Overview

Every incident is a free learning opportunity — provided you have a mechanism to extract lessons from it. A Postmortem is not about writing a confession or finding a scapegoat. It is a structured engineering methodology for converting incident experience into systemic improvements.

One of the core tenets of Google SRE is: “Blameless postmortem.” The focus of a review is always on “why did the system fail,” not “who messed up.” This is not sentimentality — it’s engineering rationality: if people feel threatened during a review, they will hide information, and you will never see the true root cause of the incident.

This article systematically covers how to turn Postmortems from “going through the motions” into “real learning” — covering the significance of postmortem culture, the blameless principle, root cause analysis methods, postmortem templates, action item tracking, and organizational culture barriers.

For a systematic methodology on Postmortem culture, see Google SRE Book - Postmortem Culture and Google SRE Workbook - Postmortems.

1. Why Postmortem Culture Matters

The Engineering Reality of Inevitable Failures

In distributed systems, failure is not a question of “if” but “when.” A typical microservice architecture may have hundreds of service nodes, dozens of dependency systems, and deployment across multiple availability zones — the combinatorial complexity grows exponentially. Under this complexity, the following scenarios are almost certain to occur:

  • Network partitions causing inter-service call timeouts
  • Configuration changes triggering cascading failures
  • Dependency on third-party API rate limiting or unavailability
  • Database connection pool exhaustion
  • A release introducing an edge-case bug

The question is not whether incidents happen, but: will the same incident happen again?

The Cost of Not Doing Postmortems

Teams without a Postmortem culture typically fall into the following cycle:

Incident occurs → Emergency fix → Sigh of relief → Never followed up → Similar incident happens again

The cost of this cycle is far greater than you might think:

DimensionCost
Recurring incidentsSame root cause not eliminated, incidents repeat, MTBF cannot improve
Knowledge gapCritical troubleshooting experience stays in individuals’ heads; lost when people leave
Eroded trustTeam repeatedly makes similar mistakes; management and user trust steadily declines
Personal stressWithout institutional support, on-call engineers bear psychological pressure alone, accelerating burnout
No improvement trackingFixes remain in verbal conversations and chat logs, with no tracking or acceptance

The Engineering Value of Postmortems

A mature Postmortem system delivers value at three levels:

  1. Knowledge consolidation: Convert implicit incident troubleshooting experience into explicit, searchable knowledge
  2. System improvement: Drive systemic optimization through root cause analysis, rather than treating symptoms
  3. Culture shaping: Build a “focus on the issue, not the person” safety culture that encourages candor and transparency

2. The Blameless Postmortem Principle

Core Tenet

Blameless is the soul of Postmortem culture. Its core tenet can be summarized in one sentence:

Assume that everyone involved made the most reasonable decision given the information and pressure they had at the time.

The goal of the review is to understand “why this decision seemed reasonable at the time,” not to judge “how stupid this decision was.”

Why Blameless Is Not Sentimentality

Some argue that blameless is about excusing mistakes. The opposite is true — blameless is about finding the real root cause more efficiently. Consider two scenarios:

Scenario A (blame culture):

Review facilitator: "Who was responsible for this release? Why wasn't there a canary?"
Release engineer: (defensive) "Time was tight, product was pushing hard, tests passed..."
→ Focus shifts to defensiveness and blame-shifting; technical root cause is obscured

Scenario B (Blameless culture):

Review facilitator: "In the release process at the time, what factors made a full rollout seem reasonable?"
Release engineer: (candid) "Canary release requires manual weight configuration, which is cumbersome,
                  and the last few direct releases had no issues, so the risk seemed low."
→ Focus shifts to process deficiency (high cost of canary operations); root cause surfaces

Blameless doesn’t mean no accountability — it means shifting accountability from “personal fault” to “system improvement.”

Practical Guidelines for Blameless

GuidelineDescriptionAnti-pattern
Focus on systems and processesAsk “why did the system allow this error” not “who made the mistake”“Zhang San’s code has a bug”
Use neutral languageAvoid emotional expressions and judgmental words“This design is simply unreasonable”
Encourage candorClearly state that the review does not affect performance; the more complete the information, the more valuableTying review outcomes to KPIs
Consider decision contextUnderstand the information constraints and pressure conditions at the timeSecond-guessing decisions with hindsight
Focus on issues, not peopleAction items point to processes/tools/architecture, not “someone should be careful”Action item: “Zhang San needs to be more careful”

3. When to Trigger a Postmortem

Not every incident requires a formal Postmortem. Over-reviewing leads to fatigue and going through the motions; under-reviewing means missing learning opportunities. Here are common trigger criteria:

Severity-Based Triggers

Severity LevelPostmortem RequiredDepth Required
SEV1 (P0)Mandatory formal reviewFull Postmortem document + review meeting
SEV2 (P1)Mandatory formal reviewFull Postmortem document
SEV3 (P2)As neededBrief review or lightweight analysis
SEV4 (P3/P4)Not requiredLog in ticketing system

Other Triggers

Beyond severity, the following situations should also trigger a review:

  1. Novel failure mode: Even if impact is small, a new type of failure is worth reviewing to prevent recurrence
  2. Response time exceeds target: MTTR far exceeds the SLO target, requiring analysis of response process bottlenecks
  3. Near-repeat incidents: Similar root causes within a short period (e.g., 30 days) indicate previous action items weren’t implemented
  4. User complaint-driven: Even if monitoring systems didn’t detect it, users reported a clear impact

Postmortem Time Window

Incident recovery → Within 24-48 hours: Complete Postmortem draft
                  → Within 3-5 business days: Hold review meeting
                  → Within 48 hours after meeting: Finalize and archive

The core principle is review while it’s fresh: after recovery, participants’ memories are sharpest and context is most complete. Delaying too long leads to forgotten details and “rationalized reconstructions.”

4. Root Cause Analysis Methods

Root Cause Analysis (RCA) is the technical core of a Postmortem. The goal is to find the most fundamental cause of the incident, not the most superficial trigger.

Causal Chains and the Definition of “Root Cause”

An incident is typically a causal chain:

Configuration error → Connection pool exhaustion → Service timeout → Upstream cascading failure → User-facing error

Fixing only “connection pool exhaustion” is not enough — the root cause is “configuration changes lack validation mechanisms.” The criterion for a root cause is: if this problem were solved, would this class of incident be completely prevented?

5 Whys Method

5 Whys is the most commonly used root cause analysis technique: for each answer, continue asking “why” until you reach a systemic root cause.

Example: Database primary-replica failover failure

Q1: Why did the primary-replica failover fail?
A1: Because the replica's replication lag exceeded 30 seconds, and data was inconsistent at failover time.

Q2: Why was the replica's replication lag over 30 seconds?
A2: Because the primary was doing bulk writes, and the replica couldn't apply binlogs fast enough.

Q3: Why was the primary doing bulk writes?
A3: Because a data migration job was running bulk INSERTs in the early morning.

Q4: Why did the migration job run in the early morning without write rate limiting?
A4: Because the migration script had no rate limiting, and the job scheduler didn't account for database replication lag.

Q5: Why does the migration script lack rate limiting and why doesn't the scheduler consider replication status?
A5: Because the data migration tool lacks a "write rate limit" feature, and the scheduling system
    and database monitoring are two independent systems with no integrated health check mechanism.

Root cause: Data migration tool lacks rate control + scheduling system and database monitoring lack integrated health checks.

Action items:

  • Add write rate limiting to the migration tool
  • Integrate database replication lag checks into the scheduler; automatically pause tasks when lag exceeds threshold

5 Whys considerations:

  • It doesn’t have to be exactly 5 “whys” — you might reach the root cause in 3, or need 7-8
  • Each level’s answer should be based on facts and data, not speculation
  • There may be multiple branches — incidents are often tree-structured, not linear causal chains

Fishbone Diagram (Ishikawa Diagram)

For complex incidents, the causal chain is not linear but a combination of multiple factors. Fishbone diagrams are well-suited for mapping multi-dimensional factors:

                         ┌─ People: On-call engineer unfamiliar with this service
                         
                         ├─ Process: Change approval didn't cover configuration items
                         
   Incident: Service unavailable ──────┼─ Technology: Config center has no canary release mechanism
                         
                         ├─ Environment: Test environment config differs from production
                         
                         └─ Tools: Config validation tool doesn't cover this field

The fishbone diagram’s categorization dimensions typically reference the 6M framework:

DimensionMeaningSRE Example
Man (People)Human factorsInsufficient knowledge, fatigue, poor communication
Method (Process)Working methodsMissing change process, insufficient approval
Machine (Technology)Technical solutionsArchitecture flaws, missing fault tolerance
Material (Data/Materials)Data/ConfigurationConfiguration errors, data quality issues
Measurement (Metrics)MonitoringMissing alerts, overlooked metrics
Environment (Environment)Runtime environmentEnvironment inconsistency, resource shortage

Choosing an Analysis Method

MethodSuitable ScenarioAdvantageLimitation
5 WhysSingle causal chain incidentsSimple, intuitive, fastMay miss factors in complex multi-cause incidents
Fishbone diagramMulti-factor complex incidentsSystematic and comprehensive, avoids omissionsHighly structured, time-consuming
Fault Tree Analysis (FTA)Safety-critical systems, high complexityRigorous logic, quantifiable probabilitiesHigh learning curve, over-formalization risk
Timeline analysisLong-evolving cascading incidentsReconstructs event evolutionDoesn’t directly produce root cause; needs complementary methods

In practice, the most common combination is 5 Whys + timeline analysis: first use the timeline to reconstruct the full event, then apply 5 Whys to key turning points for root cause analysis.

5. Postmortem Document Template

A good template lowers the writing barrier and ensures content completeness. Here is a battle-tested template:

# Postmortem: [Incident Title]

## Basic Information

| Field | Content |
|------|------|
| Incident time | 2026-07-10 14:30 ~ 15:15 (45 minutes) |
| Severity | SEV1 |
| Impact scope | Payment service unavailable, ~12% of users affected |
| Incident owner | Zhang San (On-Call Engineer) |
| Review date | 2026-07-12 |
| Status | Finalized |

## Incident Summary

One sentence: When, which service, what went wrong, how many users affected, how long it lasted.

## Impact Assessment

- **User impact**: ~12% of payment requests failed, estimated transaction revenue impact of ¥XXK
- **Business impact**: Payment service SLI dropped from 99.97% to 99.82%, July SLO budget consumed 35%
- **Data impact**: No data loss/inconsistency

## Timeline

| Time | Event | Owner |
|------|------|--------|
| 14:30 | Alert triggered: Payment service error rate >5% | Automated alert |
| 14:32 | On-call engineer responded, began investigation | Zhang San |
| 14:35 | Confirmed as database connection pool exhaustion | Zhang San |
| 14:40 | Attempted connection pool restart, no recovery | Zhang San |
| 14:45 | Escalated to DBA team, found primary DB connections at limit | Zhang San → Li Si |
| 14:52 | Identified anomalous SQL from reporting service | Li Si |
| 14:58 | Rate-limited reporting service, connections dropped | Li Si |
| 15:05 | Payment service recovered | Zhang San |
| 15:15 | Confirmed full recovery, closed incident | Zhang San |

## Root Cause Analysis

### Direct Cause
The payment service's database connection pool was exhausted by anomalous SQL from the reporting service, preventing payment requests from obtaining database connections.

### 5 Whys Analysis
(Expand the 5 Whys analysis chain here)

### Root Cause
The reporting service and payment service share a database, and the reporting service lacks query timeout and concurrency control.

## What Went Well

- Alert triggered within 2 minutes, timely response
- DBA team identified the problem within 3 minutes of escalation
- Rate limiting took effect quickly, avoiding longer impact

## What Didn't Go Well

- Reporting service shares database with payment service (architecture flaw)
- Reporting service has no query timeout limit (code defect)
- Alert only showed error rate, didn't correlate with database connections (monitoring gap)
- Initial investigation didn't check change records, wasting 5 minutes (process gap)

## Action Items

| # | Action Item | Type | Owner | Due Date | Priority |
|---|--------|------|--------|---------|--------|
| 1 | Isolate reporting service database from payment service | Architecture | Wang Wu | 2026-08-10 | P0 |
| 2 | Add query timeout (30s) and concurrency limit to reporting service | Code | Zhao Liu | 2026-07-20 | P0 |
| 3 | Add database connection count as correlated alert metric | Monitoring | Zhang San | 2026-07-17 | P1 |
| 4 | Add "check change records" step to incident Runbook | Process | Zhang San | 2026-07-17 | P2 |

## Lessons Learned

1. Shared databases are a reliability risk — core services should have independent database instances
2. All queries should have timeout limits — database query timeouts are a basic defense measure
3. Alerts should have correlated context — single-dimension alerts make rapid diagnosis difficult
4. Investigations should start from "recent changes" — 90% of incidents are related to changes

Template Design Principles

  1. “What went well” before “what didn’t go well”: Balance the perspective, prevent the review from becoming a trial
  2. Action items must be trackable: Every item has an owner, due date, and priority
  3. Timeline is factual record, not analysis: Only record “what happened,” don’t speculate here
  4. Lessons should be generalizable: Not “watch out for this SQL next time,” but “all queries need timeout limits”

6. Action Item Tracking Mechanism

Writing the Postmortem is just the beginning — action item implementation is where the real value lies. Many teams hold many reviews but the same incidents keep recurring — the root cause is that action items aren’t tracked and closed.

Action Item Categories

TypeDescriptionExample
Immediate fixTemporary fix executed right after incident recoveryRate-limit the reporting service
Root cause eliminationSystemic improvement that eliminates the root causeDatabase isolation
Defense hardeningAdd defense layers to reduce similar incident impactQuery timeout, connection pool alerts
Process improvementOptimize workflows and standardsAdd configuration checks to change review
Knowledge consolidationUpdate Runbooks, training materialsUpdate database incident troubleshooting Runbook

Tracking Process

Review meeting → Enter action items into tracking system → Regular review (weekly/biweekly)
              → Due date acceptance → Close/extend

Key design principles for action item tracking:

  1. Enter into ticketing system: Action items can’t just live in documents — they must be entered into Jira/ticketing systems and incorporated into normal iterations
  2. Regular review: SRE team reviews all open action items weekly/biweekly, tracks progress
  3. Acceptance criteria: Every action item must have clear acceptance criteria — what does “done” mean?
  4. Overdue handling: Overdue action items need escalation, explaining why and resetting due dates
  5. Trend tracking: Track action item completion rate and average closure cycle as SRE team metrics

Action Item Tracking Dashboard

# Action item status statistics example
postmortem_action_items:
  total: 47
  completed: 32          # 68% completion rate
  in_progress: 10
  overdue: 5             # 5 overdue

  by_priority:
    P0: { total: 8, completed: 8, overdue: 0 }    # P0 must be 100% on time
    P1: { total: 20, completed: 16, overdue: 2 }
    P2: { total: 19, completed: 8, overdue: 3 }

  avg_close_time_days: 18   # Average closure cycle 18 days
  target_close_time_days: 30

Preventing “Zombie” Action Items

The biggest risk in action item tracking is “zombie items” — items that sit open indefinitely but no one pushes forward. Counter-strategies:

  • P0 action items must be completed within 30 days, otherwise the SRE lead must explain why
  • Action items open for more than 90 days are auto-escalated to tech lead review
  • Quarterly action item completion rate tracking — teams below 70% need a root cause analysis (a Postmortem on the action item management process itself)

7. Organizing the Review Meeting

Participants

RoleCountResponsibility
Facilitator1Guide the process, control pace, ensure blameless principles
Incident Commander (IC)1Provide the full picture of the event, decision rationale
On-Call Engineer1-2Provide investigation process details
Related service ownersAs neededProvide technical context
Note taker1Record discussion points in real time
Management representativeOptionalListen but don’t lead; provide resource support

Recommended participant count: 5-8 people. Too many reduces discussion efficiency; too few may miss critical perspectives.

Meeting Process

1. Facilitator reads the blameless principle (2 min)
   → Set the tone: this is about learning, not blame

2. Incident Commander summarizes the event (5-10 min)
   → Timeline review, ensure everyone understands the full picture

3. Section-by-section timeline discussion (15-20 min)
   → Ask "why" at each key time point
   → Record all "went well" and "didn't go well"

4. Root cause analysis discussion (15-20 min)
   → Use 5 Whys or fishbone diagram to derive root cause
   → Confirm consensus on root cause

5. Action item discussion (15-20 min)
   → Brainstorm improvement measures
   → Assign owners and due dates on the spot

6. Summary (5 min)
   → Facilitator reviews root cause and action items
   → Confirm note taker finalizes within 48 hours

The Facilitator’s Core Responsibilities

Review meeting quality largely depends on the facilitator. A good facilitator needs to:

  1. Guard the blameless principle: When blame-oriented comments appear, immediately redirect to systems and processes
  2. Control the pace: Avoid going too deep on one detail; record for “offline discussion” when needed
  3. Ensure root cause depth: If discussion stays at the surface, ask “why does this become a problem”
  4. Focus on action item quality: Action items should be specific, actionable, and owned — “improve training” is not a good action item
  5. Manage emotions: Incident participants may feel frustrated; the facilitator needs to create a safe, constructive atmosphere

8. Postmortem Knowledge Management

Archiving and Searchability

Postmortem documents lose value over time — if they’re not retrieved and reused, writing them is like throwing them into a paper archive.

Archiving best practices:

postmortem/
├── 2026/
│   ├── 01/
│   │   ├── 2026-01-15-payment-db-connection-exhausted.md
│   │   └── 2026-01-22-cache-cluster-failover.md
│   ├── 02/
│   │   └── 2026-02-05-cdn-config-error.md
│   └── 07/
│       └── 2026-07-10-report-sql-overflow.md
├── templates/
│   └── postmortem-template.md
└── index.md    # Index file, categorized by service/root cause

Index file example:

# Postmortem Index

## By Service

### Payment Service
- [2026-01-15 Database Connection Pool Exhaustion](2026/01/2026-01-15-payment-db-connection-exhausted.md)
- [2026-07-10 Reporting SQL Caused Connection Exhaustion](2026/07/2026-07-10-report-sql-overflow.md)

### Cache Cluster
- [2026-01-22 Primary-Replica Failover Failure](2026/01/2026-01-22-cache-cluster-failover.md)

## By Root Cause

### Database-Related Issues
- Connection pool exhaustion × 2
- Primary-replica failover failure × 1

### Configuration Change Issues
- CDN configuration error × 1

Periodic Review

Beyond individual incident reviews, periodic aggregate analysis is recommended:

  1. Quarterly review: Count incident numbers, root cause distribution, action item completion rate for the quarter
  2. Root cause trend analysis: Is a certain root cause decreasing? Are new high-frequency root causes emerging?
  3. Action item ROI assessment: Have completed action items effectively reduced similar incidents?
# 2026 Q2 Postmortem Aggregate Analysis

## Overview
- Total incidents: 23 (SEV1: 3, SEV2: 8, SEV3: 12)
- Postmortems completed: 11/11 (100% coverage for SEV1+SEV2)
- Action item completion rate: 72% (target 80%)

## Root Cause Distribution
| Root Cause Category | Count | Trend |
|---------|------|------|
| Configuration changes | 7 | ↑ |
| Insufficient capacity | 4 | → |
| Dependency failures | 3 | ↓ |
| Code defects | 3 | → |
| Network issues | 2 | ↓ |

## Key Findings
- "Configuration changes" rose for two consecutive quarters; configuration change governance needs strengthening
- Last quarter's "connection pool alerting" action item was effective; database incidents down 50%

9. Organizational Culture Barriers and Breakthroughs

Common Cultural Barriers

When implementing Postmortem culture, you will almost certainly encounter the following resistance:

BarrierManifestationRoot Cause
Blame cultureReviews become trials, participants are defensiveManagement habitually uses blame instead of improvement
FormalismPostmortems become going through the motions, document quality is lowFailure to recognize the true value of reviews
Action items not implementedWritten and archived, no one tracks executionLack of tracking mechanism and accountability
Selective reviewsOnly small incidents reviewed, major ones skipped due to “political sensitivity”Lack of institutional safeguards and transparency
Recurring incidentsSame type of incident keeps happeningAction items not implemented or root cause analysis not deep enough
Low engagementNon-on-call staff don’t care about reviewsKnowledge not shared, review outcomes not disseminated

Breakthrough Strategies

1. Start from Management

Blameless culture can’t be driven only bottom-up by the SRE team. Management’s attitude determines the safety of reviews:

  • When management attends review meetings, they listen only, without judging
  • Review action items require management to provide resource support (headcount, budget)
  • Management OKRs/KPIs should include action item completion rate and recurring incident rate

2. Let Data Speak

Using quantitative data to prove the value of Postmortems is more effective than verbal persuasion:

Before reviews (6 months): Average SEV1+SEV2 incidents per month: 4.2, MTTR 45 min
After reviews (6 months): Average SEV1+SEV2 incidents per month: 2.1, MTTR 28 min
→ Similar incidents down 50%, MTTR reduced 38%

3. Establish Institutional Safeguards for “Blameless”

  • Clear rule: Postmortem documents are not used as performance evaluation inputs
  • Anonymous option: For sensitive incidents, allow anonymous submission of review information
  • Public archiving: Postmortem documents are visible internally across the company, encouraging cross-team learning
  • Reward candor: Recognize individuals who proactively expose problems and propose systemic improvements

4. Lower the Participation Barrier

  • Provide standard templates to lower the writing barrier
  • Keep review meetings to 60-90 minutes, no marathon discussions
  • Have new hires attend as observers, building mentorship
  • Hold periodic “Postmortem share sessions” with representative cases for cross-team sharing

5. Integrate Reviews into Daily Workflow

Incident recovery → Auto-create Postmortem ticket → Set draft deadline
                  → Auto-extract timeline from alerting system
                  → Auto-link related change records
                  → Auto-notify relevant teams when review is complete

Make reviews an organic part of the incident response process, not an extra burden.

10. Automated Postmortem Toolchain

As system scale grows, purely manual Postmortem writing becomes increasingly difficult. Here are some automation directions:

Automated Timeline Generation

# Auto-extract incident timeline from alerting system
def generate_timeline(alert_ids, start_time, end_time):
    timeline = []
    for alert_id in alert_ids:
        alerts = query_alertmanager(alert_id, start_time, end_time)
        for alert in alerts:
            timeline.append({
                "time": alert["starts_at"],
                "event": alert["annotations"]["summary"],
                "severity": alert["labels"]["severity"]
            })

    # Correlate change records
    changes = query_changes(start_time, end_time)
    for change in changes:
        timeline.append({
            "time": change["timestamp"],
            "event": f"Change: {change['description']}",
            "severity": "INFO"
        })

    return sorted(timeline, key=lambda x: x["time"])

Automated Root Cause Recommendations

Based on historical Postmortem root cause classification, match current incidents by similarity and recommend likely root cause directions:

# Root cause recommendation rules example
recommendations:
  - pattern:
      symptoms: ["database connection timeout", "connection count alert"]
      services: ["payment-service"]
    likely_causes:
      - "Insufficient connection pool configuration"
      - "Slow queries exhausting connections"
      - "Connection leak"
    related_postmortems:
      - "2026-01-15-payment-db-connection-exhausted.md"
      - "2026-07-10-report-sql-overflow.md"

Automated Action Item Tracking

# Action item overdue check
def check_overdue_action_items():
    items = query_action_items(status="open")
    for item in items:
        if item["due_date"] < datetime.now():
            # Overdue notification
            notify(item["owner"], f"Action item overdue: {item['title']}")
            # Escalate to manager
            if item["days_overdue"] > 14:
                notify(item["manager"], f"Action item overdue >14 days: {item['title']}")

Summary

The core of Postmortem culture can be summarized in three points:

  1. Blameless doesn’t mean no accountability — it shifts accountability from individuals to systems. Only by understanding why the system allowed an error to occur can you fundamentally prevent incidents.
  2. Root cause analysis must go deep, action items must be concrete. 5 Whys is not going through the motions; action items can’t be empty platitudes like “improve training.”
  3. The value of a review lies in closing the loop. Writing without tracking is the same as not writing; tracking without acceptance is the same as not doing.

A healthy Postmortem culture has the following indicators:

  • Team members proactively initiate reviews after incidents, rather than doing so only when asked
  • Review documents are frequently retrieved and referenced, becoming important learning material for new hires
  • The recurrence rate of similar incidents continues to decline
  • Action item completion rate is stable above 80%
  • The team has a sense of safety and trust around reviews, with no information hiding

Remember the Google SRE saying: “Be ruthlessly hard on problems, but gentle with people.” This is not a slogan — it’s the engineering rationality of Postmortem culture. Because only when people feel safe will they expose the system’s true weaknesses.

References & Acknowledgments

This article referenced the following materials during writing. We thank the original authors for their contributions:

  1. Google SRE Book - Postmortem Culture — Google SRE Team, referenced for Google SRE Book - Postmortem Culture
  2. Google SRE Workbook - Postmortems — Google SRE Team, referenced for Google SRE Workbook - Postmortems