Publishing Policy

When to publish externally.

Overview

The PM publishing policy decides which post-mortems go public. Universal publishing overexposes internal architecture; never publishing erodes trust. Selective publishing on a documented policy supports both trust and security boundaries.

• When to publish externally. Per-incident publishing decision; the policy answers it before the moment, not during.
• Customer-impacting incidents. Customer-impacting incidents get public PMs; the customer expects the receipts when they were affected.
• Internal-only. Per-PM redaction; some incident detail belongs in the internal version, not the public one.
• Per-customer email plus SLA credit transparency. Personalised communication for affected customers; SLA credits applied per the contract.

The approach

The practical approach: severity-driven default, customer-impact-driven escalation, internal-detail redaction, per-customer email for affected accounts, documented per-team policy. The team’s discipline produces matched publishing rather than ad-hoc decisions.

• Severity driven. SEV1 always public; SEV2 case-by-case; lower severity internal-only by default.
• Customer-impact driven. Per-incident customer impact; the metric overrides severity when impact and severity disagree.
• Redact internal detail. Per-PM redaction; internal architecture and tool names stay internal.
• Per-customer email plus documented policy. Personalised communication for affected customers; per-team publishing policy committed for review.

Why this compounds

The discipline compounds across years. Each appropriately-published PM preserves customer trust; the team’s incident maturity grows; transparency becomes part of the brand instead of an exception.

• Better customer trust. Public PMs preserve customer trust; the customer who saw the impact also sees the analysis.
• Better incident response. Public publishing produces engineering accountability; the team ships the action items.
• Better culture. Publishing signals that PMs matter; the team treats incidents as learning, not blame.
• Institutional knowledge. Each public PM teaches the industry; the commons grows when teams share what they learned.

The publishing policy is an operational discipline that pays off across years. Nova AI Ops integrates with incident telemetry, surfaces patterns, and supports the team’s customer trust discipline.