If severities answer "how bad is this incident?", statuses answer "how close are we to getting back to normal?"
The last thing a busy incident response team needs is all the different stakeholders asking "do we know what's wrong here?" or "is this fixed yet?". The correct set of statuses preempt those questions.
Like severities, statuses are the common language across your organization for making sure people know where in the incident lifecycle you are right now.
Choosing the right number of statuses is key. Too few and you'll still be fielding those disruptive questions, too many and you'll waste time deliberating whether an incident is "mostly mitigated" or "fully mitigated".
Like a child on a long car journey, the first question to think about is "are we there yet?" The most basic set of statuses are just "Ongoing" and "Resolved". That lets the rest of your organization know whether there's a known issue right now.
That's probably enough for a small team with short-lived incidents, but as your organization and product grows in complexity so will your incidents.
Let's start during the incident. The key questions the status needs to answer are "do we know what's wrong?" and "is the impact still happening?". You might solve that with:
These statuses should be simple and clear enough that they make sense for responders, internal, and external stakeholders.
As your organization scales, you'll want to put in place processes to help you learn from incidents (we'll go into more detail about this later in this guide).
If you're trying to hold incident leads accountable for following the post-incident process you define, statuses can help you do that. You might split "Resolved" into different stages:
When you're designing your organization's incident response process, it's helpful to think about what incident statuses will be used for. They will: