# Incident Communication and Stakeholder Update Runbook

## Trigger
- Any `SEV-1` or externally visible `SEV-2` incident.

## Audience
- Internal: engineering, security, support, product.
- External (as applicable): affected customers and stakeholders.

## Cadence
- `SEV-1`: initial update within 15 minutes, then every 30 minutes.
- `SEV-2`: initial update within 30 minutes, then hourly.

## Message Template
1. Current status (degraded/outage/recovering).
2. Impact scope (features/users/regions).
3. Mitigation actions in progress.
4. Next update time.
5. Workaround (if any).

Use the audience-specific templates and approval gates in
`doc/operations/Incident_Notification_Templates_v1.md`. Do not send customer,
security/legal, or regulator-facing wording until the required approval gate for
that audience is satisfied.

## Approval Gates

- Internal engineering/on-call: incident commander approval.
- Customer/status page: incident commander plus product owner; add
  security/legal approval for security, data, tenant isolation, billing/ledger,
  or secret exposure scenarios.
- Regulator/legal: legal plus security leadership; engineering supplies only a
  technical fact packet.

## Channels
- Internal war-room channel.
- Incident ticket/timeline.
- Status page / customer communication channel (if externally visible).

## Closure
1. Publish resolved notice with end time.
2. Link post-incident report and corrective actions.
3. Track owner/due dates for remediation items.

Record the final `notification_state` and evidence references in Status/Ops
incident posture evidence.