Why you shouldn't pick someone who didn't participate in the incident as the postmortem owner

When an alert shakes the team, the postmortem is the calm after the storm. It’s where learning happens, where you turn a chaotic incident into clearer processes, better alerts, and a smoother ride next time. But there’s a small, crucial decision that shapes the whole outcome: who owns the postmortem report. Pick the right owner, and the document becomes a useful guide. Pick the wrong one, and you risk gaps in detail and a lot of guesswork.

Let’s walk through the common candidates and why one of them is not the best fit.

Who makes sense as the postmortem owner?

A. Someone who took a leadership role during the incident

• Why they’re appealing: They helped steer the response, saw the sequence of events, and can connect the dots. They’ve got the context on decisions, the why behind actions, and the credibility to push for useful changes. Leadership during an incident often translates into a clear sense of accountability and a readiness to drive improvements.

• The risk to watch for: Leadership doesn’t automatically mean you’ll get a complete, objective view of every contributing factor. Sometimes the perspective gets filtered through the lens of “we did what we had to do,” and that can hide subtler root causes. The key is to keep the tone blameless and invite others to contribute.

B. The primary on-call responder for the affected service

• Why they’re appealing: They know the service inside and out, understand the on-call process, and usually collected a lot of the incident’s telemetry. They’re in the best position to explain what happened from a hands-on perspective, including operational constraints and the sequence of remediation steps.

• The risk to watch for: If the responder is overloaded with follow-up work, the report might become a catalog of actions rather than a thoughtful analysis. Still, with the right guardrails—clear objectives, time for reflection, and input from others—the owner can produce a sharp, actionable document.

C. The person who manually triggered the incident

• Why they’re appealing: They have direct, firsthand awareness of how the trigger propagated and what initial conditions looked like. They can illuminate the entry point and early decisions that set things in motion.

• The risk to watch for: Focusing on the trigger alone can bias the postmortem toward pointing fingers at one individual. The goal is to look at system-wide signals, dependencies, and process gaps. The more the owner can invite a broader set of perspectives, the better the outcomes.

D. Someone who did not participate in the incident

• Why this option is tempting: A neutral observer might seem like a safe choice to avoid bias. The idea is that detachment will ensure objectivity.

• The problem with this choice: A person who didn’t participate is likely to miss critical context—the why behind decisions, the subtle temporal dependencies, and the real-world effects on the users and internal teams. Without firsthand information, the postmortem risks becoming a memory of what “might have happened” rather than a precise, actionable record of what did happen and how to prevent it next time.

Why the “not participated” option falls short (and what to aim for instead)

Think of a postmortem as a map of the incident, from moment zero to resolution, with arrows showing cause, effect, and improvement. The map needs accurate landmarks: who did what, when, and why. A participant’s perspective supplies those landmarks with confidence. If you pick someone who didn’t participate, you’re using a map drawn from secondhand notes, memory gaps, and perhaps post-incident narratives that have already started to blur.

That doesn’t mean only the loudest voices should own the report. It means the owner should have direct exposure to the incident—its timeline, the decisions made under pressure, and the outcomes. The owner doesn’t have to be the sole contributor, but they should anchor the analysis and coordinate input from others who touched the incident in meaningful ways.

Practical criteria for choosing the owner

• Direct relevance: The owner should have visibility into the incident's core events—what happened, how it happened, and what changed as a result. This often comes from someone who led the response, managed the on-call sequence, or triggered the incident.

• Availability for synthesis: The postmortem takes time. The owner should have bandwidth to gather data, interview teammates, and draft a coherent narrative without rushing through it.

• Balance of perspective: It’s smart to involve the owner in a structured process where others contribute. A good approach is to designate a primary owner plus a small review circle who bring diverse angles—engineering, on-call practices, monitoring, and incident management.

• Responsible for action items: The owner should be able to translate findings into concrete improvements, owners, timelines, and metrics. If they’re not comfortable mapping fixes to owners and deliverables, the document risks becoming an academic report rather than a living plan.

A practical approach: collaborative ownership, with a clear lead

Many teams find success by naming a lead owner who is backed by a broader, cross-functional review group. Here’s a simple pattern you can adopt:

• Appoint a lead owner who has direct incident exposure—usually the on-call responder, or the incident commander who coordinated the response.

• Create a small review panel representing the affected service, SRE, security if relevant, and product or engineering.

• Use a structured template for the postmortem that captures: incident timeline, impact assessment, root causes (with evidence), contributing factors, and concrete action items with owners and due dates.

• Hold a blameless discussion with the entire team that informs the owner’s write-up. The goal is to surface data, not to assign fault.

Translating theory into practice: a quick, human-centered workflow

Here’s a friendly, bite-sized flow you can try in your next incident cycle:

1. Gather artifacts early: dashboards, alert histories, chat transcripts, runbooks, and any runbooks you used during the incident. The clock starts the moment the alert fires, but you don’t want to wait until after to collect this data.

2. Map the timeline in a collaborative session. Let the on-call responder or incident commander describe the sequence, then invite others to fill in gaps or correct misremembered moments.

3. Identify contributing factors, not culprits: look at process gaps, monitoring gaps, or dependency fragility. Ask “What failed?” and “Why did this matter?” without pointing fingers.

4. Draft the report with a clear narrative arc: what happened, who was involved, what went well, what didn’t, and what changes will prevent a repeat.

5. Close with actionable items: assign owners, set deadlines, and decide how you’ll track progress. A good postmortem becomes a living document in your incident management toolbox.

A few tips to keep the tone constructive

• Keep the language blameless and factual. Focus on systems and processes, not personalities.

• Use concrete data where possible: percentages of on-call time, mean time to acknowledge, or the false-positive rate of alerts. Numbers help ground the discussion.

• Balance technical detail with clarity for broader audiences. Some readers will be engineers; others might be product managers or incident coordinators.

• Sprinkle real-world analogies to help non-technical readers connect: think of a postmortem as a “checklist after a storm” that helps forecast the next one more smoothly.

A quick digression: how dashboards and automation help

If you’re using PagerDuty or similar tools, you’ve got a trove of signals at your fingertips. Incident timelines, alert routing paths, and on-call schedules can be reviewed in minutes, not hours, once you know what you’re looking for. The real value comes when the owner uses those signals to answer: where did we miss early indicators, did escalation policies work, and where could automation reduce toil next time? The best owners aren’t just good storytellers; they’re excellent collectors of evidence, turning messy events into precise, repeatable improvements.

Why this matters for teams and the broader culture

A strong postmortem process does more than prevent the same incident from happening again. It reinforces a culture where learning is valued over blame, where taking ownership is a driver of improvement, and where transparency builds trust. When the right person leads the postmortem—someone who touched the incident and can speak to its real-world impact—the team gets a clearer picture. It’s not about who’s in charge forever; it’s about who can steer the discussion toward meaningful, implementable changes.

So, who should own the postmortem? The short answer is: someone with direct participation and a steady hand for synthesis. The person who did not participate might seem neutral, but they’re likely to miss essential context. The others—leaders, the primary on-call responder, or the triggerer—each bring a valuable angle. The trick is to pair a capable owner with a collaborative process, a well-structured template, and a clear plan for follow-through.

A final nudge: make it habitual

If you treat postmortems as one-off tasks, you’ll get scattered learnings and mixed results. Make them a regular, scheduled ritual with a consistent template, and you’ll start to see a real shift in how incidents are handled. The team will become more confident in their responses, the user experience will improve, and the number of repeat incidents will drift downward over time.

To wrap it up, the not-recommended option in many teams isn’t about anyone’s character. It’s about the value of firsthand context. If the owner didn’t participate in the incident, the story you tell—however well-meaning—might miss the essential threads that tie actions to outcomes. So aim for ownership grounded in experience, supported by a collaborative process, and anchored in concrete, trackable improvements. That’s how a postmortem becomes not a verdict, but a roadmap for better resilience tomorrow.