Incident Response Runbook

First response

Start by pausing the affected workflow, watcher, agent, custom tool, or publishing path. Preserve the exact timestamp, user, screen, prompt, approval state, and affected records before changing settings. If customer-facing behavior is affected, assign an owner for communication and remediation immediately.

Evidence collection

Use audit log review to reconstruct the decision chain and diagnostics and support to capture environment state. Do not send raw logs, credentials, provider keys, payment data, or full customer records to support without redaction.

Recovery path

Decide whether the incident needs rollback, manual correction, provider escalation, hosting support, or a SophMate support request. The update and rollback docs cover release-related recovery, and contact is available for support routing.

Owner and cadence

• Primary owner: support lead or site administrator responsible for triage and evidence handling.
• Review cadence: when an issue is reported, before support contact, and after recovery to improve the runbook.
• Escalate when evidence is incomplete, private data may be exposed, production impact continues, or routing between host, provider, and plugin support is unclear.

Production checklist

• Pause the affected module, preserve timestamps and affected records, assign an incident owner, and stop repeated execution.
• Collect audit records, diagnostics, screenshots, provider status, hosting status, and reproduction steps before changing multiple settings.
• Capture exact timestamp, affected user, affected screen, SophMate version, WordPress version, PHP version, and reproduction steps.
• Redact provider keys, credentials, payment data, private customer details, and raw logs before support handoff.

Acceptance checks

• The team can explain impact, root-cause hypothesis, owner, remediation, and prevention step.
• Support escalation includes redacted evidence and avoids secrets or unrelated customer records.
• The support report lets another operator reproduce or triage the issue without receiving secrets.
• The team knows whether to escalate to hosting, provider support, CodeCanyon support, or internal operations.

Common mistakes

• Retrying or changing settings repeatedly before preserving the exact error report, timestamp, and affected screen.
• Opening support requests with raw logs or vague descriptions instead of redacted diagnostics and reproduction steps.

Related operations

• Start evidence review with Audit Log Review.
• Escalate with Diagnostics and Support.
• Use Incident Response Runbook when production behavior is affected.
• Use Contacting Support before opening a support request.
• Use Support SLA and Escalation Matrix before customer-visible support routing.
• Use Error Reports and Support Codes before redacting or sharing an error report.
• Use Migration and Reindex Review before restarting workflows after updates.
• Use Post-Incident Review and Prevention before returning paused work to normal scope.
• Use Changelog and Release Note Review before release decisions.