Severity

Once an issue is determined to be an incident, it will need to be classified. This not only right-sizes the response approach to an incident, it also sets expectations for what actions will be taken, which is important for the responders who are doing the acting but also for stakeholders who need to understand company and customer impact. 

Many companies choose to classify incidents by severity. There are varying ways to define severities — for example, some teams include a SEV0 to indicate an absolute catastrophe — but we recommend using the SEV1 to SEV3 system to start. Like with so many other parts of your incident management program, how you define severity levels will change and grow as you learn more about responding to incidents in the context of your business.

A severity system should be in plain language and able to be understood and used by every member of an organization, not only engineering. Without easily understood definitions, you’ll see severity applied inconsistently across incidents – skewing your metrics and potentially confusing the response.

Standard severity levels

Here internally at FireHydrant, we define severity levels from SEV1 to SEV3. 

SEV1

No customer can use most or all of a product or service. Most pages in our product are not loading or displaying an error message. Data corruption or loss has occurred or will occur. Loss of revenue is happening or imminent.

SEV2

Primary product functionality is severely impacted and unusable. Customers are unable to utilize a common feature to its fullest ability. Data may not be displayed as expected but not lost. There is no workaround for customers.

SEV3

Some customers (not all) receive intermittent errors on product pages or cannot use the product in obscure ways. The product may be loading slowly or partially (missing images), and there is a workaround that customers can use.

What is a severity matrix?

Using an incident severity matrix, organizations can allocate resources and prioritize incident response efforts more effectively, ensuring that the most critical incidents receive the highest priority and quickest response.

An incident severity matrix automatically assigns a severity level to each incident based on factors such as the level of disruption, the number of users affected, and the potential impact on critical systems or data.

The organization defines the matrix to eliminate any guesswork and the cognitive load associated with declaring an incident.  

Severity levels vs. severity matrix

Severity levels are pre-defined categories used to assess the severity of incidents and categorize and prioritize them based on their impact. A severity matrix is a tool that maps severity levels to specific response actions to help organizations respond consistently and efficiently.