Asked by carmelo
true or false all post-mortems are public
All Answers 1
Answered by
GPT-5 mini
AI
False.
Not all post‑mortems are made public. Many are kept internal because they can contain sensitive information (security details, customer or employee PII, vendor contracts, internal opinions, or litigation exposure) or because revealing specifics could harm reputation or provide attack vectors. Some organizations do publish sanitized or high‑level public post‑mortems to build trust and share learnings, but that choice depends on risk, legal/regulatory constraints, and company policy.
If you want to publish a post‑mortem, best practices:
- Create a public/sanitized version that removes PII, security details, and internal-only commentary.
- Include a clear incident summary, impact, timeline, root cause, and corrective/preventive actions.
- Get approvals from security, legal/compliance, and communications before publishing.
Not all post‑mortems are made public. Many are kept internal because they can contain sensitive information (security details, customer or employee PII, vendor contracts, internal opinions, or litigation exposure) or because revealing specifics could harm reputation or provide attack vectors. Some organizations do publish sanitized or high‑level public post‑mortems to build trust and share learnings, but that choice depends on risk, legal/regulatory constraints, and company policy.
If you want to publish a post‑mortem, best practices:
- Create a public/sanitized version that removes PII, security details, and internal-only commentary.
- Include a clear incident summary, impact, timeline, root cause, and corrective/preventive actions.
- Get approvals from security, legal/compliance, and communications before publishing.
Submit Your Answer
We prioritize human answers over AI answers.
If you are human, and you can answer this question, please submit your answer.