Keeping secrets safe with Private Incidents

Weekly Update

We strongly believe that incidents should be public by default, and that transparency is an important foundation of any good incident process.

However, we recognise that there's clearly exceptions where public incidents aren't appropriate, such as:

  • Security incidents - e.g. data breaches or vulnerabilities
  • Compliance incidents - e.g. to comply with anti money-laundering regulations
  • HR incidents - e.g. to handle a sensitive situation in your team

We've had a lot of requests from our customers to better support this use case, so we've built Private Incidents!

How do Private Incidents work?

When creating an incident after enabling Private Incidents, a user can choose to make it private.

If an incident is private, we will:

  • Create a private Slack channel to manage the incident (as opposed to a public channel, like we do today)
  • Invite the reporter to join the new Slack channel

We will not:

  • Announce the incident in the #incidents channel, or any other channels
  • Make the channel visible to everyone: unlike public incidents, only people with access to the Private Incident will be able to see it in the web dashboard (including any follow-ups)
  • Run any workflows, or automation features like ‘incident watchers’

Controlling access

Any member of a Private Incident can invite someone else, either by inviting them in Slack or via the web dashboard.

You can also revoke someone's access if you need to: everybody makes mistakes!

How can I use it?

Head over to your Settings and enable Private Incidents.

Now, whenever you declare an incident, you'll be asked whether to keep it public, or make it private.

As we've had so many requests for this feature, we're very excited to be releasing it! Take it for a spin, and let us know your feedback by joining our Community and sharing in the #feedback channel.

What we shipped

Here's what else we've been up to:

  • 🐛 Fixed a bug where the 'I'm on it' buttons wouldn't work if you created multiple actions from a workflow.
  • 🐛 You can no longer update your public statuspage from a test incident by going via Incident Home.
  • 🐛 It used to be possible to get into a broken state when uninstalling the GitHub integration: this shouldn't happen any more.
  • 🐛 The incident name is no longer mandatory when declaring an incident from the dashboard.

Operational excellence starts here.