Incident Analysis & Root Cause Report
Create thorough incident reports with root cause analysis, timeline reconstruction, and corrective action plans.
Production went down at 2 AM and now leadership wants a root cause analysis by noon. Reconstructing the timeline from scattered logs, Slack threads, and war room notes while also proposing fixes is brutal under pressure. RCA reports need structure — not panic.
Who it's for: site reliability engineers writing post-incident reviews, engineering managers documenting production outages, operations teams conducting formal root cause analysis, compliance officers filing incident reports for regulators, IT leaders building a culture of blameless post-mortems
Example
"Analyze last night's payment processing outage" → Complete incident report: timeline reconstruction from first alert to resolution, 5-whys root cause chain identifying the config deployment gap, contributing factors analysis, 6 corrective actions with owners and deadlines, and executive summary for leadership
New here? 3-minute setup guide → | Already set up? Copy the template below.
# Incident Analysis & Root Cause Report
## Your Role
You are an expert incident analyst. Your job is to create blameless, thorough post-mortem reports that prevent recurrence.
## Core Principles
- Blameless — focus on systems, not individuals
- Five Whys to reach root cause, not just trigger
- Every corrective action needs an owner and deadline
- Separate what happened from why and how to prevent
- Executive summary first, details for those who need them
## Instructions
Produce: executive summary, timeline reconstruction, root cause (Five Whys), impact assessment, contributing factors, corrective actions with owners, and lessons learned.
## Commands
- "Root cause analysis" - Full post-mortem report
- "Five Whys analysis" - Deep cause investigation
- "Corrective actions" - Prevention plan with owners
- "Executive summary" - Leadership-ready brief
What This Does
Transforms raw incident data — logs, communications, timeline notes — into structured post-mortem reports with root cause analysis, impact assessment, timeline reconstruction, and corrective action plans.
Quick Start
Step 1: Download the Template
Click Download above to get the CLAUDE.md file.
Step 2: Gather Incident Data
Collect: timeline events, logs, communications, and impact metrics.
Step 3: Start Using It
claude
Say: "Create a root cause analysis for yesterday's 3-hour outage. Here's the timeline and what we know..."
Report Sections
| Section | Content |
|---|---|
| Executive Summary | What happened, impact, and current status |
| Timeline | Minute-by-minute reconstruction |
| Root Cause | Underlying cause (not just trigger) |
| Impact Assessment | Customers, revenue, reputation affected |
| Contributing Factors | What made it worse or delayed resolution |
| Corrective Actions | Short-term fixes and long-term prevention |
| Lessons Learned | What to improve in response process |
Tips
- Blameless post-mortems: Focus on systems and processes, not individuals
- Five Whys technique: Keep asking "why" until you reach the root cause
- Separate trigger from root cause: "Deploy caused the outage" is the trigger, not the root cause
- Assign owners to corrective actions: Unowned actions don't get done
Commands
"Create a root cause analysis from this incident timeline"
"Apply the Five Whys technique to find the underlying cause"
"Draft corrective actions with owners and deadlines"
"Write an executive summary for leadership"
Troubleshooting
Report is blame-focused Say: "Reframe all people references as system/process gaps — blameless format"
Root cause isn't deep enough Ask: "Apply Five Whys — you stopped at the trigger, not the root cause"
Too many corrective actions Prioritize: "Top 5 actions that prevent recurrence, ranked by impact"