Postmortem for Vendor Incidents

Even when not your fault.

Overview

Vendor incidents (AWS regional outage, Stripe processing degradation, Cloudflare BGP event) are not the team’s root cause, but they are still the team’s problem. Customers feel the impact regardless of who caused it. Writing a postmortem on a vendor incident captures the team’s response, surfaces resilience improvements, and feeds dependency analysis. Skipping the postmortem because “it was the vendor’s fault” misses the point entirely.

• Even when not your fault. Vendor incidents still cost customer trust. The team’s response is what builds or breaks resilience reputation.
• Team timeline. Per-vendor the response timeline. Detection, escalation, customer comms, mitigation.
• Team-response analysis. What the team actually did versus what it could have done. The improvable surface.
• Resilience action items plus dependency analysis. Reduce blast radius for the next vendor incident; per-vendor the dependency map and failover plan reviewed.

The approach

Three habits make vendor incident postmortems produce real resilience: write the postmortem regardless of fault attribution, focus on team response, ship resilience action items.

• Postmortem per vendor incident. Write the postmortem regardless of fault. Customer impact is real even when blame is not the team’s.
• Team-response analysis. Focus on what the team did. Detection time, escalation, customer comms, mitigation choices.
• Resilience action items. Failover paths, multi-region patterns, vendor diversification, customer-comms templates.
• Dependency analysis plus documented policy. Per-vendor the dependency review; per-team the vendor-postmortem policy documented.

Why this compounds

Each vendor incident postmortem deposits resilience that survives the next vendor incident. The team’s incident maturity deepens; vendor diversification gets prioritised based on evidence; customer-comms templates improve.

• Resilience improves. Action items reduce vendor blast radius for the next incident.
• Team learning. Per-vendor postmortem teaches response patterns that transfer across vendors.
• Culture reinforcement. Vendor postmortems signal that team response matters regardless of fault.
• Year-one investment, year-two habit. First vendor postmortem feels strange. By the third, the team writes them automatically.