Ultimamente al lavoro ho avuto da fare spesso con incidenti e per questo ho dovuto leggere e scrivere alcuni documenti chiamati RCA (in inglese Root Cause Analysis, analisi delle cause principali). Abbiamo dovuto leggerne alcuni dai nostri fornitori di servizi per capire cosa è successo e ne abbiamo scritti alcuni per far sapere ai nostri clienti cosa è successo a noi (in realtà dice anche qualcosa in più).

Un esempio del documento può essere il seguente (non l’ho tradotto, ups):

## Incident summary
A brief summary of the incidents including which system was impacted and what was the impact on the final users.
## Root Cause
Detailed description of what caused the incidents. It should be detailed enough that people who were not involved should be able to understand it. Add any supporting material like link to docs, diagrams..
## Incident Timeline
Timeline including at least: impact started at, detected at, first communication sent at, fixed at.
## Mitigations taken
Actions taken during the incidents that stopped the impact. (i.e. restarted pods, rotated certificates, shipped a hotfix...)
## Preventive actions
Actions planned as follow-ups to prevent this incident from happening again. It's nice to add for each of them: a brief description, expected delivery date, status (it might be already started, finished, or to plan), and an owner.