For payment institutions worldwide, the definition of an incident tends to be relatively cut-and-dry.
Bank APIs are down. Fraud claims. Mobile apps aren’t operating as intended. The list goes on. For these companies, incidents of this nature are a daily occurrence that are dealt with accordingly. Using an incident management solution, they declare the incident, communicate, resolve, create follow-up actions, and move on to the next one.
In many ways, these companies' incident management tools serve a single purpose: to respond to the list of technical incidents outlined above.
But for the European payments network, TrueLayer, incidents aren’t just relegated to technical issues that SREs and engineers are dealing with. They’re much more than that. They can be anything that affects their reputation, regulatory checkboxes, and even operational issues.
This approach has allowed them to funnel issues that previously had little process behind them into one that leads to faster resolution times, happier customers, and a better reputation.
And incident.io helps them manage all of these with ease.
Reimagining the definition of an incident
As a Technical Support Lead, Elizaveta Shevchenko manages TrueLayer’s “Level Three” support. It’s a crucial role that plays a key part in upholding the high levels of trust that TrueLayer has built with its customers.
“My team consists of engineers with the technical background to understand the code and implement necessary bug fixes,” says Elizaveta.
Before starting her role at Truelayer, Elizaveta worked as an incident lead, which primed her well for her current responsibilities.
Her first action item when joining?
Figuring out exactly how to apply incident.io beyond just technical issues her team was dealing with. Seeing firsthand how transformative the tool was for dealing with incidents, she figured it would be sensible to roll it out for non-technical issues as well.
With time, we were refining our processes and how we were implementing them. We used incident.io for product and service outages. But we also wanted to start using it for what we call ‘operational incidents’ as well.
Operational incidents
For any company managing money, accuracy is incredibly important.
Being off by a single dollar can quickly erode hard-earned trust with customers. And with regulatory obligations, there can also be legal consequences for any errors.
What Elizaveta and her team at Truelayer realized was that they were already using incident.io to declare incidents, and by all accounts, such operational issues were incidents.
So why not funnel them into the incident response process?
“We realized that we already have an app, incident.io, to log incidents. Why not just use it to keep everything in one place? We can extract all the reports we need and manage any response actions in a single location,” says Elizaveta.
“Plus, after an incident, there can be lots of things we need to follow up on. How do we manage that? How do we make sure everything has an owner? incident.io really helped us put things in order.”
Reputational incidents
As for any company, having to deal with someone airing grievances on social media is not ideal, but it can be an unfortunate reality. For TrueLayer, it was important that they had processes in place in the unlikely event that they had to deal with public complaints or more serious reputational issues.
We ran hypothetical scenarios like: what if a customer complained about our product or service? Or an ex-employee said something that compromised the security of the company? What should the team do in these circumstances? How do we handle the comms, ownership, and internal reporting?
While most wouldn’t classify these scenarios as incidents, they are if you take a deeper look.
“We quickly concluded that we need to process these scenarios as proper incidents and have a plan in place to address them swiftly and efficiently. It’s so crucial in our industry.”
Now, by funneling issues like these into incident.io, Elizaveta and her team can more quickly nip any fallout in the bud before it becomes a bigger problem. Another added benefit?
The TrueLayer leadership team gets the visibility they need as well.
Now, our C-levels and VPs are in the loop and are locked into one central system, and they're like, ‘Okay, we know this is being handled.’
Regulatory incidents
As a financial services company, TrueLayer needs to abide by a host of financial regulations designed to keep customers safe and service levels high. One of these regulations revolves around SLAs, or service level agreements, that outline availability metrics for TrueLayer.
Incidents play a direct role in SLAs.
“As a financial company, we are subject to a number of regulations. We have to remain compliant with many things. We have to report numerous metrics like SLAs, and incident.io has helped us to pull many of these metrics,” says Elizaveta.