Escalations
Configure automatic escalation so incidents never fall through the cracks.
Overview
Escalation policies ensure that incidents get attention even when the primary responder doesn’t acknowledge. Runframe automatically escalates unacknowledged incidents based on SLA deadlines and configurable rules.
Why escalation matters
| Benefit | Explanation |
|---|---|
| No dropped incidents – SLA breaches trigger automatic escalation | |
| Faster resolution – Get the right people involved quickly | |
| Reduce responder burden – Don’t rely on a single person | |
| Executive visibility – Leadership sees critical incidents early | |
| Compliance – Meet internal or regulatory response requirements |
How escalation works
Automatic escalation triggers
Runframe escalates when:
| Trigger | What happens |
|---|---|
| Acknowledgment SLA breached – Responder hasn’t acknowledged within time limit | Escalate to backup or manager |
| Resolution SLA approaching – Incident not resolved within 80% of resolution SLA | Notify incident lead and manager |
| Resolution SLA breached – Incident not resolved within time limit | Executive escalation for P0-P1 |
Manual escalation – Responder requests help via /inc page | Immediate escalation to next level |
Escalation levels
Runframe supports multiple escalation levels:
| Level | Description | Example |
|---|---|---|
| Level 0 | Primary on-call | @alice (API on-call) |
| Level 1 | Backup on-call | @bob (API backup) |
| Level 2 | Service lead | @carol (API tech lead) |
| Level 3 | Engineering manager | @dave (Engineering manager) |
| Level 4 | Executive | @eve (VP Engineering) |
Escalation by severity
Higher severity incidents escalate faster and to higher levels. P0 incidents may escalate directly to executives, while P3 incidents might only notify a backup.
Setting up escalation policies
Create an escalation policy
- Navigate to Settings → Escalations
- Click New Escalation Policy
- Configure the policy:
- Name: e.g., “API Backend Escalation”
- Services: Which services this policy applies to
- Escalation levels: Who to notify and when
- Click Create Policy
Escalation policy example
API Backend Escalation Policy
| Level | Trigger | Notify | Method |
|---|---|---|---|
| Level 1 | Acknowledgment SLA breached (15 min) | Backup on-call | Slack DM + SMS |
| Level 2 | 30 minutes without acknowledgment | Service lead | Slack DM + SMS |
| Level 3 | Resolution SLA breached (1 hour) | Engineering manager | Slack DM + phone call |
| Level 4 | 2 hours without resolution | VP Engineering | Slack DM + phone call |
Severity-specific overrides
Adjust escalation timing based on severity:
| Severity | Level 1 | Level 2 | Level 3 | Level 4 |
|---|---|---|---|---|
| P0 | 5 min | 10 min | 30 min | 1 hour |
| P1 | 15 min | 30 min | 1 hour | 2 hours |
| P2 | 30 min | 1 hour | 2 hours | — |
| P3 | 1 hour | 2 hours | — | — |
| P4 | No escalation | — | — | — |
Avoid escalation spam
Don’t over-escalate P3 and P4 incidents. Reserve multi-level escalation for true emergencies.
Escalation paths
Linear escalation
The most common pattern—escalate sequentially:
Primary on-call → Backup → Service lead → Manager → ExecutiveBranching escalation
For complex organizations, escalate to different people based on issue type:
| Issue type | Escalation path |
|---|---|
| Database issue | DB on-call → DB lead → DBA team → VP Engineering |
| Security issue | Security on-call → Security lead → CISO |
| Payment issue | Payments on-call → Payments lead → CFO |
Time-based escalation
Escalate to different people based on time of day:
| Time | Escalation target |
|---|---|
| Business hours (9 AM - 6 PM PT) | Service lead |
| After hours | On-call manager |
| Weekends | Executive on-call |
Manual escalation
Sometimes you need to escalate before automatic policies kick in.
Request escalation from Slack
From any incident channel:
/inc pageThis pages the on-call for the current incident’s services. For more control:
/inc escalate @usernameDirectly assign and notify a specific person.
Escalate to service lead
When stuck, escalate to the person who knows the service best:
/inc escalate --role leadManager escalation
For incidents needing leadership visibility or decision-making:
/inc escalate --role managerEscalate early, not late
If you’re stuck and making no progress, escalate within 15 to 30 minutes. Don’t wait for SLA breach.
Escalation notifications
Runframe uses multiple channels to ensure escalations are seen.
Notification channels by escalation level
| Escalation level | Primary | Secondary |
|---|---|---|
| Level 1 (Backup) | Slack DM | SMS |
| Level 2 (Lead) | Slack DM | SMS + phone call |
| Level 3 (Manager) | SMS + phone call | Slack DM |
| Level 4 (Executive) | Phone call | SMS |
Escalation messages
When an incident escalates, Runframe sends:
- Incident details – Title, severity, customer impact flag
- Current status – How long since incident creation/acknowledgment
- Why escalated – Which SLA was breached or why manually escalated
- Action needed – “Please acknowledge” or “Please take over”
Example escalation notification:
ESCALATED: INC-042 - Database connection pool exhaustion
Severity: P1 | Customer Impact: Yes
Time since creation: 25 minutes
Escalation reason: Acknowledgment SLA breached (15 min)
Primary on-call @alice has not acknowledged.
Please acknowledge this incident and take over.Escalation best practices
Designing escalation policies
Do:
- Keep it simple – 3 to 4 levels max
- Use timezones – Consider distributed teams
- Test regularly – Verify escalation paths work
- Document clearly – Everyone should know the escalation path
Don’t:
- Don’t over-escalate – Not every incident needs executive visibility
- Don’t create bottlenecks – Avoid escalating the same person for multiple services
- Don’t ignore time off – Escalation should respect on-call overrides
- Don’t set and forget – Review and update policies quarterly
During escalation
For the person being escalated to:
- Acknowledge immediately – Even if just “On it, will update in 5”
- Assess the situation – Read the incident channel, check current status
- Introduce yourself – Let the team know you’re taking over
- Decide on next steps – Continue investigation, delegate, or rally support
For the person escalating:
- Provide context – Summarize what you’ve tried so far
- Be available – Don’t disappear after escalating
- Transfer ownership – Update incident assignments to the escalated person
- Document the handoff – Note why and when escalation occurred
Post-incident review
After escalations, review:
- Was escalation necessary? – Could the primary responder have handled it?
- Was escalation timing appropriate? – Too early, too late, or just right?
- Did the right person get escalated to? – Should the escalation path change?
- What can be improved? – Training, runbooks, or system changes?
Use these insights to refine escalation policies.
Escalation analytics
Track escalation metrics to improve your policies:
| Metric | Definition | Goal |
|---|---|---|
| Escalation rate | Percentage of incidents that escalate | Under 20% |
| Time to escalation | Average time from incident to first escalation | Track trends |
| Escalation by level | How often incidents reach each escalation level | Most should stay at Level 1 |
| Severity vs escalation | P0-P1 incidents that didn’t escalate (bad) or P3-P4 that did (possible over-escalation) | Right-sized escalation |
View metrics in the Analytics section of the dashboard.
Examples
Example 1: Simple linear escalation
Startup API Escalation Policy
| Level | Trigger | Notify | Method |
|---|---|---|---|
| Level 0 | Incident created | Primary on-call | Slack DM |
| Level 1 | 15 min without acknowledgment | Backup on-call | Slack DM + SMS |
| Level 2 | 45 min without acknowledgment | CTO | Phone call |
Example 2: Severity-based escalation
E-commerce Platform Escalation Policy
| Severity | Level 1 (15 min) | Level 2 (30 min) | Level 3 (1 hour) |
|---|---|---|---|
| P0 | Backup on-call | Service lead | VP Engineering |
| P1 | Backup on-call | Service lead | Engineering manager |
| P2 | Backup on-call | Service lead | — |
| P3 | Backup on-call | — | — |
| P4 | No escalation | — | — |
Example 3: Service-specific escalation
Multi-service Organization
| Service | Level 1 | Level 2 | Level 3 |
|---|---|---|---|
| API | API backup | API lead | VP Engineering |
| Database | DBA backup | DBA lead | CTO |
| Payments | Payments backup | Payments lead | CFO |
| Frontend | Frontend backup | Frontend lead | Engineering manager |
Need more?
- Incidents – Incident lifecycle and severity
- On-Call – Scheduling and rotations
- Slash Commands – Complete
/inccommand reference - Web Dashboard – Full escalation policy management UI