Configure automatic escalation policies in Runframe. Set response timers, backup responders, and emergency manager escalation paths.

Escalations

Configure automatic escalation so incidents never fall through the cracks.

Overview

Escalation policies ensure that incidents get attention even when the primary responder doesn't acknowledge. Runframe automatically escalates unacknowledged incidents based on SLA deadlines and configurable rules.

Why escalation matters

Benefit	Explanation
No dropped incidents	SLA breaches trigger automatic escalation
Faster resolution	Get the right people involved quickly
Reduce responder burden	Don't rely on a single person
Executive visibility	Leadership sees critical incidents early
Compliance	Meet internal or regulatory response requirements

How escalation works

Automatic escalation triggers

Runframe escalates when:

Trigger	What happens
Acknowledgment SLA breached – Responder hasn't acknowledged within time limit	Escalate to next level
Resolution SLA breached – Incident not resolved within time limit	Escalate for Critical/High
Priority change – Incident severity escalated	Re-evaluate escalation policy
Manual escalation – Responder requests help via `/inc page`	Immediate escalation to next level

Escalation levels

Runframe uses a 3-level escalation model:

Level	Role	Example
Level 1	Team Lead	@alice (API tech lead)
Level 2	Manager	@bob (Engineering manager)
Level 3	Org Admin	@carol (VP Engineering)

Escalation by severity

Higher severity incidents escalate faster and to higher levels. Critical incidents may reach Org Admin level, while Low incidents typically stop at Team Lead.

Setting up escalation policies

Create an escalation policy

Navigate to Settings → Escalations
Click New Escalation Policy
Configure the policy:
- Name: e.g., "API Backend Escalation"
- Services: Which services this policy applies to
- Escalation levels: Who to notify and when
Click Create Policy

Escalation policy example

API Backend Escalation Policy

Level	Trigger	Notify	Method
Level 1	Acknowledgment SLA breached (15 min)	Team Lead	Slack DM
Level 2	30 minutes without acknowledgment	Manager	Slack DM
Level 3	Resolution SLA breached (1 hour)	Org Admin	Slack DM + email

Severity-specific overrides

Adjust escalation timing based on severity:

Severity	Level 1	Level 2	Level 3
Critical (SEV0)	5 min	15 min	30 min
High (SEV1)	15 min	30 min	1 hour
Medium (SEV2)	30 min	1 hour	—
Low (SEV3)	1 hour	—	—
Pre-emptive (SEV4)	No escalation	—	—

Avoid escalation spam

Don't over-escalate Low and Pre-emptive incidents. Reserve multi-level escalation for true emergencies.

Escalation paths

Linear escalation

The most common pattern—escalate sequentially:

Primary on-call → Team Lead → Manager → Org Admin

Branching escalation

For complex organizations, escalate to different people based on issue type:

Issue type	Escalation path
Database issue	DB on-call → DB lead → DBA team → VP Engineering
Security issue	Security on-call → Security lead → CISO
Payment issue	Payments on-call → Payments lead → CFO

Time-based escalation

Escalate to different people based on time of day:

Time	Escalation target
Business hours (9 AM - 6 PM PT)	Service lead
After hours	On-call manager
Weekends	Executive on-call

Manual escalation

Sometimes you need to escalate before automatic policies kick in.

Page the on-call

From any incident channel, page the on-call for the current incident's services:

/inc page

This sends a Slack DM notification to the on-call engineer.

Escalate early, not late

If you're stuck and making no progress, escalate within 15 to 30 minutes. Don't wait for SLA breach.

Escalation notifications

Runframe uses multiple channels to ensure escalations are seen.

Notification channels by escalation level

Escalation level	Primary	Secondary
Level 1 (Team Lead)	Slack DM	—
Level 2 (Manager)	Slack DM	Email
Level 3 (Org Admin)	Slack DM	Email

SMS notifications

SMS paging is available on plans with the SMS add-on enabled. When available, SMS is added as an additional notification channel. Slack DM is always the primary channel.

Escalation messages

When an incident escalates, Runframe sends:

Incident details – Title, severity, customer impact flag
Current status – How long since incident creation/acknowledgment
Why escalated – Which SLA was breached or why manually escalated
Action needed – "Please acknowledge" or "Please take over"

Example escalation notification:

ESCALATED: INC-042 - Database connection pool exhaustion

Severity: High | Customer Impact: Yes
Time since creation: 25 minutes
Escalation reason: Acknowledgment SLA breached (15 min)

Primary on-call @alice has not acknowledged.
Please acknowledge this incident and take over.

Escalation best practices

Designing escalation policies

Do:

Keep it simple – 3 to 4 levels max
Use timezones – Consider distributed teams
Test regularly – Verify escalation paths work
Document clearly – Everyone should know the escalation path

Don't:

Don't over-escalate – Not every incident needs executive visibility
Don't create bottlenecks – Avoid escalating the same person for multiple services
Don't ignore time off – Escalation should respect on-call overrides
Don't set and forget – Review and update policies quarterly

During escalation

For the person being escalated to:

Acknowledge immediately – Even if just "On it, will update in 5"
Assess the situation – Read the incident channel, check current status
Introduce yourself – Let the team know you're taking over
Decide on next steps – Continue investigation, delegate, or rally support

For the person escalating:

Provide context – Summarize what you've tried so far
Be available – Don't disappear after escalating
Transfer ownership – Update incident assignments to the escalated person
Document the handoff – Note why and when escalation occurred

Post-incident review

After escalations, review:

Was escalation necessary? – Could the primary responder have handled it?
Was escalation timing appropriate? – Too early, too late, or just right?
Did the right person get escalated to? – Should the escalation path change?
What can be improved? – Training, runbooks, or system changes?

Use these insights to refine escalation policies.

Escalation analytics

Track escalation metrics to improve your policies:

Metric	Definition	Goal
Escalation rate	Percentage of incidents that escalate	Under 20%
Time to escalation	Average time from incident to first escalation	Track trends
Escalation by level	How often incidents reach each escalation level	Most should stay at Level 1
Severity vs escalation	Critical-High incidents that didn't escalate (bad) or Low-Preemptive that did (possible over-escalation)	Right-sized escalation

View metrics in the Analytics section of the dashboard.

Examples

Example 1: Simple linear escalation

Startup API Escalation Policy

Level	Trigger	Notify	Method
Level 1	Acknowledgment SLA breached (15 min)	Team Lead	Slack DM
Level 2	30 min without acknowledgment	Manager	Slack DM
Level 3	Resolution SLA breached	CTO	Slack DM + email

Example 2: Severity-based escalation

E-commerce Platform Escalation Policy

Severity	Level 1 (15 min)	Level 2 (30 min)	Level 3 (1 hour)
Critical (SEV0)	Team Lead	Manager	Org Admin
High (SEV1)	Team Lead	Manager	Org Admin
Medium (SEV2)	Team Lead	Manager	—
Low (SEV3)	Team Lead	—	—
Pre-emptive (SEV4)	No escalation	—	—

Example 3: Service-specific escalation

Multi-service Organization

Service	Level 1 (Team Lead)	Level 2 (Manager)	Level 3 (Org Admin)
API	API tech lead	Engineering manager	VP Engineering
Database	DBA lead	Engineering manager	CTO
Payments	Payments lead	Engineering manager	CFO
Frontend	Frontend lead	Engineering manager	VP Engineering

Need more?

Incidents – Incident lifecycle and severity
On-Call – Scheduling and rotations
Slash Commands – Complete /inc command reference
Web Dashboard – Full escalation policy management UI

Escalations

On this page