HomeEE · Operations › Incident response

Incident response

Purpose: Run AEM incidents with clear severity, roles and the platform-specific first moves that shorten them.

Who this page is for

AudienceWhy it matters to you
All engineersEveryone gets a turn
Tech leadsIncident commanders

Severity anchored to user impact

SevDefinition (site terms)Response
1Site down / purchase-lead flows broken / data exposurePage now; incident commander; business comms
2Major feature broken, workaround poor (plan pages render without premiums)Page in hours; commander
3Degraded, workaround exists (authoring slow, one component broken)Business hours
4Cosmetic/minorBacklog

Roles from sev2 up: commander (decisions, comms cadence), operator(s) (hands on keyboards), scribe (timeline — the post-incident review is only as good as the timeline). The commander does not type.

AEM-specific first moves (after the triage method)

SymptomFirst move
Site downWhich layer? CDN status → dispatcher direct → publish direct — binary-search the chain
Everything slow post-deployThe lever question: rollback decision in 5 minutes, not 50
Content not updatingReplication queues + .stat files (replication blocked)
One publisher weirdPull it from LB first, diagnose second — traffic tolerance exists for this
Author downPublish keeps serving (say so in comms — "the website is fine"); cold standby decision per RTO
Suspected security eventStop, engage security response — different playbook, preserve evidence, no cowboy fixes (incident type)

Stabilise > diagnose

Mid-incident, prefer the reversible stabilising action (LB removal, cache serve-stale, feature flag off, rollback) over the clever root-cause fix. Root cause is for the calm afterwards — captured in a blameless review whose actions actually land in the backlog. An incident without a review is a rehearsal for its sequel.

Quick navigation