The Art of CTO Incident Severity Classifier standardizes incident classification using impact-based criteria across user impact, data integrity, revenue effect, and blast radius.
Frequently Asked Questions
How do you define incident severity levels?
Most organizations use 4-5 severity levels: SEV1/Critical (complete outage or data breach affecting all users — all-hands response, executive notification), SEV2/Major (significant degradation affecting many users — dedicated response team, customer communication), SEV3/Minor (partial impact affecting a subset of users — normal response during business hours), SEV4/Low (minimal impact, cosmetic issues — addressed in normal workflow). Classification should be based on objective criteria: percentage of users affected, revenue impact per hour, data integrity risk, and whether workarounds exist.
What is the difference between severity and priority?
Severity measures the impact of an incident on users and business operations — it is an objective assessment of harm. Priority determines the order in which incidents are addressed — it incorporates business context like customer tier, contractual SLAs, and available resources. A SEV3 incident affecting your largest enterprise customer might be prioritized above a SEV2 incident affecting free-tier users. Separating these concepts prevents gaming (inflating severity to get faster response) and enables more nuanced resource allocation during concurrent incidents.