How to Communicate Incidents to Customers
During an outage, your customers aren't grading your architecture — they're grading your communication. Teams recover from incidents with their reputation intact, or even improved, when they communicate early, honestly, and on a predictable rhythm. This guide covers when to post, what to say at each stage, and gives you templates to copy.
The first rule: acknowledge before you understand
The most common mistake is waiting to post until you know what's wrong. From the inside, that feels responsible. From the outside, it's indistinguishable from not knowing your service is down — and customers fill silence with their own theories, support tickets, and screenshots on social media.
Post within minutes of confirming impact, even though all you can honestly say is:
"We're investigating reports of errors affecting the API. Updates to follow within 30 minutes."
That single sentence does three jobs: it tells customers you know, it tells them you're working, and it tells them when to expect more. Nobody expects a root cause in the first ten minutes. They expect a heartbeat.
Use the four stages customers already understand
The investigating → identified → monitoring → resolved progression has become an industry convention, which is precisely its value — no one has to learn your vocabulary.
Investigating
You've confirmed impact but not cause. Say what's affected and what isn't, and commit to a next update time.
"We're investigating elevated error rates on the Payments API beginning 14:02 UTC. Checkout may fail for some customers. Dashboards and data are unaffected. Next update by 14:30 UTC."
Identified
You know the cause and you're fixing it. Plain language, no jargon, a realistic ETA only if you have one.
"We've identified the cause as a failed database failover and are restoring the primary. We expect recovery within 45 minutes. Next update by 15:15 UTC or sooner."
Monitoring
The fix is in and metrics look healthy, but you're watching before calling it done. This stage exists so "resolved" stays meaningful — nothing burns trust like resolving an incident twice.
"A fix has been deployed and error rates returned to normal at 15:05 UTC. We're monitoring for the next 30 minutes before resolving."
Resolved
State the full impact window honestly and, for significant incidents, promise the post-mortem.
"This incident is resolved. The Payments API experienced elevated errors from 14:02 to 15:05 UTC; about 12% of checkout requests failed during that window. We'll publish a post-incident review within 5 business days. We're sorry for the disruption."
Write like a human under oath
- Be specific about impact. "Some users may experience issues" reads as evasive. "About 12% of checkout requests failed" reads as competent.
- Never blame upstream providers by default. Your customers bought from you. "A component of our infrastructure failed" is honest without buck-passing; credit specifics in the post-mortem.
- Don't promise what you don't control. A missed ETA is a second incident. "Next update by 15:15" is a promise you can always keep; "fixed by 15:15" often isn't.
- Keep a cadence even with no news. "Still investigating, next update in 30 minutes" beats silence. Silence reads as abandonment.
- Apologize once, plainly, at resolution. One sincere sentence outperforms three paragraphs of throat-clearing.
Severity sets the tempo
| Severity | Example | First post | Update cadence |
|---|---|---|---|
| Critical | Full outage, data risk | Within 10 minutes | Every 30 minutes |
| Major | Core feature degraded | Within 15 minutes | Every 60 minutes |
| Minor | Edge feature, workaround exists | Within 30 minutes | On material change |
Decide these thresholds before you need them. Mid-incident is the worst time to debate whether something is "major."
Make the status page the single source of truth
Incident communication scattered across email threads, tweets, and support macros drifts out of sync within the hour. Put every update on your public status page first, and let subscriptions (email, webhooks) fan it out from there. Support answers "is it down?" with a link; engineering posts once instead of five times; and after resolution, the timeline doubles as the public record your post-mortem links to.
After the incident: the follow-up is the trust-builder
For major incidents, publish a short post-incident review within a week: what happened, the timeline, the impact, and — most importantly — what you're changing so it doesn't recur. Customers don't expect zero incidents. They expect evidence that each one made you better. Teams that publish honest post-mortems consistently report that customers cite them as a reason for increased confidence.
Opsentry gives you the machinery for all of this — incident management with severity and staged statuses, timestamped public updates, subscriber notifications, and a branded status page — wired directly to external monitoring so detection and communication are one workflow, not two. It's free while in early access.
Related reading: uptime monitoring best practices for SaaS teams and SLA vs SLO vs SLI, explained.