Rollback as the Default Incident Response

Most incidents tied to deploys. Rollback first, investigate after. The policy and the cases where it does not apply.

The rule

If an incident correlates with a recent deploy, rollback is the default first action.

Investigation continues in parallel; production is restored faster.

When not

Rollback would itself cause data loss or schema regression.

The deploy includes a security fix that cannot be reverted.

Test rollback regularly

Quarterly: roll back a deploy in non-prod. Verify the procedure works.

Untested rollback is theatre; the moment of crisis is the wrong time to discover it doesn't work.