Overview
Severity is the property that expresses how bad an incident is. It’s the single number responders reach for first — “is this a SEV0 or a SEV2?” — because so much else in the response process keys off it: who gets paged, how urgently, whether the status page is updated, what the retrospective template looks like, and how the incident is counted in your metrics. Severity is a fixed, single-select property. Every incident carries exactly one severity value, and that value is fully customizable — pick the number of levels, their names, colors, and behavior that matches how your team actually calibrates impact.
How Severities Are Used
Severity isn’t just a label — it’s a lever that other Rootly features pull on:Which Severity Should I Pick?
Deciding severity under pressure is the hardest part of severity calibration — new responders default to SEV0 out of caution and burn out the team; old hands default to SEV2 out of habit and miss real emergencies. Use the picker below as a starting point when the answer isn’t obvious, then refine against your team’s specific severity matrix.Designing Your Severity Matrix
There is no universal severity matrix — but there is a small set of patterns that work for most teams. Use these as a starting point, then adjust the wording to match your specific product and customer promises.How Many Levels
Most teams land on four to five severity levels. Fewer than four and you can’t distinguish “everything is broken” from “some things are broken.” More than five and calibration becomes fuzzy — SEV4 and SEV5 stop being meaningfully different, and responders default to SEV3 for everything below the top tier.Impact Dimensions
A well-calibrated matrix considers multiple dimensions of impact — not just “how many users are affected” but also what is affected and for how long. Common dimensions:- User scope — everyone, a large segment, a small segment, individual users
- Feature scope — entire product, one workflow, one screen, edge case
- Data integrity — data loss / corruption / exposure present or not
- Workaround availability — none, painful, minor friction, invisible
- Duration expectation — active, transient, self-resolving
Response Commitments Per Level
Severity levels should tie to concrete response commitments so calibration isn’t just a name — it’s a promise. Common commitments to attach per severity:- Paging urgency — SEV0 pages all-hands immediately; SEV1 pages the owning team; SEV2 pages during business hours; SEV3 assigns without paging
- Incident Commander required — SEV0/SEV1 yes, SEV2/SEV3 optional
- First status-page update within — SEV0: 5 min · SEV1: 15 min · SEV2: 30 min · SEV3: not required
- Retrospective required — SEV0/SEV1 always, SEV2 if user-visible, SEV3 optional
- Executive notification — SEV0 immediately, SEV1 within an hour, SEV2/SEV3 in weekly summary
Example Matrices
SaaS product, four levels
SaaS product, four levels
Regulated industry (fintech / healthtech), five levels
Regulated industry (fintech / healthtech), five levels
Internal tooling / dev platform, three levels
Internal tooling / dev platform, three levels
Configuring Severity Attributes
Configure severities in Configuration → Severities. Each severity can be tuned with the following attributes. Every attribute is available in Liquid syntax for use in workflows, retrospective templates, and status page updates.SEV0, SEV1, SEV2, SEV3 or P1, P2, P3, P4.#c4231c for red, #ed8f17 for orange). Use a color picker if you’re not sure — color-hex.com is a common choice.Best Practices
- Calibrate quarterly. Look at the last 90 days of incidents and ask: did we call any of these wrong in retrospect? Adjust the matrix language, not just individual calls.
- Don’t add SEV4/SEV5 until SEV3 is used regularly. Extra levels only work if you actually distinguish between them. If SEV3 is your effective floor, adding SEV4 just creates a level nobody uses.
- Colors should be intuitive. Red for the top severity, orange/yellow for middle, blue/gray for the lowest. Don’t invent custom mappings — responders read the color before the name and calibration takes twice as long if the color contradicts convention.
- Downgrading is fine; upgrading is expected. Encourage responders to over-page at SEV0 and downgrade within 15 minutes if scope narrows. Under-response at declaration is the failure mode you’re trying to avoid, not over-response.
- Keep the picker open during on-call handoffs. Sharing the picker link (
/configuration/severities#which-severity-should-i-pick) is one of the fastest ways to onboard new responders to the calibration model. - Attach Slack channels + aliases per severity, but require workflow actions to actually use them. This keeps notification behavior explicit and auditable in the workflow list rather than hidden in severity settings.
- Test severity changes in a Test Incident first. If you rework the matrix or add a new severity, declare a
/rootly testand walk the workflows through their branches before the next real incident hits the new definitions.
Troubleshooting
A severity isn't showing up in the picker on the incident form
A severity isn't showing up in the picker on the incident form
Workflows are not auto-inviting Slack channels or user groups on severity change
Workflows are not auto-inviting Slack channels or user groups on severity change
Metrics dashboards show incidents in the wrong severity bucket
Metrics dashboards show incidents in the wrong severity bucket
The severity color isn't rendering correctly on metrics graphs
The severity color isn't rendering correctly on metrics graphs
# (e.g., #c4231c, not c4231c or rgb(196, 35, 28)). Rootly won’t attempt to parse shorthand or non-hex color formats.Responders keep declaring the wrong severity
Responders keep declaring the wrong severity
Frequently Asked Questions
How many severity levels should we have?
How many severity levels should we have?
Can I change severity mid-incident?
Can I change severity mid-incident?
What's the difference between severity and priority?
What's the difference between severity and priority?
Do test incidents count in severity metrics?
Do test incidents count in severity metrics?
/rootly test) are excluded from production metrics regardless of the severity assigned. This is enforced at the Kind level — see Incident Kind for the full behavior matrix.Can I use severity in workflow conditions?
Can I use severity in workflow conditions?
Can severities be team-specific?
Can severities be team-specific?
What happens if a severity is deleted?
What happens if a severity is deleted?