External Communications
When an incident is affecting your customers, you must ensure that they are regularly updated during the outage or degradation. It's part of your role as a service provider to keep your customers up to date on the status, impact, and cause (and possibly other key details as well). Regardless of how you communicate or what tools you use to communicate incidents, changes, or other general messages, there are a set of principles that we recommend following to create the best possible customer experience.
Incident Communications Style Guide
Work to create an incident communications style guide that will help to ensure that your company has a singular voice and tone during the incident response process (regardless of who executes it or when or where the incident occurs). Here are some good core guidelines to follow; however, keep in mind that you should consult with your own corporate communications and legal guidelines to ensure that your specific incident communications style guide meets the requirements of your company at the corporate level.
No Personal Identifiable Information (PII) or Security/Privacy Events | Don't publish any customer information or details related to security, privacy, or data loss events without consultation or review from your legal, security, or leadership teams. | ||||||
---|---|---|---|---|---|---|---|
Personal and Conversational |
Use contractions and first person to give a conversational tone, but don't use information contractions (like that'll).
|
||||||
Use Active Voice by Default |
However, passive voice can be helpful to avoid spotlighting blame.
|
||||||
Keep it Simple | Use concise and simple sentences. | ||||||
Don't Publish Internal Information | Leave out any terminology or phrases that can't be easily found in a public web search. Spell out all acronyms on first use (except for any pre-approved acronyms that you've defined). | ||||||
Don't Air Dirty Laundry |
Don't paint us in a bad light, admit wrongdoing, imply negligence, or reference a single point of failure.
|
||||||
Use a Standard Time Zone | Start times, end times, and any other times that are posted to customers should clearly indicate which time zone it's being presented in so no one has to guess. That should be consistent so your customers know what to expect and the dates and times should be provided in as much detail as possible. Example: Monday, January 1, 2022, at 00:00 UTC |
||||||
Stick to the Facts |
|
||||||
Use Pre-Approved Templates and Phrases |
|
||||||
Peer Review and Sanity Check | Always have another person review any customer-facing content before sending. Have a quality assurance (QA) document as a reviewer's guide. |
Peer Review
If you're asked to perform a peer review, have a checklist established that you can use to review a coworker's incident communications. You can use the example below as a starting point.
-
Writing Check
- No spelling or grammar errors
-
Statements are clear and concise
- Brief and understandable by a general tech audience
- Not needlessly wordy or repetitious
-
Content Check
- Acronyms are spelled out (unless on an approved list)
-
No internal information or PII
- Team names, customers names or content, or anything you can't find in a web search
-
Technical accuracy
- Technical terms used in the correct context
- Server types or purposes referenced
-
Logical progression of actions taken and current status
- By resolution, we provide a complete picture without missing any context
- Not jumping from "We're restarting a subset of services" to "We finished deploying the patch" without context
-
Taxonomy Check
-
Time zone and any calculations are correct
- Next update not scheduled for the past or too far in the future
- Any other selections specific to your incident communications platform are correct
-
Time zone and any calculations are correct