SOP-EXEC-escalation-incident-handling-v1.0¶
1. Purpose¶
Operationalize CLAUDE.md Section 11 into a runnable procedure. Section 11 defines what triggers escalation to the CEO; this SOP defines how to file, route, acknowledge, and close incidents — so agents do the same thing every time rather than improvising under pressure.
Relationship to CLAUDE.md Section 11: Section 11 is the authoritative trigger table. This SOP does not override it. If there is ever a conflict between this SOP and Section 11, Section 11 wins. Report the conflict to chief.staff as an SOP Delta per SOP-OPS-sop-change-management.
2. Severity Definitions¶
These map directly to CLAUDE.md Section 6E severity guide.
| Severity | Definition | Target resolution |
|---|---|---|
| SEV1 | Production outage, data-loss risk, customer-facing failure, security incident | Immediate CEO notification; resolution underway within 1 hour |
| SEV2 | Workflow blocker, handoff failure, SOP breach, agent operating with stale governance | CoS resolution target: within 4 hours; CEO notified if unresolved at 4h |
| SEV3 | Documentation gap, process friction, non-blocking defect, known configuration gap | Standard SOP update path; resolved within next business day |
SEV classification authority: The filing agent assigns initial severity. chief.staff may reclassify up or down at review.
3. Incident File Structure¶
Every incident is filed at /Claude/operations/incidents/open/INC-{YYYY-MMDD}-{slug}.md using this template:
---
incident_id: INC-{YYYY-MMDD}-{slug}
severity: SEV{1|2|3}
status: Open
filed_by: {agent_id}
filed_at: {YYYY-MM-DD HH:MM PST}
owner: {agent responsible for resolution}
---
INCIDENT REPORT
──────────────────────────────
Severity: SEV{N}
What Failed: {concise description}
Where It Failed: {file path, agent, workflow, or system component}
Why It Likely Failed: {root cause hypothesis}
Temporary Mitigation: {what's been done to stop the bleeding}
Recommended SOP Update: {if applicable — what SOP needs to change}
Prevention Owner: {who should implement the fix}
File naming: INC-{YYYY-MMDD}-{kebab-case-slug}.md. Example: INC-2026-0421-sop-index-gap-discovered.md.
4. Filing Procedure by Severity¶
SEV1 — Immediate¶
- File incident at
/Claude/operations/incidents/open/(do not spend more than 5 minutes on the initial file — ship what you know, update in place) - Notify CEO immediately via Slack DM to Rick's personal channel — format:
🔴 SEV1 INCIDENT: {what failed} — {INC-ID} — action needed - Notify chief.staff via
#agent-handoffs— she takes coordination ownership - Begin mitigation — don't wait for acknowledgment before acting on a known fix
- Update incident file as facts are known (add What/Where/Why as they become clear)
- Close when: system restored, no ongoing risk, root cause documented, prevention owner assigned
SEV2 — Within the hour¶
- File incident at
/Claude/operations/incidents/open/ - Notify chief.staff via
#agent-handoffs— format:🟡 SEV2: {INC-ID} — {one-line description} — assigned to you - chief.staff acknowledges and begins resolution
- If unresolved at 4 hours: chief.staff notifies CEO per CLAUDE.md Section 11
- Close when: blocker removed, handoff completed, SOP breach remediated, root cause documented
SEV3 — Next enforcement sweep¶
- File incident at
/Claude/operations/incidents/open/ - No immediate notification required — chief.staff picks it up at next enforcement sweep (8:30 AM or 6:00 PM)
- chief.staff routes to the appropriate agent for resolution in next session
- Close when: documentation gap filled, process friction addressed, SOP updated
5. CEO-Directed Escalation (per CLAUDE.md Section 11)¶
These trigger immediate CEO notification regardless of severity classification:
| Trigger | Who files | CEO notification |
|---|---|---|
| Second missed daily check-in in rolling 7-day window | chief.staff | Slack DM |
| Handoff failure causing project delay | Filing agent + chief.staff | CEO Daily Summary + DM if urgent |
| SOP breach by an executive agent | chief.staff | Slack DM |
| Blocker unresolved after 24 hours | chief.staff | Slack DM |
| SEV1 — any system failure, data issue, security breach | Filing agent | Immediate Slack DM |
| Mission halt (Section 10A.10) | Mission Orchestrator | CEO Daily Summary flag |
CEO escalation format (Slack DM):
🔴 CEO ESCALATION | {YYYY-MM-DD}
Trigger: {which Section 11 condition}
Incident: {INC-ID}
Current state: {one sentence}
Action needed from CEO: {specific ask or "awareness only"}
Owner: {chief.staff or agent}
6. Incident Routing by Type¶
| Incident type | First owner | Escalation path |
|---|---|---|
| Agent compliance miss | chief.staff | CEO if 2nd miss in 7 days |
| SOP breach | chief.staff | CEO if executive agent |
| Handoff failure | Receiving agent + chief.staff | CEO if project delay results |
| Security incident | security.ops | Immediate CEO + COO |
| Data integrity issue | cdo or coo (depending on scope) | Immediate CEO |
| Mission halt | Mission Orchestrator | CEO via Daily Summary |
| CoS self-incident | chief.staff self-files | CEO Daily Summary |
7. Incident Close and Archive¶
An incident is closeable when:
- Root cause documented in the incident file
- Temporary mitigation still in place OR permanent fix implemented — documented
- Prevention owner assigned — they don't need to have completed the fix, but it must be assigned
- SOP update filed (if applicable) per SOP-OPS-sop-change-management
Close procedure:
1. Update incident file: add status: Closed, closed_at: {timestamp}, resolution: {one paragraph}
2. Move file from /Claude/operations/incidents/open/ to /Claude/operations/incidents/closed/
3. chief.staff notes closure in next CEO Daily Summary if the incident was SEV1 or SEV2
Open incidents older than 7 days with no update: chief.staff escalates to the prevention owner and flags in CEO Daily Summary.
8. CoS Self-Incidents¶
chief.staff is subject to her own Self-SLA (CLAUDE.md Section 17). When she misses a Self-SLA:
- Self-file a Section 6E Incident at
/Claude/operations/incidents/cos-self/{INC-ID}.md - Surface in next CEO Daily Summary's "INCIDENTS OPEN" section
- SEV2 for Daily Summary miss, SEV3 for sweep miss
No separate notification to CEO is required for CoS self-incidents — they surface organically through the Summary.
Change Log¶
| Version | Date | Change |
|---|---|---|
| v1.0 | 2026-04-21 | Initial draft — sop.manager. Operationalizes CLAUDE.md Section 11 into a runnable procedure. |
Owner: chief.staff Executive sponsor: chief.staff Drafted by: sop.manager Status: Draft — requires CEO approval (CLAUDE.md-level governance) Version: v1.0