Process for implementing [change] with rollback

Learn More

Operational Runbook

Daily procedures for [system] maintenance

Learn More

Security Runbook

Security procedures for [threat] detection and response

Learn More

Standard Operating Procedure

Step-by-step process for [task]

Learn More

Template FAQ

Incident Response Runbook FAQ

Common questions about using and generating a incident Response Runbook.

Using This Template

Q: What is a incident Response Runbook?

A: A incident Response Runbook is a structured document for response procedures for [incident type].

Q: Can I download this incident Response Runbook as Word or PDF?

A: Yes. This page includes free downloads in DOCX, PDF, and Markdown formats so you can edit, share, or import the template into your documentation system.

Q: Can Docsie generate this from a video?

A: Yes. Upload a process walkthrough, training recording, or screen capture to Docsie, then use this template structure to generate a first draft automatically.