Incident Management
Practical
By Samson Tanimawo, PhD
Published Jun 6, 2026
4 min read
The Incident Severity Creep Pattern
Sev 3 incidents that should have been sev 2. The pattern, the cost, and the calibration that prevents it.
Live workflow · 3 working · 1 queuedLive
Signal · gather Working
Decide · pick action Working
Apply · with verify Working
Learn · update playbook Queued
Symptom
More sev 3s than sev 2s and 1s combined. The team is under-classifying.
Customer impact larger than the severity suggests.
Cause
Severity definitions vague. Each engineer applies their own threshold.
Team norm: 'don't escalate unless certain.'
Fix
Specific definitions per severity level.
Periodic calibration: 30 random incidents reviewed for correct severity.