Sev-1
Requires major incident command and leadership visibility
Enterprise Severity Matrix
Severity should reflect business consequence, not just technical noise or who is asking the loudest.
| Severity | Business Impact | Operational Pattern | Required Roles | Approved AI Involvement |
|---|---|---|---|---|
| Sev-1 Critical enterprise disruption |
Major service outage, externally visible disruption, or cross-division impact that materially impairs agency operations. | Major incident command activated immediately with explicit checkpoint cadence, vendor escalation, and leadership visibility. | Incident commander, technical lead, communications lead, business liaison, executive sponsor when needed. | Tier 4 specialist support only for evidence gathering, timeline drafting, communication drafts, and vendor packet preparation. No autonomous service-impacting action. |
| Sev-2 High-impact service degradation |
Shared service degraded for multiple users, critical workflow impaired, or substantial risk to business timing if not restored quickly. | Dedicated incident lead, rapid triage, structured updates, and possible vendor or cross-team escalation. | Service owner, incident lead, technical resolver, communications approver as needed. | Tier 3 or Tier 4 support for diagnostics synthesis, workaround analysis, and draft communications under human approval. |
| Sev-3 Moderate operational impact |
Single service impaired for a limited user group, workaround exists, or business impact is meaningful but contained. | Managed through normal operations with active owner oversight, visible aging, and escalation if impact widens. | Resolver owner, team lead, service owner when aging or recurrence increases. | Tier 2 or Tier 3 support for triage notes, known-error retrieval, duplicate analysis, and next-step drafting. |
| Sev-4 Low business impact |
Routine issue, limited inconvenience, individual user issue, or low-risk request with no broad service consequence. | Normal queue handling, standard prioritization, and no command structure required. | Assigned analyst or service desk owner. | Tier 1 or Tier 2 support for intake clarification, knowledge retrieval, checklist preparation, and status drafting. |
Response Timing And Communication Cadence
Severity means little unless it changes how fast the organization responds and how often it communicates.
| Severity | Target To First Coordinated Update | Communication Rhythm | Escalation Expectation |
|---|---|---|---|
| Sev-1 | Within 10 minutes of declaration | Bridge cadence with stakeholder and leadership updates every 15 to 30 minutes until stable | Immediate command activation, executive awareness, and vendor escalation when applicable |
| Sev-2 | Within 15 minutes of validated shared-service impact | Internal operations updates every 30 minutes; stakeholder updates at agreed checkpoints | Escalate to incident lead, service owner, and vendor or cross-team support as evidence requires |
| Sev-3 | Within 1 business hour | Updates at material change points or if aging crosses the watch threshold | Escalate only if workaround fails, impact spreads, or owner capacity is constrained |
| Sev-4 | Normal queue acknowledgement standard | Status only when ownership, due date, or customer expectation changes | Escalate through standard queue aging or approval bottleneck process |
Example Severity Decisions
These examples anchor the model in the same enterprise scenarios already shown across the platform.
Sev-1Command
Remote Access Broad Outage
140+ users across multiple divisions unable to work reliably.
Why It Fits
Cross-division disruption during business hours with visible business consequence and likely executive interest.
Required Response
Open command bridge, assign roles, control communication cadence, and engage vendor if shared infrastructure is implicated.
Sev-2Shared service
Remote Access Degradation
Reporting and publishing tools remain available, but session instability is slowing multiple teams.
Why It Fits
Major degradation with real operational drag, but partial service remains and command escalation is not yet mandatory.
Required Response
Assign incident lead, gather evidence quickly, prepare workaround options, and keep leadership briefed through checkpoint updates.
Sev-3Contained impact
Public Data Refresh Delay
One publishing workflow may miss the normal update window, with workaround and manual validation available.
Why It Fits
Meaningful impact for one service area, but contained blast radius and available fallback steps prevent higher severity.
Required Response
Resolver owner drives validation, documents workaround use, and escalates only if the delay becomes broader or recurring.
Sev-4Routine
Temporary Staff Access Request
Normal request awaiting business approval, with no active service outage.
Why It Fits
Low service consequence and no shared outage, even if completion timing matters to the requester.
Required Response
Keep it visible in the queue, prompt approvers, and manage through normal request and approval workflow.