🔀

Workflows

What is a workflow?

A workflow is a system containing a set of interdependent events, components, and actions configured in a permutation to apply to a specific organizational use case at a specific point in time alongside metadata that informs configuration.

What workflows does Allma provide?

Allma provides the user with a technical incident workflow out of the box that may be configured to the team’s satisfaction.

Beyond the customizable technical incident workflow, Allma also provides a number of curated workflows which cannot be customized at this time. Workflows can be accessed via /allma new in Slack.

Which workflows are available?

Allma provides the user with a technical incident workflow out of the box that may be configured to the team’s satisfaction.

View the 🛠️ Technical incident workflow’s default configuration

Roles

Incident commander

Description: The primary decision maker for the incident, listening to hypotheses and data presented by participants and delegating actions.

Prerequisties

You must have:

  • A computer
  • A stable internet connection
  • Ability to transfer knowledge in the event of a handoff

Responsibilities

  • Ensure right people are in right channel
  • Gather and synthesize hypotheses
  • Agree on identified problem scope and area
  • Delegate repair actions and continue to reevaluate your approach as needed
  • Ensure someone on the team (if not you) consistently communicates to the business & stakeholders
  • Serve as single source of truth on the status of incident resolution, system, and plan

Communications lead

The core communicator for the incident, conveying status, updates, and technical details to stakeholders, support personnel, and/or customers.

Prerequisites

You must have:

  • A computer
  • A stable internet connection
  • Ability to transfer knowledge in the event of a handoff

Responsibilities

  • Listen to the Incident Commander and follow along on the channel to keep apprised of status and updates
  • Update relevant stakeholders through designated channels (status page, email, chat, etc.) as appropriate
  • Know who knows the customer best and rely on their judgment in communicating with customers
  • Know when to communicate and when to stay silent and wait for updates.
  • Strive for a balance between clear, consistent communication, and dedicated periods of silence during which the team is making progress.

Participant

Description

Team member available to investigate, carry-out actions delegated by the Incident Commander, and actively work towards incident mitigation.

Prerequisites

You must have:

  • A computer
  • A stable internet connection
  • Ability to transfer knowledge in the event of a handoff

Responsibilities

  • Ensure you have accurately synthesized your level of availability and conveyed any relevant subject-matter expertise on the affected services
  • Listen to Incident Commander and take cues on what to investigate
  • Collect and synthesize hypotheses from investigation directly in the channel
  • Carry-out actions that have been delegated to you by the Incident Commander
  • Know when to escalate for helpContinue to communicate directly in the channel, conveying new information and hypotheses as you work through incident mitigation

Watcher

Description

Team member with knowledge or guidance that might contribute to resolution, but is not available to actively investigate or carry-out mitigative actions.

Prerequisites

You must have:

  • A computer

Responsibilities

  • Ensure right people are in the channel
  • Gather and synthesize hypotheses

Severity levels

SEV-0

Severe service outage. Service functionality considered down for all or large portions of customers.

SEV-1

Service outage or degradation that impacts customers.

SEV-2

Service or tool outage or degradation that impacts employees, vendors, partners, or other internal stakeholders.

SEV-3

Service or tool outage that has minimal or no impact but requires a response.

Beyond the customizable technical incident workflow, Allma also provides a number of curated workflows which cannot be customized at this time. Workflows can be accessed via /allma new in Slack.

View the 🎡 Sandbox workflow configuration

Basics

  • Description: Easily play around with Allma in a safe space with your team.
  • Channel prefix: sandbox
  • Privacy: public

Roles

Incident commander

Description: The primary decision maker for the incident, listening to hypotheses and data presented by participants and delegating actions.

Prerequisties

You must have:

  • A computer
  • A stable internet connection
  • Ability to transfer knowledge in the event of a handoff

Responsibilities

  • Ensure right people are in right channel
  • Gather and synthesize hypotheses
  • Agree on identified problem scope and area
  • Delegate repair actions and continue to reevaluate your approach as needed
  • Ensure someone on the team (if not you) consistently communicates to the business & stakeholders
  • Serve as single source of truth on the status of incident resolution, system, and plan

Communications lead

The core communicator for the incident, conveying status, updates, and technical details to stakeholders, support personnel, and/or customers.

Prerequisites

You must have:

  • A computer
  • A stable internet connection
  • Ability to transfer knowledge in the event of a handoff

Responsibilities

  • Listen to the Incident Commander and follow along on the channel to keep apprised of status and updates
  • Update relevant stakeholders through designated channels (status page, email, chat, etc.) as appropriate
  • Know who knows the customer best and rely on their judgment in communicating with customers
  • Know when to communicate and when to stay silent and wait for updates.
  • Strive for a balance between clear, consistent communication, and dedicated periods of silence during which the team is making progress.

Participant

Description

Team member available to investigate, carry-out actions delegated by the Incident Commander, and actively work towards incident mitigation.

Prerequisites

You must have:

  • A computer
  • A stable internet connection
  • Ability to transfer knowledge in the event of a handoff

Responsibilities

  • Ensure you have accurately synthesized your level of availability and conveyed any relevant subject-matter expertise on the affected services
  • Listen to Incident Commander and take cues on what to investigate
  • Collect and synthesize hypotheses from investigation directly in the channel
  • Carry-out actions that have been delegated to you by the Incident Commander
  • Know when to escalate for helpContinue to communicate directly in the channel, conveying new information and hypotheses as you work through incident mitigation

Watcher

Description

Team member with knowledge or guidance that might contribute to resolution, but is not available to actively investigate or carry-out mitigative actions.

Prerequisites

You must have:

  • A computer

Responsibilities

  • Ensure right people are in the channel
  • Gather and synthesize hypotheses

Severity levels

SEV-0

Severe service outage. Service functionality considered down for all or large portions of customers.

SEV-1

Service outage or degradation that impacts customers.

SEV-2

Service or tool outage or degradation that impacts employees, vendors, partners, or other internal stakeholders.

SEV-3

Service or tool outage that has minimal or no impact but requires a response.

Other settings

View the 🎲 Tabletop workflow configuration

Basics

  • Description: Refresh your organization on your incident management program or onboard new engineers.
  • Channel prefix: tabletop
  • Privacy: public

Roles

Tabletop manager

The primary organizer and gamemaster for the tabletop exercise, presenting data and context to simulate a real-life incident without interfering with the flow of the incident, and ensuring that participants stay focused and within the scope of the exercise.

Prerequisites

You must have:

  • A computer
  • A stable internet connection

Responsibilities:

  1. Invite team members into the incident channel
  2. Ensure at least one notification channel is set up for the tabletop exercise
  3. Provide mock incident problem scope and area
  4. Communicate the start of the tabletop exercise to all participants
  5. If applicable, drop in artifacts to simulate a real-life incident

Incident commander

Description: The primary decision maker for the incident, listening to hypotheses and data presented by participants and delegating actions.

Prerequisties

You must have:

  • A computer
  • A stable internet connection
  • Ability to transfer knowledge in the event of a handoff

Responsibilities

  1. Ensure right people are in right channel
  2. Gather and synthesize hypotheses
  3. Agree on identified problem scope and area
  4. Delegate repair actions and continue to reevaluate your approach as needed
  5. Ensure someone on the team (if not you) consistently communicates to the business & stakeholders
  6. Serve as single source of truth on the status of incident resolution, system, and plan

Communications lead

The core communicator for the incident, conveying status, updates, and technical details to stakeholders, support personnel, and/or customers.

Prerequisites

You must have:

  • A computer
  • A stable internet connection
  • Ability to transfer knowledge in the event of a handoff

Responsibilities

  1. Listen to the Incident Commander and follow along on the channel to keep apprised of status and updates
  2. Update relevant stakeholders through designated channels (status page, email, chat, etc.) as appropriate
  3. Know who knows the customer best and rely on their judgment in communicating with customers
  4. Know when to communicate and when to stay silent and wait for updates.
  5. Strive for a balance between clear, consistent communication, and dedicated periods of silence during which the team is making progress.

Participant

Description

Team member available to investigate, carry-out actions delegated by the Incident Commander, and actively work towards incident mitigation.

Prerequisites

You must have:

  • A computer
  • A stable internet connection
  • Ability to transfer knowledge in the event of a handoff

Responsibilities

  1. Ensure you have accurately synthesized your level of availability and conveyed any relevant subject-matter expertise on the affected services
  2. Listen to Incident Commander and take cues on what to investigate
  3. Collect and synthesize hypotheses from investigation directly in the channel
  4. Carry-out actions that have been delegated to you by the Incident Commander
  5. Know when to escalate for help
  6. Continue to communicate directly in the channel, conveying new information and hypotheses as you work through incident mitigation

Watcher

Description

Team member with knowledge or guidance that might contribute to resolution, but is not available to actively investigate or carry-out mitigative actions.

Prerequisites

You must have:

  • A computer

Responsibilities

1. Ensure you have accurately synthesized your level of availability and conveyed any relevant subject-matter expertise on the affected services

2. Listen to Incident Commander and take cues on what to investigate

3. Collect and synthesize hypotheses from investigation directly in the channel

4. Carry-out actions that have been delegated to you by the Incident Commander

5. Know when to escalate for help

6. Continue to communicate directly in the channel, conveying new information and hypotheses as you work through incident mitigation

Severity levels

SEV-0

Severe service outage. Service functionality considered down for all or large portions of customers.

SEV-1

Service outage or degradation that impacts customers.

SEV-2

Service or tool outage or degradation that impacts employees, vendors, partners, or other internal stakeholders.

SEV-3

Service or tool outage that has minimal or no impact but requires a response.

View the 🔒 Security incident workflow configiuration

Basics

  • Description: Start a private channel to run your security investigations.
  • Channel prefix: investigation
  • Privacy: private

Roles

Incident commander

Description: The primary decision maker for the investigation, listening to hypotheses and data presented by participants, delegating actions, and, as needed, communicating progress to senior executives.

Prerequisties

You must have:

  • A computer
  • A stable internet connection
  • Ability to transfer knowledge in the event of a handoff

Responsibilities

1. Ensure right people are in right channel

2. Gather and synthesize hypotheses

3. Agree on the identified threat, scope, and impact

4. Delegate mitigation steps and continue to reevaluate the team’s approach as needed

5. Ensure someone on the team (if not you) communicates to stakeholders and executives

6. Serve as single source of truth on the status of investigation

Communications liaison

The core communicator for the investigation, conveying status, updates, and details to teams outside of the investigation that may be impacted.

Prerequisites

You must have:

  • A computer
  • A stable internet connection
  • Ability to transfer knowledge in the event of a handoff

Responsibilities

1. Listen to the Incident Commander and follow along on the channel to keep apprised of status and updates

2. Update relevant stakeholders through designated channels (email, chat, meetings) as appropriate

3. Know when to communicate and when to stay silent and wait for updates. Strive for a balance between clear, consistent communication, and dedicated periods of silence during which the team is making progress.

Deputy

Security personnel working on the investigation, carrying out actions delegated by the Incident Commander, and actively working towards remediation.

Prerequisites

You must have:

  • A computer
  • A stable internet connection
  • Ability to transfer knowledge in the event of a handoff

Responsibilities

1. Ensure you have accurately synthesized your level of availability

2. Listen to Incident Commander and take cues on what to investigate

3. Collect and correlate evidences and share hypotheses directly in the channel

4. Carry-out actions that have been delegated to you by the Incident Commander

5. Carry-out remediation actions that have been delegated to you by the Incident Commander

6. Continue to communicate directly in the channel, conveying new information and hypotheses as you work through the threat remediation

Subject matter experts

Team members with knowledge or guidance that might contribute to resolution (i.e. Legal, Compliance, CISO, Engineering Leaders).

Prerequisites

You must have:

  • A computer
  • A stable internet connection
  • Ability to transfer knowledge in the event of a handoff

Responsibilities

1. Follow along on the channel to keep apprised of status and updates

2. Provide guidance specific to your area of expertise

3. Communicate clearly to the Incident Commander what you and your team requires to carry out any next steps in your function area.

Severity levels

SEV-0

Critical threat may have been detected, impacting mission critical endpoints. Requires immediate investigation.

SEV-1

Major threat may have been detected, impacting a few top priority endpoints. Requires immediate investigation.

SEV-2

A threat may have been detected, impacting a few endpoints. Requires further investigation during business hours.

SEV-3

A minor threat may have been detected, impacting a few non-mission critical endpoints. Further investigation should be performed during business hours.

View the ❗ Customer escalation workflow configuration

Basics

  • Description: Bring your organization together for troubleshooting customer reported bugs or a customer escalation.
  • Channel prefix: sandbox
  • Privacy: public

Roles

Incident commander

Description: The primary decision maker for the bug report or escalation, listening to hypotheses and data presented by participants and delegating actions.

Prerequisties

You must have:

  • A computer
  • A stable internet connection
  • Ability to transfer knowledge in the event of a handoff

Responsibilities

1. Ensure right people are in right channel

2. Gather and synthesize hypotheses

3. Communicate the problem, scope, and risks

4. Delegate de-escalation steps and continue to reevaluate the team’s approach as needed

5. Ensure someone on the team (if not you) communicates to stakeholders and customers

6. Ensure someone on the team (if not you) bridges the communication between technical and-non technical teams

7. Serve as single source of truth on the status of escalation

Communications liaison

The core communicator between internal teams, conveying consumable status and updates for technical and non-technical teams.

Prerequisites

You must have:

  • A computer
  • A stable internet connection
  • Ability to transfer knowledge in the event of a handoff

Responsibilities

1. Listen to the Incident Commander and follow along on the channel to keep apprised of status and updates

2. Update relevant stakeholders through designated channels (email, chat, meetings, etc) as appropriate

3. Ensure the Customer Facing Lead is provided with relevant and digestible status updates

4. Know when to communicate and when to stay silent and wait for updates. Strive for a balance between clear, consistent communication, and dedicated periods of silence during which the team is making progress.

Customer facing lead

The bridge between your company and the customer, preparing and distributing external facing status updates.

Prerequisites

You must have:

  • A computer
  • A stable internet connection
  • Ability to transfer knowledge in the event of a handoff

Responsibilities

1. Communicate customer expectations and prioritization to the Incident Commander

2. Synthesize status updates provided by the Communication Liaison to create external facing communication

3. Ensures external communication is distributed to customers through the designated channels (statuspage, customer-facing teams, marketing, etc).

4. Continue to communicate directly in the channel, conveying new customer expectations and revise prioritization if applicable

Technical participant

Team member available to troubleshoot, carry-out actions delegated by the Incident Commander, and actively work towards a solution

Prerequisites

You must have:

  • A computer
  • A stable internet connection
  • Ability to transfer knowledge in the event of a handoff

Responsibilities

1. Ensure you have accurately synthesized your level of availability and conveyed any relevant subject-matter expertise on the affected services

2. Listen to Incident Commander and take cues on what to investigate

3. Collect and synthesize hypotheses from investigation directly in the channel

4. Carry-out actions that have been delegated to you by the Incident Commander

5. Know when to escalate for help

6. Continue to communicate directly in the channel, conveying new information and hypotheses as you work through incident mitigation

Watcher

Team member with knowledge or guidance that might contribute to resolution, but is not available to actively investigate or carry-out mitigative actions.

Prerequisites

You must have:

  • A computer
  • A stable internet connection
  • Ability to transfer knowledge in the event of a handoff

Responsibilities

1. Ensure you have accurately synthesized your level of availability and conveyed any relevant subject-matter expertise on the affected services

2. Listen to Incident Commander and take cues on what to investigate

3. Collect and synthesize hypotheses from investigation directly in the channel

4. Carry-out actions that have been delegated to you by the Incident Commander

5. Know when to escalate for help

6. Continue to communicate directly in the channel, conveying new information and hypotheses as you work through incident mitigation

Severity levels

High

Critical mass of tickets reported by customers with the same symptoms, or a business critical customer(s) is experiencing service degradation. Requires all hands on deck until issue(s) is resolved or has concrete next steps.

Medium

Multiple tickets reporting the same symptoms or an escalated customer(s) experiencing service degradation. Requires quicker turnaround time on issues and next steps.

Low

Several tickets reporting the same symptoms or internally observed service degradation impacting a subset of customers. Requires a proactive approach to address issues.