Culture · Oct 19, 2025 · 10 minute read

Stop Writing Postmortems No One Reads: Build the Loop That Turns Incidents into a Modernization Backlog

If your incident reviews don’t change your roadmap, you’re paying outage tax without reducing future risk. Here’s the concrete loop that converts reviews into prioritized modernization work—without boiling the ocean or fighting Finance.

Alex Kim

Principal Consultant, GitPlumbers

20+ years shipping and rescuing software at scale—ex-AWS, ex-Stripe SRE manager. I help teams turn incident chaos into reliable delivery using SLOs, GitOps, and ruthless simplification.

“If your incident review doesn’t change the roadmap, it’s theater. Ship the fix, prove the risk reduction, and publish the receipts.”
Back to all posts

The moment you realize the PDF didn’t fix anything

I’ve sat in too many incident reviews where a beautifully formatted Confluence page dies in someone’s bookmarks. Meanwhile, the same class of issue pages us two weeks later. At one fintech, we had a 17-page “root cause” on a Kafka consumer lag spike—great diagrams, zero follow-through. Six months later, same outage, different product. That’s not learning; that’s expensive documentation.

What actually works: make the review a gateway to a modernization backlog that is scored, prioritized, funded, and delivered. Not a side quest. Part of the roadmap.

The loop that earns funding (and respect)

This is the repeatable loop we deploy at GitPlumbers:

  1. Review: 45 minutes, blame-free, with a template that captures structured fields.
  2. Classify: Map findings to a small set of modernization categories (e.g., observability gap, schema migration, upgrade, resiliency pattern, toil automation, runbook/process gap).
  3. Score: Compute a risk-weighted value from SLO burn, toil hours, blast radius, recurrence.
  4. Backlog: Auto-create or update Jira/ServiceNow items in a dedicated “Modernization” board with explicit SLAs.
  5. Fund: Monthly “modernization council” aligns spend/timebox per product line.
  6. Ship: Deliver via normal change process (GitOps/ArgoCD/Flux, CAB as needed).
  7. Measure: Tie to SLOs, MTTR, recurrence, and toil hours. Publish a simple scorecard.

Keep the taxonomy and scoring small enough to fit on a slide. If you need a data scientist to compute your risk score, you’ve already lost the room.

Rituals and leadership behaviors that make it stick

You don’t need more meetings—you need the right ones with crisp outcomes.

  • Weekly incident triage (30 minutes, max)

    • Attendees: product lead, SRE lead, ops manager, on-call rep, platform rep.
    • Agenda: review last week’s incidents, verify classification, confirm risk score, move items into the modernization backlog or close with rationale.
    • Output: Jira/ServiceNow updates with owners and deadlines.

  • Monthly modernization council (45 minutes)

    • Attendees: engineering directors, product ops, finance partner, risk/compliance.
    • Agenda: review top N scored items, approve budgets/timeboxes, capture trade-offs. No rabbit holes.
    • Output: a one-page decision log posted in Slack and Confluence.

  • Leadership behaviors

    • No blame. Focus on guardrails and systems. Ask “what assumption failed?” not “who pushed the button?”.
    • Visible decisions. Publish what got funded and why. This is how you avoid rumor-driven resentment.
    • Guardrails > heroics. Celebrate boring reliability wins, not 3 a.m. firefights.
    • Tie to strategy. Connect modernization items to goals: market uptime SLAs, compliance, cost-to-serve, speed of delivery.

The fastest way to kill this loop is to treat it as platform backlog. It’s a product capability investment. Speak in customer and risk terms.

Use templates and automation before you build a platform

Make the review capture machine-readable fields so automation can do the boring bits. Start simple:

  • Incident review template (GitHub/Confluence). Use numeric fields for scoring.
# .github/ISSUE_TEMPLATE/incident-review.yml
name: Incident Review
labels: [incident-review]
body:
  - type: input
    id: service
    attributes:
      label: Affected Service
  - type: dropdown
    id: category
    attributes:
      label: Modernization Category
      options: [observability-gap, upgrade, schema-migration, resiliency-pattern, toil-automation, runbook-gap]
  - type: input
    id: slo_burn_percent
    attributes:
      label: SLO Burn (% of monthly budget)
      placeholder: "e.g., 15"
  - type: input
    id: toil_hours
    attributes:
      label: Toil Hours (past 30 days)
      placeholder: "e.g., 12"
  - type: dropdown
    id: blast_radius
    attributes:
      label: Blast Radius
      options: [team, product, multi-product, enterprise]
  - type: dropdown
    id: recurrence
    attributes:
      label: Recurrence (90 days)
      options: [first, sporadic, frequent]
  - type: textarea
    id: mitigation
    attributes:
      label: Proposed Fix
  • Risk scoring (kept in code so you can tweak weights without bike-shedding in meetings):
// risk-score.ts
export function riskScore({ sloBurn, toilHours, blastRadius, recurrence }: {
  sloBurn: number; // 0-100
  toilHours: number; // 0-200
  blastRadius: 'team'|'product'|'multi-product'|'enterprise';
  recurrence: 'first'|'sporadic'|'frequent';
}) {
  const radius = { team: 1, product: 2, 'multi-product': 3, enterprise: 4 }[blastRadius];
  const recur = { first: 1, sporadic: 2, frequent: 3 }[recurrence];
  // weights tuned to bias toward customer impact and systemic risk
  return Math.round(0.5*sloBurn + 0.3*toilHours + 10*radius + 15*recur);
}
  • Jira automation: create/update a “Modernization” issue with the score, labels, and SLA.
curl -u "$JIRA_USER:$JIRA_TOKEN" \
  -H 'Content-Type: application/json' \
  -X POST https://yourcompany.atlassian.net/rest/api/3/issue \
  -d '{
    "fields": {
      "project": {"key": "MOD"},
      "issuetype": {"name": "Story"},
      "summary": "[Observability] Reduce 95p latency SLO burn on checkout",
      "description": "Derived from incident INC-4321. Proposed fix: add RED metrics, tighten circuit breaker, add canary.",
      "labels": ["modernization", "observability-gap"],
      "customfield_12345": 78
    }
  }'
  • Prioritization view (JQL):
project = MOD AND labels in (modernization) ORDER BY cf[12345] DESC, priority DESC, created ASC
  • SLO context (Prometheus):
# 1h burn rate for 99.9% latency SLO
sum(rate(slo_errors:latency_budget_exhausted:ratio[1h])) / 0.001

You can do the same with ServiceNow if that’s your world. Point is: structured fields in, automation out.

Prioritization that survives Finance and CAB

Scoring only works if it maps to business outcomes and evidence you can hand auditors.

  • Inputs that matter

    • SLO burn: percentage of monthly error budget consumed by this class of incidents.
    • Toil hours: on-call and manual ops time in the last 30/90 days.
    • Blast radius: scope of impact if it recurs.
    • Recurrence: frequency within a period.
    • Optional: Compliance risk (SOX/PCI/HIPAA), Customer ARR at risk, Change failure rate history.

  • Translate to decisions

    • Items above a score threshold get a delivery SLA (e.g., start within 2 sprints).
    • Upgrades and resiliency patterns can be bundled into quarterly epics (e.g., “Java 11 -> 17, Spring Boot 2.7 -> 3.x, Istio 1.17 -> 1.21”).
    • Tie big-ticket items to programs approved in the council (e.g., “Checkout Resilience Q3”).

  • Evidence for CAB/SOX

    • Link incident IDs, review docs, SLO charts, and test evidence to the modernization issue.
    • Use GitOps (ArgoCD/Flux) so change manifests and approvals are auditable.
# sloth SLO example (yaml) tracked alongside app code
apiVersion: sloth.slok.dev/v1
kind: PrometheusServiceLevel
metadata:
  name: checkout-latency
spec:
  service: checkout
  slos:
    - name: latency-99p
      objective: 99.9
      sli:
        events:
          errorQuery: sum(rate(http_request_duration_seconds_bucket{le="0.5",service="checkout"}[5m]))
          totalQuery: sum(rate(http_request_duration_seconds_count{service="checkout"}[5m]))
      alerting:
        name: SLOBurn
        labels: { team: checkout }
        annotations: { runbook: https://runbooks/checkout-latency }

Shipping the fixes and proving impact

Modernization is only real when it ships and reduces risk. Make that visible.

  • Delivery flow

    • Always behind a feature flag (LaunchDarkly/OpenFeature) and a canary before full rollout.
    • Use ArgoCD apps for infra and app config so you can diff and roll back safely.
    • Add a runbook PR with each fix; no runbook, no merge.

  • Measure impact

    • Before/after SLO burn for the affected SLI.
    • MTTR trend on that service.
    • Recurrence: did the class of incident disappear for 90 days?
    • Toil hours removed: get on-call to log deltas in a simple sheet or Opsgenie/PagerDuty notes.
    • DORA: watch change failure rate so you’re not buying reliability at the expense of speed.

  • Scorecard snippet (what we publish monthly):

Service: Checkout
- Modernization items shipped: 4 (observability:2, resiliency:1, upgrade:1)
- SLO burn reduction: 38% month-over-month
- MTTR: 68m -> 27m
- Recurring incidents (90d): 5 -> 1
- Toil hours removed: ~22/mo
- Change failure rate: stable (19% -> 17%)

Enterprise constraints you can’t ignore (and how to work with them)

  • CAB windows and change freezes

    • Batch low-risk items and ship pre-freeze; use canaries to reduce rollback blast radius.
    • Pre-approve categories (e.g., agent upgrades) with guardrails to skip full CAB review.

  • SOX/PCI evidence

    • Auto-attach review docs, test evidence, and approvals to the Jira/ServiceNow record.
    • Keep a read-only index in Confluence for auditors with links to Git commits and ArgoCD app diffs.

  • Security sign-off

    • Partner early; make “platform upgrade” epics include SBOM updates and vulnerability budget burn-down.

  • Vendor constraints

    • Where vendors lock you in (e.g., managed DBs with slow upgrade cycles), document the risk and push on the relationship. Use the score to justify priority escalations.

  • Budget cycles

    • Use the monthly council to allocate a small rolling reserve (e.g., 10-15% capacity) for high-score items. This avoids annual planning purgatory.

A pragmatic 30/60/90-day rollout

  • Days 0-30: One product line pilot

    • Adopt the template and risk score. Run the weekly triage. Create the MOD board.
    • Ship two small wins (e.g., add RED metrics, implement a circuit breaker with resilience4j).

  • Days 31-60: Expand and formalize

    • Start the monthly council. Add SLOs if missing (Sloth or slo-generator).
    • Wire up automation (Jira JQL boards, confluence index, Prometheus burn-rate alerts).

  • Days 61-90: Institutionalize

    • Publish the first modernization scorecard. Feed results into QBRs.
    • Push for pre-approved change categories. Tune weights based on observed outcomes.

If you do this right, incident reviews stop being a moral report and start being a pipeline to fewer pages and real platform maturity.

Related Resources

Key takeaways

  • Modernization must be funded by incident impact, not vibes—tie every review to SLO burn, toil hours, and blast radius.
  • Create a repeatable loop: review -> classify -> score -> backlog -> fund -> ship -> measure.
  • Use lightweight automation (Jira/ServiceNow + templates + JQL) before building a platform.
  • Leaders set the tone: no blame, clear guardrails, visible decisions, and a monthly modernization council.
  • Track hard outcomes: SLO burn rate, MTTR, change failure rate, toil hours removed, and recurring incident reduction.
  • Start with one product line for 30 days; expand only when the loop is boringly repeatable.

Implementation checklist

  • Define a shared incident taxonomy and modernization categories.
  • Template your review doc with fields that drive automation (numeric fields, labels).
  • Automate issue creation with a risk score and SLA for follow-up.
  • Stand up a weekly 30-minute incident-to-modernization triage ritual.
  • Publish a monthly modernization council decision log.
  • Track 5 metrics: SLO burn, MTTR, toil hours removed, change failure rate, recurrence rate.
  • Integrate with CAB/controls so evidence auto-attaches for audits.

Questions we hear from teams

What if we don’t have SLOs yet?
Start with a proxy: 95p latency and error rate for top endpoints, or simple availability (5xx/total) from your gateway. Use Sloth or slo-generator to codify SLIs and iterate. Don’t let perfect block the loop.
How do we avoid blame while still holding people accountable?
Separate behavior from system design. Reviews are for learning and system guardrails; accountability happens in 1:1s and process changes. Leaders model curiosity, not punishment. Track commitments in the modernization board with owners and dates.
Finance won’t fund platform work—now what?
Translate risk to dollars: ARR at risk from SLO burn, support costs from toil, and probability-weighted outage costs. Use the scorecard to show reduced burn and fewer incidents month-over-month. Fund via a small rolling reserve (10–15% capacity).
We’re buried in legacy. Where do we start?
Pick one product line. Run the loop for 30 days. Prioritize observability gaps and high SLO burn first—they expose hidden risk and make future fixes faster. Bundle unavoidable upgrades into a quarterly epic and ship behind feature flags.
Will this slow down feature delivery?
In the first month you’ll feel the drag. By month two, MTTR drops and engineers stop babysitting brittle systems. Over a quarter, change failure rate falls and feature throughput recovers because you’re not firefighting the same class of incidents.

Ready to modernize your codebase?

Let GitPlumbers help you transform AI-generated chaos into clean, scalable applications.

Run the 30-day Incident-to-Modernization Sprint Download the templates (issue, score, JQL)

Related resources