ODOE Major Incident Command

Major Incident Command

High-discipline response surface for active high-severity incidents with clear roles, live decisions, communication control, and next-checkpoint management.

Active Sev-1 Example

Run major incidents with clear roles, timing, and controlled communication.

This page shows how the platform could manage a high-severity event when the normal operations view is no longer enough. It applies the shared severity framework so the commander, technical lead, communications owner, and business liaison stay aligned on current facts, next decisions, and the next update checkpoint.

Incident: MI-2026-004 Service: Remote access Mode: commander-led response
bridge running
1

Active major incident

high impact
140+

Estimated impacted users

clock running
12 min

To next stakeholder update

needs action
2

Pending command decisions

Incident Command Summary

The command view should reduce ambiguity by showing the single agreed operational picture.

Bridge live
Command Element Current State Why It Matters
Service status Degraded remote access across 3 divisions Confirms this is a shared service incident, not a local endpoint issue
Vendor state Evidence pack sent; vendor on active review Shows external dependency and sets expectation for escalation timing
Current workaround No service-impacting workaround approved yet Keeps command pressure on safe decision-making instead of rushed action
Next checkpoint 10:30 AM bridge review and stakeholder update Maintains communication rhythm and decision cadence

Command Roles

Major incidents move faster when roles are explicit and visible from the first minutes of the bridge.

Incident Commander

Owns direction, checkpoint cadence, and final decisions.

John Doe Accountable

Technical Lead

Owns diagnosis, workaround recommendation, and technical evidence quality.

Infrastructure lead Diagnostics owner

Communications Lead

Owns approved messaging to stakeholders, support teams, and leadership.

Service desk lead Message control

Business Liaison

Represents the most affected divisions and clarifies business timing impact.

Program operations Impact validation

Live Bridge Timeline

The command view should keep the event narrative current enough that people stop asking for recap and focus on decisions.

09:06 AM

Sev-1 declared. Command bridge opened and core roles assigned.

09:14 AM

AI-assisted diagnostics bundle assembled and attached. Vendor escalation packet drafted.

09:26 AM

Vendor engaged. No safe workaround approved yet because routing-change risk is still under review.

09:44 AM

Support update issued internally. Stakeholder holding statement approved but not yet sent publicly.

10:18 AM

Current checkpoint: waiting on vendor confirmation and commander decision on contingency communication.

Current Decision Log

Major incident command works best when the open decisions are obvious and time-bound.

Decision Owner Due Current State
Approve contingency stakeholder update Incident commander + communications lead 10:30 AM Pending validation of service stability trend
Approve any gateway failover or routing change Infrastructure lead + commander 10:30 AM Blocked until vendor confirms safe fallback path
A major incident page should reduce noise, surface decisions, and keep the whole response operating from one controlled picture of the event.